- The flex requirements can be just satisfied via USE_TOOLS (the
version was from older webkit-gtk-s and it should be just a tool
dependency).
- No need to specify `:build' in USE_TOOLS, it is already the default
- Update the comment regarding PYTHON_VERSIONS_INCOMPATIBLE definition
Bump PKGREVISION
2.0.32:
- remove invalid email from setup.py
2.0.31:
- py33 is no longer supported. It may works but has been removed from tox config
- Fixed 205: Use empty string as default value for submit and button
- tests use pytest
- docs use the standard Pylons template on RTD
2.0.1
Unknown changes
2.0.0
Python 3 deprecation warning cleanups
Moved code to GitHub under the Pylons Project.
Moved documentation under the Pylons Project, hosted by Read the Docs at https://docs.pylonsproject.org/projects/pastedeploy/en/latest/
1.8.4:
Bugfix
- Response.content_type now accepts unicode strings on Python 2 and encodes
them to latin-1.
- Accept header classes now support a .copy() function that may be used to
create a copy. This allows create_accept_header and other like functions
to accept an pre-existing Accept header.
Warnings
- Some backslashes introduced with the new accept handling code were causing
DeprecationWarnings upon compiling the source to pyc files, all of the
backslashes have been reigned in as appropriate, and users should no longer
see DeprecationWarnings for invalid escape sequence.
1.8.3:
Bugfix
- acceptparse.AcceptValidHeader, acceptparse.AcceptInvalidHeader, and
acceptparse.AcceptNoHeader will now always ignore offers that do not
match the required media type grammar when calling .acceptable_offers().
Previous versions raised a ValueError for invalid offers in
AcceptValidHeader and returned them as acceptable in the others.
Feature
- Add Request.remote_host, exposing REMOTE_HOST environment variable.
- Added acceptparse.Accept.parse_offer to codify what types of offers
are compatible with acceptparse.AcceptValidHeader.acceptable_offers,
acceptparse.AcceptMissingHeader.acceptable_offers, and
acceptparse.AcceptInvalidHeader.acceptable_offers. This API also
normalizes the offer with lowercased type/subtype and parameter names.
Changes:
2.22.5
======
- Improved the logic to determine for which architectures to enable
the JIT compiler support and USE_SYSTEM_MALLOC at build time.
- Fix the build with ENABLE_VIDEO=OFF and ENABLE_OPENGL=OFF.
- Fix several crashes.
3.7.0:
Added support for Django 1.11, 2.0 and 2.1
Removed support for Django < 1.11
Adapted testing infrastructure (tox/travis) to incorporate django CMS 3.5 and 3.6
2.1.3:
Added missing migration for Picture model
2.1.2:
Fixed an issue creating a validation error on the alt attribute
Fixed an issue in the template adding a } after the srcset
Adapted test matrix for django CMS 3.4, 3.5, 3.6 as well as Django 1.11, 2.0 and 2.1
Exclude tests folder from release build
2.2.0:
Fixed test matrix
Exclude tests folder from release build
Added missing migrations for Django 2.1
Added abstract models for File and Folder
Improved readability of Folder.get_files
1.3.0:
* Fix annotations for query parameter
* An incoming query sequence can have int variables (the same as for
Mapping type)
* Add URL.explicit_port property
* Give a friendlier error when port cant be converted to int
* bool(URL()) now returns False
Changelog:
The two big new items in this release is Inline Shortcodes and Consolidated File Caches. In Hugo we really care about build speed, and caching is important. With this release, you get much better control over your cache configuration, which is especially useful when building on a Continous Integration server (Netlify, CircleCI or similar). Inline Shortcodes was implemented to help the Bootstrap project move their documentation site to Hugo. Note that this feature is disabled by default. To enable, set enableInlineShortcodes = true in your site config. Worth mentioning is also the new param shortcode, which looks up the param in page front matter with the site's parameter as a fall back.
This release represents 33 contributions by 7 contributors to the main Hugo code base.
@bep leads the Hugo development with a significant amount of contributions, but also a big shoutout to @moorereason, @emirb, and @allizad for their ongoing contributions.
And a big thanks to @digitalcraftsman and @onedrawingperday for their relentless work on keeping the themes site in pristine condition and to @kaushalmodi for his great work on the documentation site.
Many have also been busy writing and fixing the documentation in hugoDocs,
which has received 10 contributions by 4 contributors. A special thanks to @budparr, @bep, @allizad, and @funkydan2 for their work on the documentation site.
Hugo now has:
30595+ stars
441+ contributors
270+ themes
Enhancements
Templates
Add tests ed698e94 @moorereason
Regenerate templates 89e2716d @bep
Add "param" shortcode f37c5a25 @bep #4010
Add float64 support to where 112461fd @moorereason #5466
Core
Fall back to title in ByLinkTitle sort a9a93d08 @bep #4953
Improve nil handling in IsDescendant and IsAncestor b09a4033 @bep #5461
Other
Remove duplicate mapstructure depdendency 7e75aeca @bep
Add dependency list to README e14e0b19 @bep
Document inline shortcodes aded0f25 @bep #4011
Add inline shortcode support bc337e6a @bep #4011
Include drafts in convert command dcfeed35 @bep #5457
Handle themes in the new file cache (for images, assets) f9b4eb4f @bep #5460
Add tests for permalink on Resource with baseURL with path 12742bac @bep #5226
Add a comment about file mode for new files fabf026f @bep #5434
Add a :project placeholder 94f0f7e5 @bep #5439
Add a cache prune func 3c29c5af @bep #5439
Add a filecache root dir 33502667 @bep
Use time.Duration for maxAge d3489eba @bep #5438
Split implementation and config into separate files 17d7ecde @bep
Update to LibSASS 3.5.5 e4b25728 @bep #5432#5435
More spelling corrections 782dd158 @bep
Spelling corrections aff9c091 @bep
Remove appveyor fdd4a768 @bep
Document the new file cache abeeff13 @bep #5404
Add a consolidated file cache f7aeaa61 @bep #5404
Add Windows build config to Travis 7d78a2af @emirb
Add Elasticsearch/bonsai.io to services doc. c0b3a1af @allizad
Fixes
Templates
Fix whitespace issue aba2647c @max-arnold
Fix test to pass with gccgo a8cb1b07 @ianlancetaylor
Other
Fix handling of commented out front matter 7540a628 @bep #5478
Fix when only shortcode and then summary 94ab125b @bep #5464
Fix ignored --config flag with 'new' command e82b2dc8 @krisbudhram
Fix Permalink for resource, baseURL with path and canonifyURLs set 5df2b79d @bep #5226
Changelog:
New
Better recommendations: You may see suggestions in regular browsing mode for new and relevant Firefox features, services, and extensions based on how you use the web (for US users only)
Enhanced tab management: You can now select multiple tabs from the tab bar and close, move, bookmark, or pin them quickly and easily
Easier performance management: The new Task Manager page found at about:performance lets you see how much energy each open tab consumes and provides access to close tabs to conserve power
Improved performance for Mac and Linux users, by enabling link time optimization (Clang LTO). (Clang LTO was enabled for Windows users in Firefox 63.)
More seamless sharing on Windows: Windows users can now share web pages using the native sharing experience. You can access Share in the Page Actions menu
Added option to remove add-ons using the context menu on their toolbar buttons
New for enterprise users: Updated the policy engine on macOS to allow using configuration profiles to customize Firefox for enterprise deployments
Fixed
Various security fixes
Changed
RSS feed preview and live bookmarks are available only via add-ons
TLS certificates issued by Symantec are no longer trusted by Firefox. Website operators are strongly encouraged to replace any remaining Symantec TLS certificates as soon as possible.
about:crashes has been redesigned to make it clear when a crash is being submitted to Mozilla, as well as being clear that removing crashes locally does not remove them from crash-stats.mozilla.com
The macOS keyboard shortcut to add "www" and ".com" to a URL is now ctrl-enter instead of [apple]-enter
Security fixes:
#CVE-2018-12407: Buffer overflow with ANGLE library when using VertexBuffer11 module
#CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11
#CVE-2018-18492: Use-after-free with select element
#CVE-2018-18493: Buffer overflow in accelerated 2D canvas with Skia
#CVE-2018-18494: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs
#CVE-2018-18495: WebExtension content scripts can be loaded in about: pages
#CVE-2018-18496: Embedded feed preview page can be abused for clickjacking
#CVE-2018-18497: WebExtensions can load arbitrary URLs through pipe separators
#CVE-2018-18498: Integer overflow when calculating buffer sizes for images
#CVE-2018-12406: Memory safety bugs fixed in Firefox 64
#CVE-2018-12405: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4
pkgsrc changes:
- Remove no longer needed patch-lib_connect.c: imported upstream
Changes:
7.63.0
------
This release includes the following changes:
o curl: add %{stderr} and %{stdout} for --write-out
o curl: add undocumented option --dump-module-paths for win32
o setopt: add CURLOPT_CURLU
This release includes the following bugfixes:
o (lib)curl.rc: fixup for minor bugs
o CURLINFO_REDIRECT_URL: extract the Location: header field unvalidated
o CURLOPT_HEADERFUNCTION.3: match 'nitems' name in synopsis and description
o CURLOPT_WRITEFUNCTION.3: spell out that it gets called many times
o Curl_follow: accept non-supported schemes for "fake" redirects
o KNOWN_BUGS: add --proxy-any connection issue
o NTLM: Remove redundant ifdef USE_OPENSSL
o NTLM: force the connection to HTTP/1.1
o OS400: add URL API ccsid wrappers and sync ILE/RPG bindings
o SECURITY-PROCESS: bountygraph shuts down again
o TODO: Have the URL API offer IDN decoding
o ares: remove fd from multi fd set when ares is about to close the fd
o axtls: removed
o checksrc: add COPYRIGHTYEAR check
o cmake: fix MIT/Heimdal Kerberos detection
o configure: include all libraries in ssl-libs fetch
o configure: show CFLAGS, LDFLAGS etc in summary
o connect: fix building for recent versions of Minix
o cookies: create the cookiejar even if no cookies to save
o cookies: expire "Max-Age=0" immediately
o curl: --local-port range was not "including"
o curl: fix --local-port integer overflow
o curl: fix memory leak reading --writeout from file
o curl: fixed UTF-8 in current console code page (Windows)
o curl_easy_perform: fix timeout handling
o curl_global_sslset(): id == -1 is not necessarily an error
o curl_multibyte: fix a malloc overcalculation
o curle: move deprecated error code to ifndef block
o docs: curl_formadd field and file names are now escaped
o docs: escape "\n" codes
o doh: fix memory leak in OOM situation
o doh: make it work for h2-disabled builds too
o examples/ephiperfifo: report error when epoll_ctl fails
o ftp: avoid two unsigned int overflows in FTP listing parser
o host names: allow trailing dot in name resolve, then strip it
o http2: Upon HTTP_1_1_REQUIRED, retry the request with HTTP/1.1
o http: don't set CURLINFO_CONDITION_UNMET for http status code 204
o http: fix HTTP Digest auth to include query in URI
o http_negotiate: do not close connection until negotiation is completed
o impacket: add LICENSE
o infof: clearly indicate truncation
o ldap: fix LDAP URL parsing regressions
o libcurl: stop reading from paused transfers
o mprintf: avoid unsigned integer overflow warning
o netrc: don't ignore the login name specified with "--user"
o nss: Fall back to latest supported SSL version
o nss: Fix compatibility with nss versions 3.14 to 3.15
o nss: fix fallthrough comment to fix picky compiler warning
o nss: remove version selecting dead code
o nss: set default max-tls to 1.3/1.2
o openssl: Remove SSLEAY leftovers
o openssl: do not log excess "TLS app data" lines for TLS 1.3
o openssl: do not use file BIOs if not requested
o openssl: fix unused variable compiler warning with old openssl
o openssl: support session resume with TLS 1.3
o openvms: fix example name
o os400: Add curl_easy_conn_upkeep() to ILE/RPG binding
o os400: add CURLOPT_CURLU to ILE/RPG binding
o os400: fix return type of curl_easy_pause() in ILE/RPG binding
o packages: remove old leftover files and dirs
o pop3: only do APOP with a valid timestamp
o runtests: use the local curl for verifying
o schannel: be consistent in Schannel capitalization
o schannel: better CURLOPT_CERTINFO support
o schannel: use Curl_ prefix for global private symbols
o snprintf: renamed and we now only use msnprintf()
o ssl: fix compilation with OpenSSL 0.9.7
o ssl: replace all internal uses of CURLE_SSL_CACERT
o symbols-in-versions: add missing CURLU_ symbols
o test328: verify Content-Encoding: none
o tests: disable SO_EXCLUSIVEADDRUSE for stunnel on Windows
o tests: drop http_pipe.py script no longer used
o tool_cb_wrt: Silence function cast compiler warning
o tool_doswin: Fix uninitialized field warning
o travis: build with clang sanitizers
o travis: remove curl before a normal build
o url: a short host name + port is not a scheme
o url: fix IPv6 numeral address parser
o urlapi: only skip encoding the first '=' with APPENDQUERY set
This release includes the following known bugs:
o see docs/KNOWN_BUGS (https://curl.haxx.se/docs/knownbugs.html)
This release would not have looked like this without help, code, reports and
advice from friends like these:
Alessandro Ghedini, Alexey Melnichuk, Antoni Villalonga, Ben Greear,
bobmitchell1956 on github, Brad King, Brian Carpenter, daboul on github,
Daniel Gustafsson, Daniel Stenberg, Dave Reisner, David Benjamin,
Dheeraj Sangamkar, dtmsecurity on github, Elia Tufarolo, Frank Gevaerts,
Gergely Nagy, Gisle Vanem, Hagai Auro, Han Han, infinnovation-dev on github,
James Knight, Jérémy Rocher, Jeroen Ooms, Jim Fuller, Johannes Schindelin,
Kamil Dudka, Konstantin Kushnir, Marcel Raad, Marc Hörsken, Marcos Diazr,
Michael Kaufmann, NTMan on Github, Patrick Monnerat, Paul Howarth,
Pavel Pavlov, Peter Wu, Ray Satiro, Rod Widdowson, Romain Fliedel,
Samuel Surtees, Sevan Janiyan, Stefan Kanthak, Sven Blumenstein, Tim Rühsen,
Tobias Hintze, Tomas Hoger, tonystz on Github, tpaukrt on github,
Viktor Szakats, Yasuhiro Matsumoto,
(51 contributors)
Thanks! (and sorry if I forgot to mention someone)
Changes:
7.0
---
Fixed YouTube rendering issue due to custom user agent
Fixed invisible cursor in text fields
Restored behavior of " " and "." in urlbar completion
Download/ web notifications for background window/ tab
Highlight in toolbar for finished downloads
Re-introduced proxy server UX
Multiple processes for indivdual tabs
Adaptive toolbar layout for smaller screens
6.0
---
Revamped Vala-only core based on GTK+3 and WebKit2
App based on Gtk.Application, supporting global/ window app menu
Tabs on top with a custom stack switcher and Gtk.Stack
Url completion with GLib.ListModel and Gtk.ListBox
Peas-based extensions, also available in Private Browsing
New fullscreen mode with auto-revealing toolbar
Based on www/midori and updated in pkgsrc-wip by <bsiegert> and <leot>.
Version 4.6.5
Bugs Fixed
* When running mod_wsgi-express and serving up static files from the document root, and the WSGI application was mounted at a sub URL using --mount-point, the static files in the document root outside of the mount point for the WSGI application would no longer be accessible.
* If no system mime types file can be found, fall back to /dev/null so that Apache can still at least start up.
Features Changed
* On macOS, use /var/tmp as default parent directory for server root directory rather than value of $TMPDIR. The latter can produce a path which is too long and UNIX socket cannot be written there.
New Features
* Now possible to use mod_wsgi-express in an a zipapp created using shiv. This entailed a special workaround to detect when shiv was used, so that the unpacked site-packages directory could be added to the Python module search path for mod_wsgi-express.
Many bug fixes including:
- Breadcrumbs disappears when starting with front-page after cache rebuild
- Adding a display mode to a content type using layout, and disabling
layout on that new display mode removes the layout_builder__layout
field and breaks layout in already configured display modes
- Clearing the persistent entity cache every time we switch between
workspaces is super wasteful
For full list, see:
- https://www.drupal.org/project/drupal/releases/8.6.3
- https://www.drupal.org/project/drupal/releases/8.6.4
Nghttp2 v1.35.1
nghttpx
This release fixes the broken trailing slash handling when routing a request. nghttpx allows a pattern which ends “/” to match the request path which just lacks the trailing “/”. Previously, this special handling did not work if certain patterns were registered.
On December 6, 2018, WordPress Version 5.0, named for jazz musician Bebo,
was released to the public. WordPress 5.0 will revolutionize content editing
with introduction of a new block editor and block editor-compatible default
theme Twenty Nineteen.
More infomations at https://wordpress.org/support/wordpress-version/version-5-0/
Upstream changes:
Moodle-3.6.1
Regression fix
MDL-64307 - Previous messaging conversations should be displayed after upgrading
Other fixes
MDL-64206 - Facebook logo is correctly displayed when using OAuth 2 authentication
MDL-63459 - Calculated multichoice question able to answer with negative note in interactive mode
Flask-RESTful is an extension for Flask that adds support for quickly building REST APIs. It is a lightweight abstraction that works with your existing ORM/libraries. Flask-RESTful encourages best practices with minimal setup. If you are familiar with Flask, Flask-RESTful should be easy to pick up.
Upstream changes:
Moodle-3.6 Major features
Dashboard and Course overview
MDL-63044 and MDL-63337 - New Course overview and Timeline block
MDL-63062 - New Recently accessed courses block
MDL-63063 - New Recently accessed items block
MDL-63457 - Option to hide courses in the course overview block
MDL-63058 - Option to star/unstar courses in the course overview block
MDL-63064 - New Starred courses block
MDL-63352 - Dashboard retains user preferences for view options
MDL-63793 - Course overview block retains user preferences for the number of courses to show
MDL-61161 - Grace period when displaying "In progress" courses in course overview block
MDL-63040 - Removal of Dashboard page header
GDPR and Privacy
Note that some of these GDPR improvements have also been backported to Moodle 3.5.3, 3.4.6 and 3.3.9.
MDL-63116 - Data requests bulk actions
MDL-62309 - Option to make site policies required or optional
MDL-61652 - Capabilities for controlling who can download SAR data
MDL-62563 - Data deletion of existing deleted users
MDL-63897 - Pre-processing stage removed from data requests process
MDL-62558 - Data retention summary (read-only)
MDL-63726 - Option to remove the "Data retention summary" link in the footer
MDL-62491 - HTML data request export format
MDL-63401 - User expiry improvements
MDL-63619 - Data purpose and category inheritance improvements
MDL-62560 - Different data retention strategies for different roles in a purpose
MDL-62554 - Ability to configure data registry to use module type defaults
MDL-63009 - Site mentioned in email notifications of data requests
MDL-6074 - Option to hide your name in the online users block
Messaging
MDL-57272 and MDL-63280 - Group messaging
MDL-63303 - New messaging UI with messaging drawer
MDL-63279 - Option to disable site-wide messaging
MDL-63214 - Privacy setting for restricting who can message you
MDL-63213 - Option to star messaging conversations
MDL-63283 - Notifications not sent for group conversations
MDL-63281 - Group members synchronised with messaging conversations members
Assignment
MDL-27520 - Assignment feedback can include media or other files
Quiz
MDL-62610 - Improved quiz statistics report usability for randomized questions
MDL-62708 - Option to add ID numbers to questions and question categories
MDL-63738 - Single questions can be exported from the question bank
Workshop
MDL-60820 - Teachers can specify workshop submission types
Repositories
MDL-58943 - Nextcloud integration, with a Nextcloud repository and OAuth 2 Nextcloud service
Open Badges
MDL-58454 - Support for Open Badges v2.0
Performance
MDL-54035 - Performance improvements to cache flags
MDL-47962 - Glossary auto-linking filter performance improvements
Usability improvements
MDL-51177 - atto_htmlplus implemented to improve Atto editor HTML indenting
MDL-45170 - Copy and paste of images from one WYSIWYG window to another
MDL-61388 - Forum actions announced by screen reader when completed
MDL-62899 - Global search displays a relevant icon next to link in results
MDL-46415 - SVG/high resolution emoticons
MDL-58000 - Larger badge images are used
Experimental
MDL-53566 - Context freezing - setting read-only access for categories, courses, activities and their content
Other highlights
Functional changes
MDL-17943 - 'Resend confirmation email' button on login page
MDL-14274 - IF conditions in grade calculations
MDL-37624 - Calendar entries location support
MDL-36754 - Images are displayed in forum notification emails
MDL-59259 - Course format options may be specified in upload courses CSV file
MDL-41265 - Page resource option to show/hide "Last modified"
MDL-61378 - Forum post HTML structure improvements
MDL-59454 - Option to download the list of course participants
MDL-60520 - Analytics models can use different machine learning backends
MDL-61573 - User menu: customusermenuitems map Font Awesome icons for non pix/t folders
MDL-62320 - JSON added to the default MIME types list
MDL-63431 - Atto media plugin title global attribute support
MDL-60435 - Shibboleth authentication identity providers
MDL-59169 - Grader report saves after edit with multiple tabs
MDL-62960 - Drag and drop of course events respects the course start date
Security issues
MSA-18-0020 Login CSRF vulnerability in login form. Note that this fix has previously been disclosed following the release of Moodle 3.5.3, 3.4.6, 3.3.9 and 3.1.15.
For administrators
MDL-62334 - 'Add a new course' link in Site administration
MDL-63253 - Admin search results provide location of the found matching page
MDL-63772 - Capability to control use of Atto Record RTC
MDL-63708 - New blocks supported by the mobile app can be disabled
MDL-52953 - Legacy log store deprecation
MDL-59429 - Log changes to site administrators
MDL-62651 - adhoc task runner
MDL-62777 - Site upgrades via CLI display new default settings
MDL-63603 - Indian Rupee added to PayPal enrolment currencies
For developers
MDL-55188 - Old Events API final deprecation
MDL-54741 - Phase 2 of deprecation of functions in lib/deprecatedlib.php
MDL-51803 - Reusable element for drag and drop sortable table or list
MDL-63329 - memcache session handler removal
MDL-63658 - New Favourites subsystem
MDL-63729 - Badges web services return new fields and data added by the Open Badges v2.0 specification
MDL-50812 - core_useragent::get_browser_version_classes distinguishes between different browsers
Privacy API update
In addition to existing requirements, any plugin which implements the plugin provider interface must also implement the \core_privacy\local\request\core_userlist_provider interface. Two new methods need to be implemented:
get_users_in_context()
delete_data_for_users()
However, the two above methods are not required for plugins that implement the null_provider only (i.e. which do not store personal data).
Note that these changes are also required for latest Moodle 3.4.6 and 3.5.3 versions.
Behat scenario files
MDL-57281 - The behat step
I navigate to "ITEM" node in "MAINNODE > PATH"
has been deprecated and throws an exception with details on how to replace it. The recommended replacement steps work in all recent Moodle versions. The updated Behat will pass with Moodle 3.4 too.
Login token
If your plugin provides an alternative login form (e.g. it is a theme replacing the default login form template / renderer), the login form must include a new login token field. For details of required changes, see Login token. Note that this also affects latest stable branches too.
New core functions
userdate_htmltime()
Component APIs upgrades
Please refer to the upgrade.txt files in the relevant component directory for changes in this particular Moodle release.
admin/tool/log/upgrade.txt
admin/tool/upgrade.txt
auth/shibboleth/upgrade.txt
auth/upgrade.txt
badges/upgrade.txt
blocks/upgrade.txt
cache/upgrade.txt
calendar/upgrade.txt
course/format/upgrade.txt
course/upgrade.txt
enrol/upgrade.txt
filter/upgrade.txt
grade/grading/form/upgrade.txt
grade/report/upgrade.txt
grade/upgrade.txt
lib/upgrade.txt
media/upgrade.txt
message/upgrade.txt
mod/assign/upgrade.txt
mod/feedback/upgrade.txt
mod/forum/upgrade.txt
mod/quiz/upgrade.txt
mod/scorm/report/basic/upgrade.txt
mod/scorm/upgrade.txt
mod/upgrade.txt
mod/workshop/upgrade.txt
question/format/upgrade.txt
report/upgrade.txt
tag/upgrade.txt
theme/upgrade.txt
user/upgrade.txt
Version 0.11
This release focuses on fixing bugs related to uncommon HTTP/HTML
scenarios and on improving the documentation.
Bug fixes
* Constructing a :class:~mechanicalsoup.Form instance from a
bs4.element.Tag whose tag name is not form will now emit a warning,
and may be deprecated in the future.
* **Breaking Change:** :class:~mechanicalsoup.LinkNotFoundError now derives
from Exception instead of BaseException. While this will bring the
behavior in line with most people's expectations, it may affect the behavior
of your code if you were heavily relying on this implementation detail in
your exception handling.
* Improve handling of button submit elements. Will now correctly ignore
buttons of type button and reset during form submission, since they
are not considered to be submit elements.
* Do a better job of inferring the content type of a response if the
Content-Type header is not provided.
* Improve consistency of query string construction between MechanicalSoup
and web browsers in edge cases where form elements have duplicate name
attributes. This prevents errors in valid use cases, and also makes
MechanicalSoup more tolerant of invalid HTML.
v4.1.2
* Add correct MIME type for WebAssembly, which is required for files to be
executed
* Stop accessing the FILE_CHARSET Django setting which was almost entirely
unused and is now deprecated
v4.1.1
* Fix bug in ETag handling
* Documentation fixes
Django 2.1.4 fixes several bugs in 2.1.3.
Bugfixes:
Corrected the default password list that CommonPasswordValidator uses by lowercasing all passwords to match the format expected by the validator.
Prevented repetitive calls to geos_version_tuple() in the WKBWriter class in an attempt to fix a random crash involving LooseVersion.
Fixed keep-alive support in runserver after it was disabled to fix another issue in Django 2.0.
Fixed admin view-only change form crash when using ModelAdmin.prepopulated_fields.
Django 1.11.17 fixes several bugs in 1.11.16 and adds compatibility with Python 3.7.
Bugfixes:
Prevented repetitive calls to geos_version_tuple() in the WKBWriter class in an attempt to fix a random crash involving LooseVersion since Django 1.11.14.
Bluefish 2.2.10 is a maintenance release. Various language files have been
improved, most notably languages that include CSS. There are also various fixes
for newer gtk versions and for gtk on wayland (which is now the default on
Fedora Linux). A new feature in the 2.2.10 release is the possibility to
import/export syntax color styles, included are styles for a light and a dark
theme. Last there have been fixes for a few rare crashes.
Bluefish 2.2.9 is a maintenance release that most importantly fixes
incompatibility with Gtk 3.20. Next to that some small dialogs have been
improved, and some user interface parts have been polished.
pkgsrc changes:
- Switch to www/webkit-gtk (instead of using webkit24-gtk3)
- Adjust GITHUB_RELEASE to remove the trailing `a', please note that this will
probably not needed for future releases!
Changes:
1.12.5
------
* #665: Webkit browser now supplies 'Liferea' component in user agent
* #664: Added "Mark All As Read" button to headerbar plugin
* #620: Added flatpak JSON
(glitsj16)
* #579: Added item list column drag and drop reordering
(Yanko Kaneti)
* #436, #662: Move from GnomeKeyring to libsecret
(bgermann)
* Fixes#663: Correct instapaper sharing link
(Daniel Alexandersen)
* Fixes#661: Update sharing links
(Daniel Alexandersen)
* Fixes#271: Consistent over usage of CPU (trigger by "Next Unread" loop)
(reported by GreenLunar)
* #472, #632: Dropping Inoreader support (API broke)
1.12.4
------
* Fixes#660: Added installable plugin to change accels
(Lars Windolf)
* Fixes#654: Segfault on date out of range
(Leaiz)
* Fixes#651: Fixes Free Music Archive link in default OPMLs
(reported by benjbrandall)
* Fixes#649: Switch from persistent to session-only cookies
(Daniel Alexandersen)
* Fixes#645, #646: unread count of vfolder
(Leaiz)
* Fixes#637: Extra keywords in .desktop file (syndication; rss; atom)
(Daniel Alexandersen)
* Fixes#557: Updating counters for remote sources
(Leiaz)
* Updated cookie usage hint in FAQ
1.12.3
------
* #634: Added setting for custom download commands
(Leiaz)
* #614: GTK Headerbar support via plugin
(Lars Windolf)
* #608: Refactoring UI code to switch to GAction and GtkBuilder
Note: this implies not having icons in the main menu anymore
which were still there for all non-GNOME users (see #626).
(Leiaz)
* #589: Item list view column order rework as a preparation for
possible real column drag&drop. Introduces a new DConf setting
for the column order.
(Yanko Kaneti)
* Fixes#280: Mark read toolbar button always disabled for search folders
(Lars Windolf, reported by dvahalev)
* Fixes#591: Please add a safety question when "marking all read"
(Leiaz, reported by Nudin)
* Fixes#625: Avoid exception in trayicon.py
(Lars Windolf)
* Fixes#627: GnomeKeyring plugin fails to activate when keyring doesn't exist
(Lars Windolf)
* Fixes#630: Fix feed list selection after DnD
(Peter Zaitev)
* Fixes#633: Big Memory leak in date code
(Leiaz)
* Update of Turkish translation (emintufan)
* Update of French translation (guilieb)
1.12.2
------
* Adding a plugin installer plugin that allows discovering
and automatically installing 3rd party plugins
* #585: Drop language from user agent to increase privacy
(Daniel Aleksandersen)
* #583: Add transmission-gtk and aria2 as download tool options
(Daniel Aleksandersen)
* #495: New command line option --disable-plugins (-p) to start
with all plugins disabled.
* Fixes#610: Liferea not showing up in GNOME Software
(Yanko Kaneti)
* Fixes#604: Correctly print error message when failing
to unlock GNOME keyring
(ghost)
* Fixes#602: CSS style for GTK link colors not used
(reported by pupyc)
* Fixes#581: Redirect location updates and adds HTTP 308 (RFC 7538) support
(Daniel Aleksandersen)
* Fixes#578: Unable to set unread items in bold
(Leiaz, reported by EverEve)
* #612: Update of French translation
(Guillaume Bernard)
* #596: Update of Swedish translation
(jony0008)
* #594: Update of Polish default feed list
(wmyrda)
* #584: Fixes broken OPML feed list entries
(Daniel Aleksandersen)
* #584: Added Norwegian feed list
(Daniel Aleksandersen)
* #577: Fixes newsbin doc typo
(Daniel Aleksandersen)
1.12.1
------
* Fixes#562: Lintian spelling errors
(reported by Paul Gevers)
* Fixes#563: Appstream data has new format
(patch by Paul Gevers)
* Fixes#572: Doesn't remember some sort orders
(reported by geplus)
* Fixes#504: Fix assertions/crashes on changing view layouts
(Leiaz)
* Fixes#573: Workaround to avoid GtkPaned shrinking
(Leiaz)
* #566: Update of Italian translation (Gianvito Cavasoli)
* #566: Update of Italian default feed list (Gianvito Cavasoli)
* #514: Update of Indonesian translation (Samsul Ma'arif)
* #514: Added Indonesian default feed list (Samsul Ma'arif)
* Update of German translation
1.12.0
------
* Fixes unhiding from tray icon when activated via GApplication
(when starting Liferea a 2nd time)
* #399: Reorder columns in 'Normal' email-like view
to have the date column always at the end
(Mikel Olasagasti)
* #532: Add plugin to make unread feeds titles bold
(Yanko Kaneti)
* Workaround for #503: Liferea deanonymize Tor
(Leiaz)
* Fixes#450: #546 Resize both panes in normal and wide view
(Leiaz)
* Fixes#538: toggle_visibility() does not make a minimized window
visible again
(reported by Balló György)
* Fixes#522: Segfault when switching feed in combined view
(patch by jonmstone)
* Fixes#419, #457: Handling of relative URLs in Atom parser
(Leiaz)
* Added 'View Image' context menu option in HTML view
* Dropped del.icio.us from social bookmarking options
as it is a read-only service now.
* Redesign of the wide view mode: larger titles with small text teasers
* Added optional AMP/HTML5 content enrichment feature
1.12-rc3
--------
* Fixes#459: Fixes GtkDoc warnings
(Leiaz)
* Fixes#415: Filter commands are not asynchronous
(Rich Coe)
* Fixes#363: Missing space above internal browser address bar
(reported by nekohayo, patch by Mikel Olasagasti)
* Fixes#208: All "Unread" search folder items marked read at once
(Leiaz)
* Fixes#251: Liferea does not always use theme icons when it is launched
on system startup (reported by GreenLunar, fix by Leiaz)
* Change headline column sorting in wide view to time sorted
* Updated Finnish translation (Jorma Karvonen)
* Updated Latvian translation (Rihards Prieditis)
* Updated Albanian translation (Bensik Bleta)
* Updated Hungarian translation (Balázs Úr)
* Updated Brazlian translation (Rafael Ferreira)
* Updated French translation (Guillaume Bernard)
1.12-rc2
--------
* Change all g_warnings() to g_print() for remote source
to avoid "crashing" on errors.
* Reorganized all UI definitions in separate files to simplify
GtkBuilder handling.
* Github #425: Add GeoRSS info and map link in item header
(Mikel Olasagasti)
* Github #407: Replacing deprecated elements in preferences
(Leiaz)
* Github #396: Create LifereaApplication type
(Leiaz)
* Github #434: Partial RFC3229+feed support for bandwidth savings
(Daniel Aleksandersen)
* Fixes Github #208: gtk_tree_store_get_path: assertion
'iter->stamp == priv->stamp'
(reported by Mno-hime)
* Fixes Github #403: Leftover OSM XSLT in item view
(reported by Paul Gevers)
* Fixes Github #423: Internal browser shows files system on go-back
(Leiaz, reported by Paul Gevers)
* Updated German translation
* Github #441: Updated French translation
(Surfoo)
1.12-rc1a
---------
* Fixing missing header files
1.12-rc1
--------
* Github #348: Added support for downloading content that
cannot be displayed by HTML widget (e.g. PDFs)
(Leiaz)
* Github #355: Migrate to Python3 libpeas loader
(patch by picsel2)
* Github #311: Upgrade to WebKit2
(patch by Leiaz)
* Github #292: Show new item count in tray icon
(patch by mozbugbox)
* Github #297: Minimize to systray on window close
(patch by Hugo Arregui)
* Github #325: Auto-fitting, translated license
(patches by GreenLunar and Adolfo Jayme-Barrientos)
* Fixes Github #73: Problem with favicon update
(reported by asl97)
* Fixes Github #177, #350: Tray icon not scaled properly
(patch by mozbugbox)
* Removes GeoIP rendering via OSM to avoid exposing
users to remote JS library resources.
(reported by Paul Gevers)
* Fixes Github #337: Case sensitive sorting
(reported by Pi03k)
* Fixes Github #361: Show all enclosuers
(Leiaz)
* Fixes Github #368: Segfault on liferea-feed-add
(Leiaz)
* Fixes Github #382: Broken Auto-Detect/No Proxy setting
(Leiaz)
* Fixes Github #383: Per feed don't use proxy setting is broken
(reported by Leiaz)
* Github #309: Update of Japanese translation
(IWAI, Masaharu)
* Github #329: Update of Hebrew translation
(GreenLunar)
* Github #330: Update of Spanish translation
(Adolfo Jayme-Barrientos)
* Update of Swedish translation
(Andreas Ronnquist)
1.11.7
------
* Github #287: Add support for media:group.
(patch by Leiaz)
* Github #287: Fixes issues with media:content.
(patch by Leiaz)
* Fixes Github #283: Bad .desktop categories definition
(reported by Wuzzy2)
* Fixes Github #279: Fixes rules no visible in searchdialog
(patch by Leiaz)
* Fixes Github #278: No "Download" tab in Tools/Preferences
(docs error, reported by Anders Jonsson)
* Fixes Github #83: Segfault when sorting feeds in folder
(patch by Leiaz)
* Fixes French translation
(patch by polo2ro)
* Github #300: Updated manpage
(patch by GreenLunar)
1.11.6
------
* Added "Do Not Track" support (enabled per default)
* Github #193: Added x-scheme-handler/feed to desktop file
(suggested by GreenLunar)
* Github #209: Add image icons to plugins
(by GreenLunar)
* Github #210: Enable tests for parsing RFC822 dates with 2 digit year
(patch by arunanbala)
* Fixes Github #78: Shaky text in feed list
(reported by GreenLunar)
* Fixes Github #195: Out-dated documentation on enclose download
(reported by brian-in-crawford)
* Fixes Github #198: Traceback on popup notifications
(reported by GreenLunar)
* Fixes Github #216: Untranslatable strings
(reported by GreenLunar)
* Fixes Github #256: PyGIWarnings on loading plugins
(patch by glitjs16)
1.11.5
------
* Github #178: Implementing full screen mode for videos
(mozbugbox)
* Fixes Github #32: Prevent erroneous "Mark all as read"
(reported by Mno-hime)
* Improves Github #36, #113: UI lock up during refresh
(suggested by mozbugbox)
* Fixes Github #180: Removing item from (v)folder marks all read
(reported by GreenLunar)
* Fixes Github #140, #158: Vertical pane placement is forgotten.
(patch by foresto)
* Fixes Github #182: Missing config.h include in date.c
(reported by Paul Gevers)
* Update of Russian translation (bboa)
1.11.4
------
* Fixes Github #154: Crashes while starting (corrupt icon)
(reported by jcamposz)
* Github #149: Fixes a random crash on startup
(patch by mozbugbox)
* Fixes Github #79: RTL ordering of Back/Forward icons
(reported by GreenLunar)
* Fixes Github #30: Segfault after updating from 1.8 to 1.10
(reported by vakuum)
* Fixes Github #87: URL resolving wrong if base tag involved
(reported by DanMan, fixed by mozbugbox)
* Fixes all defects reported by Coverity scan
* Simplied external browser handling. Now Liferea only supports
the gtk_show_uri() launch mechanism for the system default browser
and a user specified browser command.
* Update of Albanian translation (Besnik Bleta)
* Update of Hebrew translation (Genghis Khan)
* Update of Spanish translation (Juan Campos Zambrana)
* Fixes typo in Italian translation
1.11.3
------
* Fixes Github #134: Broken default news feed.
(reported by pvdl)
* Fixes Github #133: Subscribe into TheOldReader categories
* Fixes Github #122: Crashes at launch, "segmentation fault"
(reported by geoffm)
* Fixes some memory leaks
(patch by Rich Coe)
* Fixes Github #145: Incorrect method triggered for 'Launch External'
(patch by mozbugbox)
* Fixes Github #48: Window stays hidden on next start after Ctrl+W
(reported by Jeff Fortin)
* Expose LifereaHtmlView to GObject Introspection
(patch by mozbugbox)
* Improves Google Reader API error handling
* Now using HTTPS only when accessing TheOldReader
* Added LifereaNodeSourceActivatable interface to allow plugins
implementing new node source types.
* Downgrade enclosure drop warning from Glib warning to debug trace.
1.11.2
------
* Fixes Github #132: Broken documentation link
(reported by kallus)
* Fixes Github #121: Wrapping issue in folder display
(reported by Jeff Forting)
* Fixes Github #114: Avoid termination on UTF-8 validation error
* Fixes Github #90: Libnotify plugin not working
(reported by asl97)
* Fixes Github #86: Support HTTP content negotiation
(suggested by DanMan)
* Black-list some categories used by Google Reader clones
that should not be visible.
* Allowing browser history to go back to previously
shown headline when browsing inside the item view.
* Dropping offline option as this is duplicated with
desktop environment in GNOME/network manager.
* Fixes Github #100: Problems with dark Adwaita theme in GTK 3.14
(reported by majutsushi)
* Fixes for preferences dialog width.
(patch by Jeff Fortin)
* Update of Arabic translation (Khaled Hosny)
1.11.1
------
* Fixes Github #81: Inability to add subscriptions
(reported by GreenLunar)
* Fixes Javascript links not opening in new browser tabs
* Updated Hebrew translation (Genghis Khan)
* Fixes Github #88: Minor DE translation mistake (moraxy)
1.11.0
------
* Added experimental InoReader support
* Added experimental Reedah support
* Fixes SF #1123: Mistakenly claims "TinyTinyRSS source is not self-updating"
(reported by Dominik Grafenhoher)
* Fixes SF #1119: Crash on font resize at startup.
(reported by David Smith)
* Fixes#1056, #1089, #1098: Honor preferences when opening links
(patch by Daniel Seither)
* Fixes#1117: Selecting last unread item in reduced feed list jumps to next feed
(reported by Bruce Guenter)
* Fixes missing "Via" metadata type
(patch by Rich Coe)
* Fixes incorrect new count reset handling in item_state.c and
some of the node source implementations.
* Fixes SF #1096: missing installation of liferea.convert file
(reported by stqn)
* Fixes SF #1135: liferea-add-feed doesn't process feed:https//
(patch by Kevin Walke)
* Fixes SF #1137, #1142: startup race with LifereaHtmlView
(reported by Yanko Kaneti)
* Fixes Github #13: Parsing errors not visible with dark themes
(reported by Steve Kelly)
* Fixes Github #29: Do not use bold text for feeds/folders with unread items
in the leftmost treeview (repored by Jeff Fortin)
* Fixes SF #1141: Liferea does not update feeds with TinyTinyRSS
(reported by Dominik Grafenhofer, denk_mal, Fabian Henze)
* Fixes SF #1150: subscription prop/source: not all fields and
buttons visible (reported by David Smith)
* Fixes Github #26: RTL comments appear incorrectly
(reported by yaconf)
* Fixes Github #27: Images do not autosize to fit the available space
(reported by Jeff Fortin)
* Fixes Github #34: Add TinyTinyRSS Enclosure Support
(reported by Adrixan)
* Fixes Github #43: "Any of the following" search condition doesn't work
(reported by Jeff Fortin)
* Fixes Github #49: Some dialogs scrolling areas do not request enough height
(reported by Jeff Fortin)
* Fixes Github #53: Doesn't automatically update feed name and favicon
for new feed (reported by asl97)
* Patch SF #224: Update to new libxml2 buffer API
(Simon Kagedal Reimer)
* Patch SF #209: Avoid copying list in itemset_merge_items
(kaloyan)
* Make Liferea use ETags and send If-None-Match
(patch by Chris Siebenmann)
* Support NOCONFIGURE for RPM builds
(Charles A Edwards)
* Rename README to README.md
* Removing libindicate support (to be added as plugin maybe)
* Removing libnotify support (to be added as plugin maybe)
* Removing build in tray icon support
* Added tray icon plugin
* Added category/folder support for TheOldReader
* Added folder auto-removal for TinyTinyRSS & TheOldReader
* Updated README on plugin contribution
* Updated Arabic translation (Khaled Hosny)
Changelog:
Changes
Allow overwrite.cli.url without trailing slash (server#11772)
Remove duplicate call to decodeURIComponent (server#11781)
Check for empty string (server#11783)
Add "Referrer-Policy" to htaccess file, addresses issue #11099 (server#11798)
Always query the lookup server in a global scale setup (server#11800)
Fix a case where "password_by_talk" was not a boolean (server#11851)
Add .l10nignore files for compiled assets (server#11925)
Properly escape column name in "createFunction" call (server#11929)
Allow userId to be null (server#11939)
Allow "same-origin" as "Referrer-Policy" (Backport to stable14) (server#11950)
Do not emit preHooks twice on non-part-storage (server#11961)
Filter null values for UserManager::getByEmail (server#11976)
Allow local delivery of schedule message while prohibiting FreeBusy requests (server#11979)
Load apps/APP/l10n/*.js and themes/THEME/apps/APP/l10n/*.js (server#11990)
Lazy open first source stream in assemblystream (server#11994)
Fix opening a section again in the Files app (server#11995)
Remove cookies from Clear-Site-Data Header (server#12005)
Forwarded ExpiredTokenException (server#12032)
Allow chunked uploads even if your quota is not sufficient (server#12040)
Improve encrypt all / decrypt all (server#12045)
Double check for failed cache with a shared storage (server#12108)
Implement the size of an assembly stream (server#12111)
Bring the browser window of an actor to the foreground when acting as him (server#12120)
Move acceptance tests that crash the PHP built-in server to Apache (server#12121)
Remove unneeded empty search attribute values, fixes#12086 (server#12122)
Fixes wrong variable usage (server#12137)
LDAP: announce display name changes so that addressbook picks it up (server#12141)
Bruteforce protection handling in combination with (server#12160)
Add global site selector as user back-end which doesn't support password confirmation (server#12184)
Do not set indeterminate state for file shares (server#12187)
Revert "Wait for cron to finish before running upgrade command" (server#12197)
Fix bug #12151: fix list formatting by correcting malformed html (server#12202)
A folder should get a folder mimetype (server#12297)
Use the proper server for the apptoken flow login (server#12299)
Do not log FileLock as exception (server#12300)
Set the filemodel before rending the detailsview (server#12301)
Disabled ldap fix (server#12331)
Fix - Add to favorites not working in IE11 (server#12339)
Remove arrow function for ie compatibility (server#12341)
Fix default types of activity event member variables (server#12353)
Suppress wrong audit log messages about failed login attempts (server#12372)
Add fix for IE11 flexbox height bug (server#12374)
Properly search the root of a shared external storage (server#12375)
Fix app update available check (server#12412)
Use nextcloud-password-confirmation (server#12416)
Fix IE rule for min width (server#12431)
Added cache override to ensure an always up-to-date accessibility css (server#12432)
Unique contraint and deadlock fixes for filecache and file_locks (server#12433)
Fix app menu calculation for random size of the right header (server#12440)
Fix missing quickaccess favorite folder on add (server#12441)
Fixes dav share issue with owner (server#12459)
Fix wrong share popover opening on share link (server#12482)
Only use width and opacity for transition (server#12492)
Forward object not found error in swift as dav 404 (server#12502)
Fix the warning appearing in the admin section when mail_smtpmode is not configured (server#12529)
Remove unused svg api route (server#12542)
Bearer tokens are app token (server#12545)
Handle permission in update of share better (server#12561)
Correctly restrict affected users when using command to send emails (activity#312)
Improve code blocks in markdown rendering (files_texteditor#121)
Properly escape column name in "createFunction" call (survey_client#85)
5.7.2
5.7.2 contains a security fix preventing malicious directory names
from being able to execute javascript. CVE request pending.
5.7.1
5.7.1 contains a security fix preventing nbconvert endpoints from executing javascript with access to the server API. CVE request pending.
5.7.0
New features:
- Update to CodeMirror to 5.37, which includes f-string sytax for Python 3.6
- Update jquery-ui to 1.12
- Check Host header to more securely protect localhost deployments from DNS rebinding.
This is a pre-emptive measure, not fixing a known vulnerability
Use .NotebookApp.allow_remote_access and .NotebookApp.local_hostnames to configure
access.
- Allow access-control-allow-headers to be overridden
- Allow configuring max_body_size and max_buffer_size
- Allow configuring get_secure_cookie keyword-args
- Respect nbconvert entrypoints as sources for exporters
- Include translation sources in source distributions
- Various improvements to documentation
Fixing problems:
- Fix breadcrumb link when running with a base url
- Fix possible type error when closing activity stream
- Disable metadata editing for non-editable cells
- Fix some styling and alignment of prompts caused by regressions in 5.6.0.
- Enter causing page reload in shortcuts editor
- Fix uploading to the same file twice
5.4.0:
New Features
- No input flag (--no-input)
- Add alias --to ipynb for notebook exporter
- Add export_from_notebook
- If set, use nb.metadata.authors for LaTeX author line
- Populate language_info metadata when executing
- Support for \mathscr
- Allow the execute preprocessor to make use of an existing kernel
- Refactor ExecutePreprocessor
- Update widgets CDN for ipywidgets 7 w/fallback
- Add support for adding custom exporters to the "Download as" menu.
- Enable ANSI underline and inverse
- Update notebook css to 5.4.0
- Change default for slides to direct to the reveal cdn rather than locally
- Use "title" instead of "name" for metadata to match the notebook format
- Img filename metadata
- Added MathJax compatibility definitions
- Per cell exception
- Simple API for in-memory templates
- Set BIBINPUTS and BSTINPUTS environment variables when making PDF
- If nb.metadata.title is set, default to that for notebook
Deprecations
- Drop support for python 3.3
Fixing Problems
- Fix api break
- Don't remove empty cells by default
- Handle attached images in html converter
- No need to check for the channels already running
- Update font-awesome version for slides
- Properly treat JSON data
- Skip executing empty code cells
- Ppdate log.warn (deprecated) to log.warning
- Cleanup notebook.tex during PDF generation
- Windows unicode error fixed, nosetest added to setup.py
- Better content hiding; template & testing improvements
- Fix Jinja syntax in custom template example.
- Fix for an issue with empty math block
- Add parser for Multiline math for LaTeX blocks
- Use defusedxml to parse potentially untrusted XML
- Fixes for traitlets 4.1 deprecation warnings
Testing, Docs, and Builds
- A couple of typos
- Add python_requires metadata.
- Document --inplace command line flag.
- Fix minor typo in usage.rst
- Add note about local reveal_url_prefix
- Move onlyif_cmds_exist decorator to test-specific utils
- Include LICENSE file in wheels
- Added Ubuntu Linux Instructions
- Check for too recent of pandoc version
- Removing more nose remnants via dependencies.
- Remove offline statement and add some clarifications in slides docs
- Linkify PR number
- Added shebang for python
- Upgrade mistune dependency
- add feature to improve docs by having links to prs
- Update notebook CSS from version 4.3.0 to 5.1.0
- Explicitly exclude or include all files in Manifest.
2.2.3:
* Enforce that response headers are only bytestrings, rather than allowing
unicode strings and coercing them into bytes.
* New command-line options to set proxy header names: --proxy-headers-host and
--proxy-headers-port.
Upstream changes:
1.90 2018-11-12 18:02:03Z
[DOCUMENTATION]
- Pod fixes (GH#261) (Julien Fiegehenn)
- Fixed pod error as reported by CPANTS. (GH#264) (Mohammad S Anwar)
[ENHANCEMENTS]
- Upgrade to HTML::TreeBuilder version 5 to get support for weak references in
HTML::Element (GH#251) (Julien Fiegehenn)
1.89 2018-10-18 19:13:34Z
[ENHANCEMENTS]
- Add support to find_image() and find_all_images() via 'id'
and 'class' (GH#242) (Julien Fiegehenn)
- Pass strict/verbose constructor args to HTML::Form (GH#256) (Julien Fiegehenn)
- Add ability to clear history and tests for history (GH#259) (mschae94)
Upstream changes:
version 2.28 at 2018-09-17 09:19:09 +0000
-----------------------------------------
Change: cf677362a133592236f3a438ba339ae0fa030c80
Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
Date : 2018-09-17 10:19:09 +0000
Release engineering for 2.28
Change: d712a41b23990ecbee9050b997532b8c6b4c6065
Author: Damyan Ivanov <dmn@debian.org>
Date : 2018-09-16 20:51:07 +0000
add support for IPv6
Upstream changes:
0.25 2018-11-03
* Add support for compiling :disabled, :selected, :checked, :text,
:last-of-type
I'm not sure whether the Perl XPath libaries support this, but at least
we can compile it.
This addresses RT #124406, thanks to Andrew Maguire
0.24 2018-11-02
* Test stability improvement if HTML::TreeBuilder::XPath is not installed
* Re-release with properly fixed META.* information
(RT 127555, reported by Dan Book)
* No code changes, no need to upgrade
o add url remap support via .bzremap file, from martin@netbsd.org
o handle redirections for any protocol, not just http:
o fix a denial of service attack against header contents, which
is now bounded at 16KiB. reported by JP
o reduce default timeouts, and add expand timeouts to handle the
initial line, each header, and the total time spent
o add -T option to expose new timeout settings
o minor RFC fixes related to timeout handling
o fix special file (.htpasswd, .bz*) bypass. reported by JP.
anyone using .htpasswd files should update ASAP.
Nghttp2 v1.35.0
lib
Use __has_declspec_attribute in order to check that dllexport/dllimport can be used.
build
libevent detection with cmake has been improved.
src
C++14 language features are now required.
nghttpx
mruby send_info non-final response is now written early.
Fix assertion failure on mruby send_info with HTTP/1.1 frontend.
h2load
HTTP/1.1 non-final response is now handled correctly.
Clarify that time for connect includes TLS handshake.
Changes 2.1.4:
Fix: shell_plus, fix 1261 check for --notebook-dir=... argument style
Fix: graph_models, Excluded models displayed as an underscore
Fix: set_fake_password, requires_model_validation has been replaced with requires_system_checks since 1.9
Docs: admin_generator, new documentation and examples
Improvement: JSONField, use new from_db_value syntax on Django 2 and up
Improvement: EncryptedTextField, use new from_db_value syntax on Django 2 and up
Improvement: graph_models, add --dot option
Improvement: graph_models, allow to redirect (text) output to file
Improvement: sqldiff, better support for indexes, index_together and unique_together
Changelog:
Version 14.0.3 October 12 2018
Changes
Fixes the apps menu scrollbar (server#11662)
Ignore "session_lifetime" if it can not be converted to a number (server#11761)
Normalize getUnjailedPath (server#11770)
Version 14.0.2 October 11 2018
Changes
Fix contacts menu on mentions (server#11350)
Make the server ready to use global scale with SAML as auth back-end (server#11373)
Fix default flex shrink on list (server#11374)
Fixes the logo height (server#11385)
Do not explode when getting permissions from a FailedStorage (server#11389)
Do not hide the progress bar while the chunked upload is being assembled (server#11399)
Fix "checkWellKnownUrl" not being run (server#11418)
Add back the total used space per user (server#11425)
Fix invalid inline input confirm border (server#11426)
Center back the history icon (server#11430)
AssemblyStream is also eof if we have no more source stream (server#11436)
Re-enable upload button after updating Avatar (server#11451)
Fix typo in config.sample.php (server#11488)
Bugfix 2FA theme: buttons white (server#11489)
Update config and babel for ie11 (server#11490)
Only catch QueryException when trying to build class (server#11492)
Show auth type "None" in email settings (server#11493)
Fix public page footer link wrap (server#11510)
Fix share header text on small widths (server#11511)
Add missing compiled mimetype list (server#11516)
Fixes the move/copy picker buttons (server#11525)
Fix breadcrumbs (server#11530)
Added kinetic scrolling for iOS to apps dropdown menu #10281 (server#11554)
Throw an error if a node is smaller than expected in assemblystream (server#11555)
Reduce the min-width of the files table so it works on sharing pages on mobile (server#11556)
Fix header overflow, fix more apps menu, fix#11552 (server#11558)
Add new group entry on users list + fixes (server#11575)
Redirect guests to login if they follow the link of a comment mention-notifications (server#11577)
Force multiselect max-height to 5.5 items (server#11579)
Just update password hash without validating (server#11580)
Fix sticky header on users list (server#11582)
Fix header border on users list (server#11608)
Fix call to logger (server#11610)
Allow the creationg of previews of files stored in appdata (server#11703)
Update CRL due to changed cert for linkshareex (server#11706)
Fix a misleading setup check for .well-known/caldav & carddav (server#11738)
Remove unneeded CSS rule for IE 11 (files_pdfviewer#101)
Hide footer in public share page (files_pdfviewer#103)
Fix embedded viewer with new server layout on IE 11 (files_pdfviewer#98)
Version 14.0.1 September 25 2018
Changes
Fixes the upload progress bar layout - 14 backport (server#11039)
Fix markup and style of mentions in comments (server#11077)
Do not invalidate main token on OAuth (server#11090)
Expire tokens hardening (server#11103)
fix js files client for user names with spaces (server#11152)
Fix user and group listing with users that have an integer user id (server#11186)
Fix exception class (server#11187)
Remove posix_getpwuid and compare only userid (server#11191)
Fix check for more users in sharing dialogue (server#11201)
Remove filter_var flags due to PHP 7.3 deprecation, fixes#10894 (server#11237)
Fixes empty favorite names for trailing slashes (server#11259)
Fix size of icons in menus inside apps when shown as images (server#11276)
Prevent comment being composed from overlapping the submit button (server#11277)
replace setcookie value with '' instead of null. (server#11280)
Fix the link and anchor for the update notifications (server#11282)
Include empty directories in the default state of acceptance tests (server#11283)
Get permission of storage for shares (server#11287)
Shared by info for room shares without names (server#11288)
Fix icons cacher regex for compressed output (server#11291)
Revert "Use APCu caching of composer" (server#11293)
Use user locale as default in the template (server#11294)
Fix expiration code of tokens (server#11302)
Add unit test for findLanguageFromLocale (server#11340)
14 scroll fix (activity#295)
Update stable14 target versions (files_texteditor#111)
Update stable14 target versions (firstrunwizard#80)
Update stable14 target versions (gallery#467)
Update stable14 target versions (nextcloud_announcements#32)
Update stable14 target versions (notifications#158)
Update config and babel for ie11 (notifications#161)
Version 14.0.0 September 10 2018
Changes
Nextcloud 14 merged nearly 1000 pull requests with improvements and changes, almost 150 more than Nextcloud 13. This only covers the core server, hundreds more changes were made in the apps that make up our release, making this version officially our biggest release ever.
While we can never cover everything that has improved, these are the main feature highlights:
Video Verification - use a video call with Talk to verify the identity of somebody before granting them access to a share
Two-factor authentication now with Signal and Telegram as well as NFC and SMS
Accessibility improvements & dark theme
Add a note to shares, share files in a Talk chat, new Deck Kanban app and much more
Version 13.0.7 October 11 2018
Changes
Prefer using dir instead of allinfo for getting smb file info (server#10804)
[LDAP] The WebUI Wizard also should not assign empty config IDs (server#10824)
Fix mimetype detection for junked uploads (server#10829)
Improve performance when dealing with large numbers of shares (server#10884)
Cast timestamps older than unix epoch to 0 (server#10902)
Use the same ignored properties list for both CustomerPropertiesBackends (server#10911)
Do not hide the progress bar while the chunked upload is being assembled (server#11400)
Fix "checkWellKnownUrl" not being run (server#11419)
AssemblyStream is also eof if we have no more source stream (server#11437)
Show auth type "None" in email settings (server#11494)
Fixes the move/copy picker buttons (server#11524)
Allow the creationg of previews of files stored in appdata (server#11704)
Update CRL due to changed cert for linkshareex (server#11707)
Fix a misleading setup check for .well-known/caldav & carddav (server#11739)
Version 13.0.6 August 30 2018
Changes
Add sabre plugin to allow anonymous options requests to the dav root (server#10285)
Do scan the root storage in background scan (server#10376)
Adding test for table schedulingobjects and fixing postgres LOB (server#10552)
Fix transfering ownership of a share to user with same id as receiver (server#10565)
Make file cache updates more robust (server#10581)
Retry smb stat on timeout (server#10591)
Use insertIfNotExists to store new mimetypes. (server#10620)
Only warn about data lose on password reset if per-user keys are used (server#10646)
Update the scope of the lockdownmanager (server#10682)
Log entries that are hidden during file listing (server#10698)
Forgotten pass fix link (server#10735)
Fix comment style in config sample (server#10759)
Make sure error_log() always receives a string (server#10760)
Fix call to OC.generateUrl for caldav birthday calendar on/off (server#10761)
Use the path_hash instead of the path to query the filecache (server#10762)
Don't blame random people for background email updates (server#10763)
Resolve all group memberships properly (server#10783)
Remove unexecutable code (server#10816)
Improve URL detection (server#10821)
MySQL 8.0+ and MariaDB 10.3+ are large prefix and barracuda by default (server#10823)
Disallow negative mtime in dav search (server#10837)
- Fixed a bug when user clicking confirmation link after confirmation
and expiration causes confirmation email to resend.
- Added support for I18N.
- Added options `SECURITY_EMAIL_PLAINTEXT` and `SECURITY_EMAIL_HTML`
for sending respecively plaintext and HTML version of email.
- Fixed validation when missing login information.
- Fixed condition for token extraction from JSON body.
- Better support for universal bdist wheel.
- Added port of CLI using Click configurable using options
`SECURITY_CLI_USERS_NAME` and `SECURITY_CLI_ROLES_NAME`.
- Added new configuration option `SECURITY_DATETIME_FACTORY` which can
be used to force default timezone for newly created datetimes.
- Better IP tracking if using Flask 0.12.
- Renamed deprecated Flask-WFT base form class.
- Added tests for custom forms configured using app config.
- Added validation and tests for next argument in logout endpoint.
- Bumped minimal required versions of several packages.
- Extended test matric on Travis CI for minimal and released package
versions.
- Added of .editorconfig and forced tests for code style.
- Fixed a security bug when validating a confirmation token, also checks
if the email that the token was created with matches the user's current
email.
- Replaced token loader with request loader.
- Changed trackable behavior of `login_user` when IP can not be detected
from a request from 'untrackable' to `None` value.
- Use ProxyFix instead of inspecting X-Forwarded-For header.
- Fix identical problem with app as with datastore.
- Removed always-failing assertion.
- Fixed failure of init_app to set self.datastore.
- Changed to new style flask imports.
- Added proper error code when returning JSON response.
- Changed obsolete Required validator from WTForms to DataRequired. Bumped
Flask-WTF to 0.13.
- Fixed missing `SECURITY_SUBDOMAIN` in config docs.
- Added cascade delete in PeeweeDatastore.
- Added notes to docs about `SECURITY_USER_IDENTITY_ATTRIBUTES`.
- Inspect value of `SECURITY_UNAUTHORIZED_VIEW`.
- Send password reset instructions if an attempt has expired.
- Added "Forgot password?" link to LoginForm description.
- Upgraded passlib, and removed bcrypt version restriction.
- Removed a duplicate line ('retype_password': 'Retype Password') in
forms.py.
- Various documentation improvement.
Changes:
=================
WebKitGTK+ 2.22.4
=================
What's new in WebKitGTK+ 2.22.4?
- Expose ENABLE_MEDIA_SOURCE as a public build option.
- Fix a crash when using Cairo versions between 1.15 and 1.16.0
- Fix the build with -DLOG_DISABLED=0.
- Fix the build with ENABLE_VIDEO=OFF and ENABLE_WEB_AUDIO=OFF.
- Fix debug builds of JavaScriptCore.
- Fix several crashes and rendering issues.
0.12.0
Drop support for Python 3.3
ca_certs from environment HTTPLIB2_CA_CERTS or certifi
PROXY_TYPE_HTTP with non-empty user/pass raised TypeError: bytes required
Revert http:443->https workaround
eliminate connection pool read race
cache: stronger safename
1.0.0:
* Added --style=auto which follows the terminal ANSI color styles.
* Added support for selecting TLS 1.3 via --ssl=tls1.3
(available once implemented in upstream libraries).
* Added true/false as valid values for --verify
(in addition to yes/no) and the boolean value is case-insensitive.
* Changed the default --style from solarized to auto (on Windows it stays fruity).
* Fixed default headers being incorrectly case-sensitive.
* Removed Python 2.6 support.
2.1.0:
Removed support for Django 1.8, 1.9, 1.10
2.0.5:
Deal with missing context from aldryn-search
Add support for newer Django versions
Add parameters for embed_link
Fix swappable filer image model support
2.0.4:
Added URL parsing for the embed url. It now accepts various versions of YouTube urls and converts them to an embed link.
Added the python3.5 test env
2.0.3:
Prevent changes to DJANGOCMS_VIDEO_XXX settings from requiring new migrations
Changed naming of Aldryn to Divio Cloud
Adapted testing infrastructure (tox/travis) to incorporate django CMS 3.4 and dropped 3.2
Updated translations
2.0.2:
Fixed an issues with migrations where Null values caused IntegrityError
2.0.1:
Removed base.html for performance reasons
Fixed faulty settings parsing in aldryn_config.py
Fixed an issue where ValidationError wasn't imported
Adapted private get_template method
Updated translations
2.0.0:
Dropped flash support
Dropped django CMS <3.3.1 support
Dropped Django <1.8 support
Renamed Video to VideoPlayer
Added Video Source Plugin
Added Video Track Plugin
Adapted files to resemble best practices
Updated translations
2.1.0:
Fixed a validation issue with attributes
Added support for Django 1.11, 2.0 and 2.1
Removed support for Django 1.8, 1.9, 1.10
Adapted testing infrastructure (tox/travis) to incorporate django CMS 3.5 and 4.0
2.0.2:
Ensure class ordering is maintained
2.0.1:
Prevent changes to DJANGOCMS_STYLE_XXX settings from requiring new migrations
Changed naming of Aldryn to Divio Cloud
Adapted testing infrastructure (tox/travis) to incorporate django CMS 3.4 and dropped 3.2
Updated translations
2.1.1:
Added reference variables to migrations
Fixed a text typo in models
2.1.0:
Removed support for Django 1.8, 1.9, 1.10
2.0.8:
Fixed an issue where default DJANGOCMS_PICTURE_RESPONSIVE_IMAGES was not in settings
2.0.7:
Add responsive image support
Add support for Django 2.0 and 2.1
Fix swappable filer image model support
2.0.6:
Fixed a misleading link to MDN inside code documentation
Abstract the link model so it can be extended by other addons
2.0.5:
Fixed an issue in DJANGOCMS_PICTURE_ALIGN where "Align center" pointed to the wrong value
Updated translations
2.0.4:
Prevent changes to DJANGOCMS_PICTURE_XXX settings from requiring new migrations
Changed naming of Aldryn to Divio Cloud
Adapted testing infrastructure (tox/travis) to incorporate django CMS 3.4 and dropped 3.2
Fixed an issue when no image is set after deletion in django-filer (on_delete=SET_NULL)
Updated translations
2.0.3:
Fixed an issue with picture_link not working as expected in the template
Fixed an issue where the alt text was not displayed appropriately
Fixed an issue where placeholder params can be strings
2.0.2:
Fixed an issues with migrations where Null values caused IntegrityError
2.0.1:
Fixes an issue where images throw an AttributeError
1.2.0:
Fixed an issue with map not always setting correct zoom level
Removed admin url data attribute from the map marker if cms isn't in edit mode
Added support for Django 1.11, 2.0 and 2.1
Removed support for Django 1.8, 1.9, 1.10
Adapted testing infrastructure (tox/travis) to incorporate django CMS 3.5 and 4.0
1.1.1:
Refactored migration 0005 to avoid using the django CMS api because it can lead to database errors when the models on file don't match the ones in the migration.
Moved Google Apps API Key to an environment variable on Divio Cloud
1.1.0:
Added support for customize marker icon
Updated translations
1.0.2:
Fixed an issue where 0005 migration mismatches lat/lng values when creating the new nested structure from older upgrades
Updated translations
1.0.1:
Prevent changes to DJANGOCMS_GOOGLEMAP_XXX settings from requiring new migrations
Changed naming of Aldryn to Divio Cloud
Adapted testing infrastructure (tox/travis) to incorporate django CMS 3.4 and dropped 3.2
Fixed zoom level not correctly being applied
Fixed latitude/longitude data attribute values being incorrectly parsed for locales not using a period as decimal separator (e.g. german)
2.1.0:
Removed support for Django 1.8, 1.9, 1.10
2.0.3:
Add support for Django 1.10, 1.11, 2.0 and 2.1
Adapted testing infrastructure (tox/travis) to incorporate django CMS 3.5 and 4.0
2.0.2:
Prevent changes to DJANGOCMS_FILE_XXX settings from requiring new migrations
Changed naming of Aldryn to Divio Cloud
Adapted testing infrastructure (tox/travis) to incorporate django CMS 3.4 and dropped 3.2
Updated translations
2.0.1:
Fixes an issue where images throw an AttributeError
2.0.0:
Added tests
Cleaned up file structure
Removed Django < 1.8 support
Adapted README.txt
Added translations
3.6.1:
Added Django 2.0 & 2.1 support
Updated setup.py to use html5lib>=0.999999999
Fixed ValueError on static file resolution at import time
3.6.0:
Changed the way ckeditor widget is initialized
3.5.3:
Updated CKEditor to 4.7.3
Added context to translation payload when dealing with TextPlugin instances
3.5.1:
Introduced support for django CMS 3.5.0
Fixed a regression which prevented multiple HTMLFields from having different configurations.
Fixed a bug where text coming from HtmlField was escaped when using it with other third party apps like django-parler.
Fixed a bug where dialog backdrop would've been incorrectly removed allowing for disallowed actions.
Fixed a bug when a dialog would open underneath maximized editor.
3.5.0:
Fixed an issue where the rendered HTML of plugins nested in text plugins leaked and became editable in some cases.
Updated CKEditor to 4.6.2
3.4.0:
Introduced support for the djangocms-history app.
Fixed an issue when CKEditor was triggering unnecessary delete-on-cancel requests after editing a plugin.
Fixed a bug which raised an exception when using a lazy object on the plugin configuration.
This project aims to provide a sensible means of storing and managing arbitrary
HTML element attributes for later emitting them into templates.
There are a wide variety of types of attributes and using the "normal" Django
method of adding ModelFields for each on a business model is cumbersome at best
and moreover may require related tables to allow cases where any number of the
same type of attribute should be supported (i.e., data-attributes). This can
contribute to performance problems.
To avoid these pitfalls, this package allows all of these attributes to be
stored together in a single text field in the database as a JSON blob, but
provides a nice widget to provide an intuitive, key/value pair interface and
provide sensible validation of the keys used.
1.4.0:
* Added support for Django 2.0 and 2.1
* Enabled django-mptt 0.9
* Converted QueryDict to dict before manipulating in admin
* Hide 'Save as new' button in file admin
* Fixed history link for folder and image object
* Fixed rendering canonical URL in change form
3.5.3:
* Fixed TreeNode.DoesNotExist exception raised when exporting
and loading database contents via dumpdata and loaddata.
* Fixed a bug where request.current_page would always be the public page,
regardless of the toolbar status (draft / live). This only affected custom
urls from an apphook.
* Removed extra quotation mark from the sideframe button template
* Fixed a bug where structureboard tried to preload markup when using legacy
renderer
* Fixed a bug where updates on other tab are not correctly propagated if the
operation was to move a plugin in the top level of same placeholder
* Fixed a bug where xframe options were processed by clickjacking middleware
when page was served from cache, rather then get this value from cache
* Fixed a bug where cached page permissions overrides global permissions
* Fixed a bug where plugins that are not rendered in content wouldn't be
editable in structure board
* Fixed a bug with expanding static placeholder by clicking on "Expand All" button
* Fixed a bug where descendant pages with a custom url would lose the overwritten
url on save.
* Fixed a bug where setting the on_delete option on PlaceholderField
and PageField fields would be ignored.
* Fixed a bug when deleting a modal from changelist inside a modal
Changes with nginx 1.15.6:
*) Security: when using HTTP/2 a client might cause excessive memory
consumption (CVE-2018-16843) and CPU usage (CVE-2018-16844).
*) Security: processing of a specially crafted mp4 file with the
ngx_http_mp4_module might result in worker process memory disclosure
(CVE-2018-16845).
*) Feature: the "proxy_socket_keepalive", "fastcgi_socket_keepalive",
"grpc_socket_keepalive", "memcached_socket_keepalive",
"scgi_socket_keepalive", and "uwsgi_socket_keepalive" directives.
*) Bugfix: if nginx was built with OpenSSL 1.1.0 and used with OpenSSL
1.1.1, the TLS 1.3 protocol was always enabled.
*) Bugfix: working with gRPC backends might result in excessive memory
consumption.
This is currently a, hopefully, simple to use LibSass Go API. It
uses the C bindings in https://github.com/wellington/go-libsass/libs
to do the heavy lifting.
The primary motivation for this project is to add SCSS support to
Hugo. It is has some generic tocss package names hoping that there
will be a solid native Go implementation that can replace LibSass
in the near future.
Spritewell performs image composition on a glob of source images.
This is useful for creating spritesheets of images. This is a thread
safe library and is optimized for multicore systems.
This package contains several lexers and parsers written in Go.
All subpackages are built to be streaming, high performance and to
be in accordance with the official (latest) specifications.
The lexers are implemented using buffer.Lexer in
https://github.com/tdewolff/parse/buffer and the parsers work on
top of the lexers. Some subpackages have hashes defined (using
Hasher) that speed up common byte-slice comparisons.
Minify is a minifier package written in Go. It provides HTML5,
CSS3, JS, JSON, SVG and XML minifiers and an interface to implement
any other minifier. Minification is the process of removing bytes
from a file (such as whitespace) without changing its output and
therefore shrinking its size and speeding up transmission over the
internet and possibly parsing. The implemented minifiers are designed
for high performance.
The core functionality associates mimetypes with minification
functions, allowing embedded resources (like CSS or JS within HTML
files) to be minified as well. Users can add new implementations
that are triggered based on a mimetype (or pattern), or redirect
to an external command (like ClosureCompiler, UglifyCSS, ...).
Package urlesc implements query escaping as per RFC 3986.
It contains some parts of the net/url package, modified so as to
allow some reserved characters incorrectly escaped by net/url.
Games using WebGL (created in Unity) get stuck after very short time of gameplay (bug 1502748)
Slow page loading for some users with specific proxy configurations (bug 1495024)
Disable HTTP response throttling by default for causing bugs with videos in background tabs (bug 1503354)
Opening magnet links no longer works (bug 1498934)
Crash fixes (bug 1498510, bug 1503424)
Version 0.7.0
~~~~~~~~~~~~~
* Update to Markdown 3.0 with new extension loading syntax.
* Added `FLATPAGES_EXTENSION_CONFIGS` for configuring extensions
specified by import string.
* Add support for loading pages from Flask instance folder
* Add a case insensitive loading option
Version 0.6.1
~~~~~~~~~~~~~
* Update dependencies to `Flask>=1.0` (as Flask 0.12.1 has known
vulnerabilities).
* Pin `Markdown<=3.0` as the Markdown extension API has changed.
Changes:
## [3.3.0] - 2018-11-06
### Added
* Allow to change following webkit settings during runtime
* allow-file-access-from-file-urls
* allow-universal-access-from-file-urls
* Added `#define CHECK_WEBEXTENSION_ON_STARTUP 1` to config.def.h to enable
checks during runtime if the webextension file could be found. Hope that
this helps user to fix compile/installation issues easier.
* Re-Added support for page marks to jump around within long single pages by
using names marks.
Set a marks by `m{a-z}` in normal mode. Jump to marks by `'{a-z}`.
* Re-Added `gf` to show page source (Thanks to Leonardo Taccari) #361.
Webkit2 does not allow to show tha page in the source view mode so the `gf`
writes the HTML to a temporary files and opens it in the editor configured
by `:set editor-command=...`
### Changed
* New created files in `$XDG_CONFIG_HOME/vimb` are generated with `0600`
permission to prevent cookies be observed on multi users systems. Existing
files are not affected by this change. It's a good advice to change the
permission of all the files in `$XDG_CONFIG_HOME/vimb` to `0600` by
hand.
### Fixed
* Fixed missing dependency in Makefile which possibly caused broken builds
(Thanks to Patrick Steinhardt).
* Fixed weird scroll position values shown in scroll indicator on some pages #501.
* Fixed wrong hint label position on xkcd.com #506.
* Fixed wrong hint label position in case of hints within iframes.
## [3.2.0] - 2018-06-16
### Added
* Allow basic motion commands for hinting too.
* Show the numbers of search matches in status bar.
* Show dialog if the page makes a permission request e.g. gelocation to allow
the user to make a decission.
* new Setting `show-titlebar` to toggle window decorations.
### Changed
* Use sqlite as cookie storage #470 to prevent cookies lost on running many
vimb instances.
* Start vimb with maximized window #483.
* Hints are now styled based on the vimbhint attributes. The old additional set
classes are not set anymore to the hints. So customized css for the hints have
to be adapted to this.
* Element ID is stored in case the editor was spawned. So it's now possible to
start the editor, load another page, come back and paste the edotor contents
(thanks to Sven Speckmaier).
### Fixed
* Fixed none cleaned webextension object files on `make clean`.
* Remove none used gui styling for completion.
### Removed
* Removed webkit1 combat code.
## [3.1.0] - 2017-12-18
### Added
* Added completion of bookmarked URIs for `:bmr` to allow to easily remove
bookmarks without loading the page first.
* Refresh hints after scrolling the page or resizing the window which makes
extended hint mode more comfortable.
* Reintroduce the automatic commands from vimb2. An automatic command is
executed automatically in response to some event, such as a URI being opened.
### Changed
* Number of webprocesses in no longer limited to one.
* Treat hint label generation depending on the first hint-key char.
If first char is '0' generate numeric style labels else the labels start with
the first char (thanks to Yoann Blein).
* `hint-keys=0123` -> `1 2 3 10 11 12 13`
* `hint-keys=asdf` -> `a s d f aa as ad af`
* Show versions of used libs on `vimb --bug-info` and the extension directory
for easier issue investigation.
* During hinting JavaScript is enabled and reset to it's previous setting after
hinting is done might be security relevant.
* Allow extended hints mode also for open `g;o` to allow the user to toggle
checkboxes and radiobuttons of forms.
* Rename `hint-number-same-length` into `hint-keys-same-length` for consistency.
* Search is restarted on pressing `n` or `N` with previous search query if no
one was given (thanks to Yoann Blein).
### Fixed
* Deduced min required webkit version 2.16.x -> 2.8.x to compile vimb also on
older systems.
* Fixed undeleted desktop file on `make uninstall`.
* Fixed window not redrawn properly in case vimb was run within tabbed.
* Fixed cursor appearing in empty inputbox on searching in case a normal mode
command was used that switches vimb into command mode like 'T' or ':'.
* Fixed hint labels never started by the first char of the 'hint-keys'.
* Fixed items where added to history even when `history-max-items` is set to 0
(thanks to Patrick Steinhardt).
* Fixed hinting caused dbus timeout on attempt to open URI with location hash.
* Fixed wrong scroll position shown in the right of the statusbar on some pages.
* Fixed vimb keeping in normal mode when HTTP Authentication dialog is shown.
* Fixed password show in title bar and beeing written to hisotry in case the
pssword was given by URI like https://user:password@host.tdl.
## [3.0-alpha] - 2017-05-27
### Changed
* completely rebuild of vimb on webkit2 api.
* Syntax for the font related gui settings has be changed.
Fonts have to be given as `[ font-style | font-variant | font-weight | font-stretch ]? font-size font-family`
Example `set input-font-normal=bold 10pt "DejaVu Sans Mono"` instead of
previous `set input-fg-normal=DejaVu Sans Mono Bold 10`
* Renames some settings to consequently use dashed setting names. Following
settings where changed.
```
previous setting - new setting name
--------------------------------------
cursivfont - cursiv-font
defaultfont - default-font
fontsize - font-size
hintkeys - hint-keys
minimumfontsize - minimum-font-size
monofont - monospace-font
monofontsize - monospace-font-size
offlinecache - offline-cache
useragent - user-agent
sansfont - sans-serif-font
scrollstep - scroll-step
seriffont - serif-font
statusbar - status-bar
userscripts - user-scripts
xssauditor - xss-auditor
```
### Removed
* There where many features removed during the webkit2 migration. That will
hopefully be added again soon.
* auto-response-headers
* autocommands and augroups
* external downloader
* HSTS
* kiosk mode
* multiple ex commands on startup via `--cmd, -C`
* page marks
* prevnext
* showing page source via `gF` this viewtype is not supported by webkit
anymore.
* socket support
Packaged by Yorick Hardy and myself in pkgsrc-wip.
Changes with nginx 1.14.1 06 Nov 2018
*) Security: when using HTTP/2 a client might cause excessive memory
consumption (CVE-2018-16843) and CPU usage (CVE-2018-16844).
*) Security: processing of a specially crafted mp4 file with the
ngx_http_mp4_module might result in worker process memory disclosure
(CVE-2018-16845).
*) Bugfix: working with gRPC backends might result in excessive memory
consumption.
Full compatibility with PHP 7.2 (#2947772)
Drupal 7.61, 2018-11-07
-----------------------
- File upload validation functions and hook_file_validate() implementations are
now always passed the correct file URI.
- The default form cache expiration of 6 hours is now configurable (API
addition: https://www.drupal.org/node/2857751).
- Allowed callers of drupal_http_request() to optionally specify an explicit
Host header.
- Allowed the + character to appear in usernames.
- PHP 7.2: Fixed Archive_Tar incompatibility.
- PHP 7.2: Removed deprecated function each().
- PHP 7.2: Avoid count() calls on uncountable variables.
- PHP 7.2: Removed deprecated create_function() call.
- PHP 7.2: Make sure variables are arrays in theme_links().
- Fixed theme-settings.php not being loaded on cached forms
- Fixed problem with IE11 & Chrome(PointerEvents enabled) & some Firefox scroll to the top of the page after dragging the bottom item with jquery 1.5 <-> 1.11
18.11.1
new: forward_for WAMP message attribute (for Crossbar.io Router-to-Router federation)
new: support RawSocket URLs (eg "rs://localhost:5000" or "rs://unix:/tmp/file.sock")
new: support WAMP-over-Unix sockets for WAMP components ("new API")
fix: use same WAMP serializer construction code for WAMP components ("new API") and ApplicationSession/Runner
fix: memory leak with Twisted/WebSocket, dropConnection and producer
1.5.1:
* has-class XPath function handles newlines and other separators
in class names properly;
* fixed parsing of HTML documents with null bytes;
* documentation improvements;
* Python 3.7 tests are run on CI; other test improvements.
Version 2.0:
2.0 introduced a number of small changes and tidy-ups.
Please see the migration guide:
https://django-filter.readthedocs.io/en/master/guide/migration.html#migrating-to-2-0
* Added testing for Python 3.7
* Improve exception message for invalid filter result
* Test QueryDict against CSV filters
* Add `renderer` argument to `render()` method of `BooleanWidget`
* Fix lookups for reverse relationships
* Refactor backend filterset instantiation
* Improve view-related attribute name consistency
* Fix distinct call for range filters
* Fix empty value check for CSV range
* Rework DateRangeFilter
* Added testing for Django 2.1
* Rework 'lookup types' handling into LookupChoiceFilter
* Add linting and docs builds to CI
* Use DRF BooleanFilter for NullBooleanField
* Added Brazilian locale
* List Django as a dependency in setup.py
* Keep coverage reports files off version control.
* Update migration docs
* Added be, cs and uk translations. Updated de and ru
* Slovak translation
* Added Django 2.0 support.
* Fix warnings build
* Add greek translation
* Replaced super(ClassName, self) with super()
* Fixed doc URL in utils.deprecate().
* Added danish translation to django-filter
* Rework validation, add queryset filter method
* Fix Schema warnings
* Update {Range,LookupType}Widgets to use suffixes
* Method signature improvements
* Remove more deprecations
* Drop python 2, Django<1.11 support
* Remove 'Meta.together' option
* [2.x] Remove some deprecations
Changes:
2018-07-08 (2.8.9rel.1)
* documentation/metrics updates -TD
2018-06-10 (2.8.9pre.1)
* fix an inconsistency in message for "-listonly" option (Debian #805753) -TD
2018-05-17 (2.8.9dev.19)
* update test-packages to use current ncurses test-packages -TD
* improve portability for sockaddr structures used in HTTP and FTP, for
IPv6 and SOCKS configurations -TD
* fix several minor warnings reported by Coverity -TD
* build-fix overlooked in 2.8.9dev.3 when INACTIVE_INPUT_STYLE_VH is defined,
for problem introduced by 2.8.8dev.17 code-cleanup -GV
* trim unnecessary intllib symbols from src/chrtrans/makefile.in -TD
* when cross-compiling, trim LDFLAGS from makefile rule linking makeuctb,
because it is a build tool, which should generally use BUILD_LDFLAGS
(patch by Thomas Petazzoni)
2018-05-06 (2.8.9dev.18)
* ignore content-encoding in HTContentToCompressType() if the content-type is
known, to improve the suggested filename (report by Russell Bell) -TD
* add support for using client certificate with OpenSSL configuration (patch
by Elliot Thomas).
* fix a few more memory leaks -TD
* put Lynx.leaks file in home directory like Lynx.trace (report by GV) -TD
* fix a memory leak in HTFTP.c -GV
* modify HTDoConnect(), adding a check for keyboard interrupt with 'z' in the
select-loop -TD
* modify legacy feature from Lynx 2.7.2 which checks the hostname of a URI
to guess whether to use HTTP, FTP, etc., depending upon the prefix of the
URIs hostname. This is now an optional feature, GUESS_SCHEME, which defaults
to FALSE (Debian #893907) -TD
2018-03-21 (2.8.9dev.17)
* modify samples/oldlynx.bat to check if Lynx recognizes the -lss option -TD
* modify samples/*lynx.bat to check for environment variables that Lynx would
test for temp-directory, and only if those are absent will the scripts
attempt to create a temp-directory -TD
* modify samples/*lynx.bat to set PATH for executing utility programs -TD
* remove unused critSec_DNS -TD
* use EnterCriticalSection in ws_netread rather than InitializeCriticalSection
since critSec_READ was initialized in LYMain.c (report by GV) -TD
* use freeaddrinfo() in one case where free() was used (report by GV) -TD
* implement "+" item type for gopher protocol (report by James Tomasino) -TD
* add checks in options-menu in case no color-styles have been defined -TD
* add Visual Studio project files for 2010, 2012 -TD
* improve checks for strings which should not be empty -TD
* check for empty personal-mail-address (report by TG) -TD
* modify samples/lynx-demo.cfg to use SOURCE_CACHE:memory -TD
* modify samples/*lynx.bat to use existing TEMP-directory if possible -TD
* modify windows installer to select directory containing SSL DLLs and copy
them into lynx's application directory -TD
* add oldlynx.bat sample script to windows installer -TD
* use default lynx.lss color scheme with samples/lynx.bat -TD
* modify windows installers to use static libraries for pdcurses and slang,
because the dll for the latter is much larger than the rest of lynx.
Even with this change, lynx.exe is 50% larger when using slang than with
pdcurses -TD
* rename test-package for ".rpm" to "lynx-dev" for consistency with ".deb" -TD
* improve samples/lynx.bat by using location of script rather than current
directory -loto1992@inbox.ru ("Smuggler")
* permanently enable MISC_EXP feature -TD
* remove several obsolete ifdefs: DGUX, DGUX_OLD, HP_TERMINAL,
REVERSE_CLEAR_SCREEN_PROBLEM, SHORTENED_RBIND, SLANG_MBCS_HACK, SNAKE -TD
* improve logic in HTCopy used to limit reads based on content-length to
take into account server headers which extend past the first block read
(report/test-case by Dick Wesseling) -TD
* permanently enable EXP_HTTP_HEADERS feature -TD
* modify color-style hashing to check for collisions (reported by TG, Russell
Bell) -TD
* add PREFERRED_CONTENT_TYPE defaulting to text/plain and options-menu to
replace an assumption in HTMIMEConvert that everything is text/html.
Since most servers provide a valid Content-Type for HTML, and are more likely
to omit it for files lacking a known suffix, defaulting to text/plain is a
better choice -TD
* remove dead-code for OMIT_SCN_KEEPING -TD
* remove dead/unreachable pretty-source code in HTML.c, noticed because
it complicates hashing -TD
* improve hashing for anchors and styles by using a more suitable hash-table
size -TD
* add a note in lynx.cfg telling how to remove a default key-mapping -TD
* modify "=" command to make it possible to disable margins for the URL string,
by first disabling wrapping using "|" -TD
* several fixes for Windows version -TH
+ fix an abnormal terminate when pressing 'd'(download) on no action button.
+ work around incompatibility in move() between POSIX and Windows.
ref: https://www.securecoding.cert.org/confluence/display/c/FIO10-C.+Take+care+when+using+the+rename%28%29+function
+ fix limit-check for SJIS which prevented showing a show long title in the
title bar on Windows environment.
+ fix problem with PDCurses when wrapping lines.
ref: lynx-dev discussions "Subject: Wrapping line behavior"
+ fix resizing terminal problem with Windows + PDCurses.
This problem occurs only with some combinations of source and destination
screen size.
For example: 80x25 -> 90x20
+ including some code clean up
* improve consistency in help-files discussing line-edit keymaps (prompted by
Debian #888391) -TD
* additional fixes to work with LibreSSL on OpenBSD 6.2 -TD
* build-fixes for OpenSSL 1.1.0 versus 1.0.0 (patch by Quentin Minster).
* modify configure script to make a quirk of NetBSD's make-program less
noticeable -TD
* modify configure script to work around pkgsrc's misconfiguration of shared
libraries -TD
* modify po/makefile.inn to ensure the temporary files have distinct names
to avoid problem with "make -j8" (Debian #890811) -TD
* update makefile/batch-scripts to allow building with newer Visual Studio
versions, e.g., 2010, 2012, so that a 64-bit executable can be built -TD
* repair link in lynx_help_main.html to HTML 3.2 documentation
(Savannah #47803) -TD
* update eo.po, fr.po from
http://translationproject.org/latest/lynx
* improved several configure macros:
CF_BUILD_CC, CF_CC_ENV_FLAGS, CF_CURSES_FUNCS, CF_CURSES_LIBS,
CF_NCURSES_CONFIG -D
* updated ftp-site url -TD
* update config.guess (2018-01-26), config.sub (2018-01-15)
2017-07-10 (2.8.9dev.16)
* modify configure script to warn if NLS cannot be configured, and disable
the feature rather than leaving it partly configured and failing during
the build -TD
* modify configure script to allow pre-set $MSGFMT and $XGETTEXT variables to
to used to build the NLS configuration using system's native NLS support -TD
* convert po/zh_TW.po to UTF-8 to work with Solaris10, which lacks big5 -TD
* build-fix for OSX Panther, which has PRId64 but not SCNd64 (patch by Martijn
Dekker).
* modify po-makefile to use msgmerge to align with lynx.pot, and also use sed
to update some obsolete homepage URLs in translations -TD
* add a note in the comments for INCLUDE in lynx.cfg regarding the default
directory searches LYOpenCFG(), added in 2.8.4dev.20 (Debian #818047) -TD
* add a check to ensure that HTML_put_string() will not append a chunk onto
itself (report by Ned Williamson) -TD
* update da.po, et.po, tr.po from
http://translationproject.org/latest/lynx
2017-07-04 (2.8.9dev.15)
* add note in lynx.cfg about default values (Debian #408448) -TD
* amended Backes' change to the COLLAPSE_BR_TAGS feature for compatibility -TD
+ use ENABLE_LYNXRC to determine whether it is written to the .lynxrc file.
+ add command-line option, etc., for controlling whether blank lines are
trimmed, e.g., trailing lines as well as the special case for collapsing
br-tags. Leading blank lines at the top of the document are untouched.
+ modify limit for trimmed lines to retain as little as 1 line; previously
the trimming would go no smaller than 2 lines.
* add command-line option and options-menu item for COLLAPSE_BR_TAGS (patch
by Peter Backes).
* fix strict gcc7 warnings on OSX, aside from those due to incorrect system
headers -TD
* adjust definition of alloca() in HTUtils.h to quiet bogus compiler warning
with NetBSD 7 -TD
* add configure check for preprocessor -C option, overlooked in c99 -TD
* correct logic in HTCopy() when re-reading a page (Debian #863008) -TD
* fix lintian warnings in ".deb" test-package -TD
* build-fix for PGI compilers, e.g., symbol conflicts -TD
* update eo.po from
http://translationproject.org/latest/lynx
2017-05-10 (2.8.9dev.14)
* amend fix for Debian #841155, adding check for complete multibyte strings to
decide when the cell-limit has been met (Debian #862148) -TD
* minor improvements to configure script to reduce warnings in config.log -TD
* update config.sub (2017-04-02)
* compiler-warning fixes for c99 on OSX -TD
2017-04-29 (2.8.9dev.13)
* amend fix for Debian #841155, adding check for special case where the
expected number of cells is zero (report by Larry Hynes) -TD
2017-04-28 (2.8.9dev.12)
* correct logic in cell2char(), which gave up too early in determining the
number of cells needed for a multibyte string in the editable text-fields
(Debian #841155) -TD
* improve manual page discussion of environment variables, prompted by
comments in Debian #791452, which overlooked the fact that details of proxy
behavior are found in the user guide -TD
* cleanup some of the user's guide formatting, e.g., for quote-characters -TD
* consistently use "_" in command-line options table and manual page, to work
with program logic that treats "-" as "_", but not the reverse (report by
Larry Hynes) -TD
* improved several configure macros: CF_ADD_CFLAGS, CF_CC_ENV_FLAGS,
CF_GNU_SOURCE, CF_LARGEFILE, CF_MATH_LIB, CF_PROG_LINT, CF_SRAND,
CF_XOPEN_SOURCE -TD
* modify Windows makefile to allow SSL_LIBS and SSL_DEFS to be overridden,
reflecting naming-incompatibility in recent OpenSSL development -TD
* modify ncurses-specific code to allow its TERMINAL struct to be opaque -TD
* refine special case of server Content-Type from 2.8.7dev.11 changes to
decompress files offered for download when the server has gzip'd them
(report by TH) -TD
* amend comparision from 2.8.8dev.10 changes to handle slang specially
(report/testcase by TH) -TD
* minor cleanup of UCDomap.c -TD
* build-fix for color-style with leak-checking -TD
* amend merge/fixes from
http://en.sourceforge.jp/project/lynx-win32-pata
as well as problem introduced by 2.8.8dev.6 cleanup -TH
* update ca.po, from
http://translationproject.org/latest/lynx
* tidy whitespace in lynx.cfg (report by David Niklas) -TD
* fix two more typos in the list of ENABLE_LYNXRC in lynx.cfg -TD
* remove a repeated item for SEND_USERAGENT from lynx.cfg (Larry Hynes)
* accept userinfo in a URL, subject to override by -auth option or -pauth
options. According to RFC-3986, this is deprecated, but testing shows other
clients support it -TD
* fix several minor warnings reported by Coverity -TD
* remove redundant asserts which follow a check that leads to outofmem(),
added in 2.8.8dev.4 to appease clang 2.6, since clang 3.x understands
no-return function declarations -TD
* when converting host+params to idna, temporarily separate the params to
avoid a warning from idna_to_ascii_8z() -TD
* improve warning messages from 2.8.9dev.11 fixes when stripping user/password,
dropping an unnecessary message and fixing a case where all-punctuation
user name was not logged (report by Axel Beckert) -TD
* update config.guess (2017-03-05), config.sub (2017-02-07)
2016-11-15 (2.8.9dev.11)
* amend fix for stripping user/password to ensure that the stripped value is
used when connecting to the host (prompted by discussion of CVE-2016-9179
at https://lists.debian.org/debian-lts/2016/11/threads.html#00072) -TD
2016-11-08 (2.8.9dev.10)
* improved fix for OpenSSL 1.1 (Taketo Kabe).
* improve warning message when stripping user/password from URL; report on
http://seclists.org/oss-sec/2016/q4/322 treated as a Lynx parsing error the
punctuation such as "?" which is permitted by RFC-1738 in a user or password
field. RFC-3986 subsequently modified this. The improved message points out
the possible confusion by users when these fields contain punctuation -TD
* build-fix for OpenSSL 1.1 (Kamil Dudka)
* begin work to parse gopher extension "link to URL" -TD
* remove an obsolete comment in the manual page about -dump versus -force_html
(report by Peter Schmitt) -TD
* modify samples/oldlynx to provide an empty ".lss" file as a better default
than providing an empty "-lss" option -TD
* amend change made in 2.8.8dev.17 to permit multiple COLOR_STYLE items to
restore the ability to cancel the color-style by providing an explicitly
empty configuration item (in lynx.cfg, -lss or $LYNX_LSS). In lynx.cfg, it
is possible to follow the empty COLOR_STYLE with other data, but the -lss
option overrides everything, and if that is not found, $LYNX_LSS overrides
lynx.cfg -TD
* correct ifdef so that if the "news" parsing is disabled at compile time,
HTTP.c interprets https:// links correctly when a https_proxy is set up
(patch by Al Walker).
* add a limit-check in case colspan is given as zero for non-nested-table case
(report by Sami Liedes) -TD
* update nl.po, sl.po from
http://translationproject.org/latest/lynx
2016-04-26 (2.8.9dev.9)
* add workaround for servers such as https://www.xing.com which fail to close
the connection when they finish sending compressed data. This relies on
the content-length (report by Klaus-Peter Wegge) -TD
* restore fix to filter out left-to-right marks which was broken in refactoring
in 2.8.9dev.2, and also filter out right-to-left marks (Debian #808949) -TD
* fix build for current gnutls configuration which dropped the
gnutls_protocol_set_priority function (reported by Axel Beckert, Andreas
Metzler) -TD
* modify CF_LD_RPATH_OPT configure macro, changing FreeBSD case to use
-Wl,-rpath rather than -rpath option. According to FreeBSD #178732, either
works since FreeBSD 4.x; however scons does not accept anything except the
-Wl,-rpath form -TD
* add null-pointer checks for ssl_ctx in HTTP.c in case of error from calls
on SSL_CTX_new (report by Yuan Jochen Kang) -TD
* update config.guess (2016-01-01), config.sub (2016-01-01)
* update da.po, fi.po, tr.po from
http://translationproject.org/latest/lynx
2015-12-18 (2.8.9dev.8)
* fix regression in SSL support (report by Axel Beckert) -TD
* update et.po, fr.po, vi.po, zh_CN.po from
http://translationproject.org/latest/lynx
2015-12-18 (2.8.9dev.7)
* make the HTTP version configurable, defaulting to "1.0" (HTTP/1.0) as
HTTP_PROTOCOL, and make it changeable in the options menu -TD
* switch HTTP version to 1.1, adding an explicit "close" to work around
the pitfall of persistent connections. This is to work around a selective
reading of RFC 2068 by duckduckgo.com - see
http://lists.nongnu.org/archive/html/lynx-dev/2015-12/index.html
-Axel Beckert
* fix a potential null dereference in tidy_tls.c reported by Coverity -TD
* extend advanced mode by showing field names in forms in the status line
(suggested by TG) -TD
* fix some typos found by lintian -Axel Beckert
* correct buffer size in pretty_html() function of LYKeymap.c -TG
* add support for some HTML5 elements -Kihara Hideto
Using this change, you can jump to <section id="speakers">.
(The addition in src{0,1}_HTMLDTD.txt is copied from DIV.)
<section>, <article>, <main>, <aside>, <header>, <footer>, <nav>, <figure>
* improve configure check for extended curses functions, needed for compiling
with ncursesw on OSX, in particular when configuring with ncurses6 (report
by Tom Wyant) -TD
* set SSL_MODE_AUTO_RETRY in OpenSSL configuration, completing work needed for
Debian #707059 -TD
* correct description used for "K" vs "k" key binding in manpage -TD
* adopt some of the patches from Debian lynx package:
+ add Delete key usage to manpage (patch by Denis Briand, Debian #74358)
+ add $(LDFLAGS) when building makeuctb (patch by Atsuhito Kohda).
+ add NO_BUILDSTAMP symbol to appease
https://wiki.debian.org/ReproducibleBuilds/TimestampsFromCPPMacros
+ add -n option to gzip when making gzip'd helpfiles (patch by Andreas
Metzler).
+ add support for client certificates (patch by Simon Kainz, Debian #797901).
* use POSIX locale when sorting entries in cfg_defs.h (patch by Reiner Hermann,
Debian #792770).
* move homepage for Lynx from
http://lynx.isc.org
to
http://lynx.invisible-island.net
because ISC has ended support -TD
* change "GNU Public License" to "GNU General Public License" for consistency
(report by Axel Beckert) -TD
* free a use-after-free in scan_cookie_sublist (Redhat #1120925) -TG
* updates for configure macros from ncurses and xterm -TD
* fix for gnutls logic to support rehandshake on negotiation for optional
client certificate, e.g., for https://contributors.debian.org (patch by
Simon Kainz, Debian #797059).
* update ca.po, sv.po, et.po from
http://translationproject.org/latest/lynx
* use gnutls_set_default_priority() to simplify algorithm priorities in the
gnutls configuration as well as track occassional changes in that library
(patch by Andreas Metzler, Debian #789189, Debian #784430).
* correct logic in LYsetRcValue() from 2.8.8dev.13, which would free the wrong
pointer if the input had leading blanks (patch by Ruda Moura).
* fix CF_CHECK_SIZEOF autoconf macro to work when its working variables have
been preset to an empty value (report by Andrew Arensburger) -TD
* update config.guess (2015-10-21), config.sub (2015-08-20)
2015-05-06 (2.8.9dev.6)
* add a note about OCSP to url-support documentation (Debian #745835) -TD
* change defaults for SSL prompts when a problem is detected to "no" (Debian
#783477) -TD
* if an SSL error message is too long for the screen-width, trim it with an
ellipsis so that the "(y)" part of the prompt for continuing will be visible
(Debian #783476) -TD
* update test-packages to use ncurses6 test-packages -TD
* modify configure script to check for ncurses ".pc" files first before looking
for the "ncurses*-config" scripts -TD
* modify configure script to accept a release-number for the ncurses/ncursesw
values of the "--with-screen" option, e.g., "--with-screen=ncursesw6" -TD
* cosmetic fixes for autoconf macros to avoid vi-workaround -TD
* update da.po, et.po, fr.po, nl.po, vi.po from
http://translationproject.org/latest/lynx
* regenerated lynx.pot, sent to translation project -TD
* update config.guess (2015-03-04), config.sub (2015-03-08)
2015-04-12 (2.8.9dev.5)
* add codes U+200A, U+200B to def7_uni.tbl (prompted by report by Sven
Hartrumpf, as well as referring to
https://www.cs.tut.fi/~jkorpela/chars/spaces.html) -TD
* restore large buffer-size from follow_link_number() which was altered in
2.8.8dev.10 changes to use LYgetBString() (Debian #699068) -TD, -TG
* loosen the check in IsOurFile() to permit hard-linked files
(Debian #429606) -TD
* update ca.po, cs.po, et.po, fi.po, fr.po, id.po, nl.po, pt_BR.po, ru.po,
sl.po, tr.po, vi.po from
http://translationproject.org/latest/lynx
2015-01-25 (2.8.9dev.4)
* modify check after gnutls_certificate_verify_peers2() to use
gnutls_certificate_verification_status_print() when available, to give
potentially more details on certficate revocation (patch by Andreas Metzler,
Debian #745835, Debian #752610)
2015-01-05 (2.8.9dev.3)
* correct shortcut for "Send To" link used in Inno Setup script, broken in
2.8.8dev.15 -TD
* amend change made in 2.8.8dev.10 to LYLocal.c get_filename(), ensuring that
the bstring parameter can be (re)allocated within that function's call to
LYgetBString() (report by Raoul Megelas) -TG
* build-fixes for djgpp 2.04 and gcc 4.8.4 using Watt-32 -GV
2014-12-21 (2.8.9dev.2)
* correct an inconsistent check for reload using isLYNXCGI() in the
options-screen -TD
* add script after using msginit to create en.po, to work around renaming in
Cygwin environment -TD
* improve overlay of field contents in form for "-dump" option; the change
in 2.8.8dev.3 did not take into account UTF-8 values (Debian #770011) -TD
* correct a bug in the map_string_to_keysym() function introduced in
2.8.8dev.17: as used via the remap() function, this returns the curses
code for a special key rather than Lynx's internal code (Debian #769601) -TD
* add checks when translating from UTF-8 to Unicode, to ensure that only the
shortest encoding is accepted. Other/longer encodings are mapped to the UCS
replacement character as in xterm (Debian #763268) -TD
* modify LYExpandHostForURL() to call HTGetAddrInfo(), allowing DNS lookups
for IPv6 to be interrupted, e.g., by typing ^G. This was a path overlooked
in 2.8.8dev.13 (reports by Chad Kline, etc.) -TD
* drop libgnutls-extra when using --with-gnutls-compat option -TD
* drop libgcrypt dependency when building with gnutls, using gnutls_rnd()
rather than gcry_randomize() (adapted from patch by Andreas Metzler,
Debian #753699) -TD
* fix a reference-after-free in scan_cookie_sublist(), probably fixing RedHat
#1120925 -Mike Gorse
* update eo.po, id.po from
http://translationproject.org/latest/lynx
* improve workaround for too-long pathnames in LYPrint.c SetupFilename() -TD
* fix a few inconsistencies between #if / #ifdef, including one for sleep()
which broke cross-compiles for MinGW -TD
* updated/improved configure script macros (TD):
+ CF_ACVERSION_CHECK: work around another gratuitous incompatibility
introduced in 2.69 (reported by Ross Burton, openembedded.org)
+ CF_ADD_CFLAGS: workaround for ash-shell
+ CF_ADD_LIBS: workaround in CF_X_TOOLKIT uses pkgconfig, whose files
generally are using incomplete dependencies - in turn introducing lots of
duplication. filter out the duplicates.
+ CF_CHECK_CFLAGS: workaround for ash-shell
+ CF_CURSES_FUNCS: improve workaround for weak-linkage, seems to fix tests
with NetBSD 6.1
+ CF_INTEL_COMPILER: cleanup the -no-gcc option which was leftover from
testing - prcs does not build with this option.
+ CF_MAKEFLAGS: workaround for GNU make 4.0 incompatibility with previous
releases.
+ CF_SUBDIR_PATH: add /usr/pkg and /opt/local to help configuring with
pkgsrc and macports -TD
+ CF_XOPEN_SOURCE: Minix3.2 ifdef's the POSIX.1-2001 functions inside
_NETBSD_SOURCE, even though it was released 2012-02-29 - appease it. At
the same time, turn on the verbose flag to show that most platforms need
platform-specific define's to get POSIX (sic). Also, add case for UnixWare
(report/discussion with Mark Ryan).
+ CF_X_ATHENA: add --with-Xaw3dxft option
+ CF_X_TOOLKIT: add workaround for breakage in XQuartz upgrades
* add check to ensure that "submit" command from 2.8.8dev.10 is performed
in a form (report by Karen Lewellen) -TD
* update config.guess (2014-03-23), config.sub (2014-07-28)
3.4.4:
Bugfixes
* Refine the django.conf module check to see if the settings really are
configured.
* Avoid crash after OSError during Django path detection.
Features
* Add parameter info to fixture assert_num_queries to display additional message on failure.
Docs
* Improve doc for django_assert_num_queries/django_assert_max_num_queries.
* Add warning about sqlite specific snippet + fix typos.
Misc
* MANIFEST.in: include tests for downstream distros.
* Ensure that the LICENSE file is included in wheels.
* Run black on source.
Import/adapt patches from FreeBSD to fix the build on aarch64.
Thanks to <jakllsch>!
XXX: (There is a compiler warning about m_compareRegister bitfield
XXX: that's probably needs XXX: further investigation the `: 6' should
XXX: be probably `: 7')
Version 2.2.1
-------------
Released on June 7th, 2018
- :class:`~fields.StringField` only sets ``data = ''`` when form data
is empty and an initial value was not provided. This fixes an issue
where the default value wasn't rendered with the initial form.
(`#291`_, `#401`_)
.. _#291: https://github.com/wtforms/wtforms/issues/291
.. _#401: https://github.com/wtforms/wtforms/issues/401
Version 2.2
-----------
Released on June 2nd, 2018
- Merged new and updated translations from the community.
- Passing ``data_`` args to render a field converts all the
underscores to hyphens when rendering the HTML attribute, not just
the first one. ``data_foo_bar`` becomes ``data-foo-bar``. (`#248`_)
- The :class:`~validators.UUID` validator uses the :class:`uuid.UUID`
class instead of a regex. (`#251`_)
- :class:`~fields.SelectField` copies the list of ``choices`` passed
to it so modifying an instance's choices will not modify the global
form definition. (`#286`_)
- Fields call :meth:`~fields.Field.process_formdata` even if the raw
data is empty. (`#280`_)
- Added a :class:`~fields.MultipleFileField` to handle a multi-file
input. :class:`~fields.FileField` continues to handle only one
value. The underlying :class:`~widgets.FileInput` widget gained a
``multiple`` argument. (`#281`_)
- :class:`~fields.SelectField` choices can contain HTML (MarkupSafe
``Markup`` object or equivalent API) and will be rendered properly.
(`#302`_)
- :class:`~fields.TimeField` and
:class:`html5.TimeField <fields.html5.TimeField>` were added.
(`#254`_)
- Improved :class:`~validators.Email`. Note that it is still
unreasonable to validate all emails with a regex and you should
prefer validating by actually sending an email. (`#294`_)
- Widgets render the ``required`` attribute when using a validator
that provides the ``'required'`` flag, such as
:class:`~validators.DataRequired`. (`#361`_)
- Fix a compatibility issue with SQLAlchemy 2.1 that caused
:class:`~ext.sqlalchemy.fields.QuerySelectField` to fail with
``ValueError: too many values to unpack``. (`#391`_)
.. _#248: https://github.com/wtforms/wtforms/pull/248
.. _#251: https://github.com/wtforms/wtforms/pull/251
.. _#254: https://github.com/wtforms/wtforms/pull/254
.. _#280: https://github.com/wtforms/wtforms/pull/280
.. _#281: https://github.com/wtforms/wtforms/pull/281
.. _#286: https://github.com/wtforms/wtforms/pull/286
.. _#294: https://github.com/wtforms/wtforms/pull/294
.. _#302: https://github.com/wtforms/wtforms/pull/302
.. _#361: https://github.com/wtforms/wtforms/pull/361
.. _#391: https://github.com/wtforms/wtforms/pull/391
3.5.5 Vroom vroom:
Breaking
Revert changes to raw CSS @imports
Deprecations
Add deprecation messages for colour arithmetic
Features
Support hex colors with alpha channels
Add a sass_option_push_import_extension C-API
Fixes
Fix segfault in handling modulo operator
Fix handling of unclosed interpolant in url
Fix possible bug with handling empty reference combinators
Fix -Wmissing-declarations for gcc < 7
0.54.0
- Change license from LGPL to BSD.
- Status return for WebSocketApp.run_forever()
- Handle redirects in handshake
- Make proxy_type option available in WebSocketApp.run_forever()
- Fix typo in supress_origin
- WebSocketApp's on_close never emits status code or reason
7.0:
websockets sends Ping frames at regular intervals and closes the connection if it doesn't receive a matching Pong frame. See :class:~protocol.WebSocketCommonProtocol for details.
Added process_request and select_subprotocol arguments to :func:~server.serve() and :class:~server.WebSocketServerProtocol to customize :meth:~server.WebSocketServerProtocol.process_request and :meth:~server.WebSocketServerProtocol.select_subprotocol without subclassing :class:~server.WebSocketServerProtocol
Added support for sending fragmented messages.
Added the :meth:~protocol.WebSocketCommonProtocol.wait_closed method to protocols.
Added an interactive client: python -m websockets <uri>.
Changed the origins argument to represent the lack of an origin with None rather than ''.
Fixed a data loss bug in :meth:~protocol.WebSocketCommonProtocol.recv: canceling it at the wrong time could result in messages being dropped.
Improved handling of multiple HTTP headers with the same name.
Improved error messages when a required HTTP header is missing.
2.1.5:
* Django middleware caching now works on Django 1.11 and Django 2.0.
The previous release only ran on 2.1.
2.1.4:
* Django middleware is now cached rather than instantiated per request
resulting in a sigificant speed improvement
* ChannelServerLiveTestCase now serves static files again
* Improved error message resulting from bad Origin headers
* runserver logging now goes through the Django logging framework
* Generic consumers can now have non-default channel layers
* Improved error when accessing scope['user'] before it's ready
3.0.3
* Ensure pytest requirements set properly.
3.0.2
* Encoding fixes in paste.fixture.
3.0.1
* Remove use of future for sake of html.escape and use own. Using
future was causing installation loops.
3.0.0
* Fixes for use with Python 3.7, mostly to do with StopIteration.
* Moving to https://github.com/cdent/paste to keep things maintained.
* Minimize pkgsrc specific patches.
* A build system written in Rust lang does not find a C++ header files
from pkgsrc (non-base) GCC, this version is not buildable on NetBSD 7.
I will investigate this problem again.
Changelog:
63.0.1
Fixed
Snippets are not loaded due to missing element (bug 1503047)
Print preview always shows 30% scale when it is actually Shrink To Fit
(bug 1501952)
Dialog displayed when closing multiple windows shows unreplaced %1$S
placeholder in Japanese and potentially other locales (bug 1500823)
63.0
New
Performance and visual improvements for Windows users
Performance improvements for macOS users
Added content blocking, a collection of Firefox settings that offer
users greater control over technology that can track them around the
web. In 63, users can opt to block third-party tracking cookies or
block all trackers and create exceptions for trusted sites that don't
work correctly with content blocking enabled.
WebExtensions now run in their own process on Linux
Firefox now warns about having multiple windows and tabs open
when quitting from the main menu. The Save and Quit feature has been
removed. You can restore your session by ticking the box for Restore
previous session in the General->Startup options or by using Restore
Previous Session in the main menu.
Firefox now recognizes the operating system accessibility setting for
reducing animation
Added search shortcuts for Top Sites: Amazon and Google appear as Top
Sites tiles on the Firefox Home (New Tab) page. When selected these
tiles will change focus to the address bar to initiate a search.
Currently in US only.
Fixed
Resolved an issue that prevented the address bar from autofilling
bookmarked URLs in certain cases
Various security fixes
Changed
In the Library, the Open in Sidebar feature for individual bookmarks
was removed
The option to Never check for updates was removed from about:preferences.
You can use the DisableAppUpdate enterprise policy as a substitute.
The Ctrl+Tab shortcut now displays thumbnail previews of your tabs and
cycles through tabs in recently used order. This new default behavior
is activated only in new profiles and can be changed in preferences.
#CVE-2018-12391: HTTP Live Stream audio data is accessible cross-origin
#CVE-2018-12392: Crash with nested event loops
#CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript
#CVE-2018-12395: WebExtension bypass of domain restrictions through header rewriting
#CVE-2018-12396: WebExtension content scripts can execute in disallowed contexts
#CVE-2018-12397: Missing warning prompt when WebExtension requests local file access
#CVE-2018-12398: CSP bypass through stylesheet injection in resource URIs
#CVE-2018-12399: Spoofing of protocol registration notification bar
#CVE-2018-12400: Favicons are cached in private browsing mode on Firefox for Android
#CVE-2018-12401: DOS attack through special resource URI parsing
#CVE-2018-12402: SameSite cookies leak when pages are explicitly saved
#CVE-2018-12403: Mixed content warning is not displayed when HTTPS page loads a favicon over HTTP
#CVE-2018-12388: Memory safety bugs fixed in Firefox 63
#CVE-2018-12390: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3
Django 2.1.3
Bugfixes:
Fixed a regression in Django 2.0 where combining Q objects with __in lookups and lists crashed
Fixed a regression in Django 1.11 where django-admin shell may hang on startup
Fixed a regression in Django 2.0 where test databases aren’t reused with manage.py test --keepdb on MySQL
Fixed a regression where cached foreign keys that use to_field were incorrectly cleared in Model.save()
Fixed a regression in Django 2.0 where FileSystemStorage crashes with FileExistsError if concurrent saves try to create the same directory
Upstream changes (from NEWS):
== Ruby-GNOME2 3.3.0: 2018-10-31
This is a release for fixing memory leak bugs of cairo-gobject,
improving macOS support and adding support for GEGL.
=== Changes
==== Ruby/GLib2
* Improvements
* Added support for the same constant name and class name for error.
* Fixes
* Fixed wrong constant values:
* (({GLib2::MINLONG}))
* (({GLib2::MAXLONG}))
* (({GLib2::MAXULONG}))
* (({GLib2::MINUINT64}))
* (({GLib2::MAXSIZE}))
* (({GLib2::MINFLOAT}))
* (({GLib2::MINDOUBLE}))
[GitHub#1244][Reported by cobodo]
==== Ruby/CairoGObject
* Fixes
* Fixed a memory leak.
[GitHub#1232][Reported by Jean-Christophe Le Lann]
* Stopped to increase needless reference.
[GitHub#1079][Reported by noanoa07]
==== Ruby/GObjectIntrospection
* Improvements
* Added support for transfer full output parameter.
* Fixes
* Fixed a bug that class method closure doesn't work.
[GitHub#1245][Reported by kojix2]
==== Ruby/GdkPixbuf2
* Improvements
* (({GdkPixbuf::Pixbuf.new})): Added support for auto row stride
detection for (({[Integer]})) data.
==== Ruby/Pango
* Improvements
* Made test more robust.
[GitHub#1239][Reported by Michael Hudson-Doyle]
==== Ruby/GTK3
* Improvements
* Improved backward compatibility for (({Gtk::ListStore#set_column_types})).
[GitHub#1240][Reported by Edward Hennessy]
* Fixes
* Fixed wrong size used bug on HiDPI.
[GitHub#1079][Reported by noanoa07]
==== Ruby/Poppler
* Improvements
* Added support for Popper 0.70.0.
==== Ruby/GEGL
* Improvements
* Added.
=== Thanks
* Jean-Christophe Le Lann
* Michael Hudson-Doyle
* Edward Hennessy
* cobodo
* kojix2
* noanoa07
Changes:
7.62.0
------
This release includes the following changes:
o multiplex: enable by default
o url: default to CURL_HTTP_VERSION_2TLS if built h2-enabled
o setopt: add CURLOPT_DOH_URL
o curl: --doh-url added
o setopt: add CURLOPT_UPLOAD_BUFFERSIZE: set upload buffer size
o imap: change from "FETCH" to "UID FETCH"
o configure: add option to disable automatic OpenSSL config loading
o upkeep: add a connection upkeep API: curl_easy_upkeep()
o URL-API: added five new functions
o vtls: MesaLink is a new TLS backend
This release includes the following bugfixes:
o CVE-2018-16839: SASL password overflow via integer overflow
o CVE-2018-16840: use-after-free in handle close
o CVE-2018-16842: warning message out-of-buffer read
o CURLOPT_DNS_USE_GLOBAL_CACHE: deprecated
o Curl_dedotdotify(): always nul terminate returned string
o Curl_follow: Always free the passed new URL
o Curl_http2_done: fix memleak in error path
o Curl_retry_request: fix memory leak
o Curl_saferealloc: Fixed typo in docblock
o FILE: fix CURLOPT_NOBODY and CURLOPT_HEADER output
o GnutTLS: TLS 1.3 support
o SECURITY-PROCESS: mention the bountygraph program
o VS projects: add USE_IPV6:
o Windows: fixes for MinGW targeting Windows Vista
o anyauthput: fix compiler warning on 64-bit Windows
o appveyor: add WinSSL builds
o appveyor: run test suite (on Windows!)
o certs: generate tests certs with sha256 digest algorithm
o checksrc: enable strict mode and warnings
o checksrc: handle zero scoped ignore commands
o cmake: Backport to work with CMake 3.0 again
o cmake: Improve config installation
o cmake: add support for transitive ZLIB target
o cmake: disable -Wpedantic-ms-format
o cmake: don't require OpenSSL if USE_OPENSSL=OFF
o cmake: fixed path used in generation of docs/tests
o cmake: remove unused *SOCKLEN_T variables
o cmake: suppress MSVC warning C4127 for libtest
o cmake: test and set missed defines during configuration
o comment: Fix multiple typos in function parameters
o config: Remove unused SIZEOF_VOIDP
o config_win32: enable LDAPS
o configure: force-use -lpthreads on HPUX
o configure: remove CURL_CONFIGURE_CURL_SOCKLEN_T
o configure: s/AC_RUN_IFELSE/CURL_RUN_IFELSE
o cookies: Remove redundant expired check
o cookies: fix leak when writing cookies to file
o curl-config.in: remove dependency on bc
o curl.1: --ipv6 mutexes ipv4 (fixed typo)
o curl: enabled Windows VT Support and UTF-8 output
o curl: update the documentation of --tlsv1.0
o curl_multi_wait: call getsock before figuring out timeout
o curl_ntlm_wb: check aprintf() return codes
o curl_threads: fix classic MinGW compile break
o darwinssl: Fix realloc memleak
o darwinssl: more specific and unified error codes
o data-binary.d: clarify default content-type is x-www-form-urlencoded
o docs/BUG-BOUNTY: explain the bounty program
o docs/CIPHERS: Mention the options used to set TLS 1.3 ciphers
o docs/CIPHERS: fix the TLS 1.3 cipher names
o docs/CIPHERS: mention the colon separation for OpenSSL
o docs/examples: URL updates
o docs: add "see also" links for SSL options
o example/asiohiper: insert warning comment about its status
o example/htmltidy: fix include paths of tidy libraries
o examples/Makefile.m32: sync with core
o examples/http2-pushinmemory: receive HTTP/2 pushed files in memory
o examples/parseurl.c: show off the URL API
o examples: Fix memory leaks from realloc errors
o examples: do not wait when no transfers are running
o ftp: include command in Curl_ftpsend sendbuffer
o gskit: make sure to terminate version string
o gtls: Values stored to but never read
o hostip: fix check on Curl_shuffle_addr return value
o http2: fix memory leaks on error-path
o http: fix memleak in rewind error path
o krb5: fix memory leak in krb_auth
o ldap: show precise LDAP call in error message on Windows
o lib: fix gcc8 warning on Windows
o memory: add missing curl_printf header
o memory: ensure to check allocation results
o multi: Fix error handling in the SENDPROTOCONNECT state
o multi: fix memory leak in content encoding related error path
o multi: make the closure handle "inherit" CURLOPT_NOSIGNAL
o netrc: free temporary strings if memory allocation fails
o nss: fix nssckbi module loading on Windows
o nss: try to connect even if libnssckbi.so fails to load
o ntlm_wb: Fix memory leaks in ntlm_wb_response
o ntlm_wb: bail out if the response gets overly large
o openssl: assume engine support in 0.9.8 or later
o openssl: enable TLS 1.3 post-handshake auth
o openssl: fix gcc8 warning
o openssl: load built-in engines too
o openssl: make 'done' a proper boolean
o openssl: output the correct cipher list on TLS 1.3 error
o openssl: return CURLE_PEER_FAILED_VERIFICATION on failure to parse issuer
o openssl: show "proper" version number for libressl builds
o pipelining: deprecated
o rand: add comment to skip a clang-tidy false positive
o rtmp: fix for compiling with lwIP
o runtests: ignore disabled even when ranges are given
o runtests: skip ld_preload tests on macOS
o runtests: use Windows paths for Windows curl
o schannel: unified error code handling
o sendf: Fix whitespace in infof/failf concatenation
o ssh: free the session on init failures
o ssl: deprecate CURLE_SSL_CACERT in favour of a unified error code
o system.h: use proper setting with Sun C++ as well
o test1299: use single quotes around asterisk
o test1452: mark as flaky
o test1651: unit test Curl_extract_certinfo()
o test320: strip out more HTML when comparing
o tests/negtelnetserver.py: fix Python2-ism in neg TELNET server
o tests: add unit tests for url.c
o timeval: fix use of weak symbol clock_gettime() on Apple platforms
o tool_cb_hdr: handle failure of rename()
o travis: add a "make tidy" build that runs clang-tidy
o travis: add build for "configure --disable-verbose"
o travis: bump the Secure Transport build to use xcode
o travis: make distcheck scan for BOM markers
o unit1300: fix stack-use-after-scope AddressSanitizer warning
o urldata: Fix "connecting" comment
o urlglob: improve error message on bad globs
o vtls: fix ssl version "or later" behavior change for many backends
o x509asn1: Fix SAN IP address verification
o x509asn1: always check return code from getASN1Element()
o x509asn1: return CURLE_PEER_FAILED_VERIFICATION on failure to parse cert
o x509asn1: suppress left shift on signed value
Changes:
WebKitGTK+ 2.22.3
=================
- Many improvements and fixes for video playback with media source
extensions (MSE), which improve the user experience across the board,
and in particular for playback of WebM videos.
- Fix a memory leak during media playback when using playbin3.
- Fix portions of Web views not being rendered after resizing.
- Fix Resource Timing reporting for <iframe> elements.
- Fix the build with the remote Web Inspector disabled.
- Fix the build on ARMv7 with NEON extensions.
- Fix several crashes and rendering issues.
Add py-zope.proxy package version 4.3.1.
``zope.proxy``
==============
Proxies are special objects which serve as mostly-transparent
wrappers around another object, intervening in the apparent behavior of
the wrapped object only when necessary to apply the policy (e.g., access
checking, location brokering, etc.) for which the proxy is responsible.
zope.proxy is implemented via a C extension module, which lets it do things
like lie about its own ``__class__`` that are difficult in pure Python (and
were completely impossible before metaclasses). It also proxies all the
internal slots (such as ``__int__``/``__str__``/``__add__``).
Version 4.3.1:
* Allow fabfile to be importable when building docs
* Remove top-level __init__.py from new projects.
* Fix HTML escaping.
Version 4.3.0:
* Added explicit on_delete arguments for all ForeignKey models
* Only generate thumbnails in RichText when absolute width/height used.
* Removed null attribute from slug CharField
* Converted all template.render calls to pass a dict instead of a Context object
* Fixed MezzanineBackend.authenticate backend to accept a request argument, added in Django 1.11
* Fixed test_multiple_comment_forms to be agnostic of the order of HTML attributes
* Altered annotation behaviour of search results. Previously this was done implicitly in the SearchQuerySet.iterator() method,. which Django would call internally when evaluating the queryset. Django 1.11 changed its behaviour to use a ModelIterator class instead of. just calling iterator() on the queryset. Rather than suppy a custom. ModelIterator, we just make the annotate explicit
* Updated setup and test configuration to include Django 1.11
* password reset: 'http' -> request.schema. This fixes a potential security vulnerability in which the password. reset url is exposed to untrusted intermediary nodes in the network.
* Add explicit on_delete arguments to foreign keys in migrations
* Use TextField for Field.label and Field.help_text. Now length limits for user-defined labels and help_texts are enforced in the admin instead of the DB, which should prevent any further migrations
* Get rid of max_length settings for mezzanine.forms
* Timezone aware blog months.
* Test and simplify blog_months
* Weigh search results by age. Weigh search results by their age by default. Add a new setting,. SEARCH_AGE_SCALE_FACTOR, controlling how much emphasis to put on the. age when ranking results (set this to 0 to revert to the old behavior)
* Split dev and prod ALLOWED_HOSTS. Django started checking ALLOWED_HOSTS when DEBUG=True a few releases back.
* Update docs related to ALLOWED_HOSTS
* Fix the old url parsing in import wordpress
* Use Django's six module
* Don't warn Mezzanine about itself
* Looser check for LocalMiddleware.
* Modified the blog homepage pattern to a working version. Added import it requires
* Remove explicit show_banner argument from inner_run. This broke --noreload for me.
* Handle MIDDLEWARE_CLASSES -> MIDDLEWARE
* Don't use lazy static loading when Django's ManifestStaticFilesStorage is configured.
* Link to Pillow docs for dependencies
* Adding new site to site list. Adding "The National: New Australian Art" to the site list. https://the-national.com.au
* Doesn't convert JPG/JPEG images to RGBA.
* Remove all device-detection features
* Remove mentions of device handling from docs
* Use template loaders instead of middlware for host-based template swapping
* Add docs on upgrading from TemplateForHostMiddleware
* Create __init__.py so Python can find directory
* Properly parse positional args. As demonstrated by using call_command, the positional args not. processed. This may be a left-over from optarg migration. Usage property is no longer necessary
* Fix build fail while in here
* Added more tests por pages
* Update page_not_found view args.
* Rename Displayable is_public to published
* Test Nginx config before restarting. This way the configuration won't be updated if it's broken, and you also get an error message in the terminal explaining why it's broken (instead of just telling you to check service status/journal)
* Enable browser-native spell checking in WYSIWYG tinymce editor, which got wiped in 82339b0 . Previously introduced in 86f6ef6
* Fixing the support for external links which are moved to child categories in the menu hierarchy
* Update LOGOUT_URL to make use of ACCOUNT_URL
* Ensure template vars for form defaults are properly escaped
* Fix drag-n-drop for Form field inlines. Inherit from DynamicInlineAdminForm to inject the necessary JS files
* Fix failing tests that assume threadlocals have been set up
* Pulled out middleware present check into its own function. And fixed Python 3 compat
* Made all middleware installation checking consistent. All check by string first, and then for classes and subclasses,. correctly ignoring things that aren't classes
* Fix failing tests that assume threadlocals have been set up
* Fix keywords widget for Django 1.11.
* Fix sense of SITE_PERMISSION_MIDDLEWARE check. Issue introduced by commit 00f4a63c
* Fix sense of other check for SITE_PERMISSION_MIDDLEWARE. Issue introduced by commit 00f4a63
* Added basic tests for TemplateSettings. The tests follow the existing functionality
* Gave TemplateSettings a useful __repr__. Previously it just returned '{}' always, from super()s empty dict
* Don't emit warning when doing force_text(TestSettings()). This is to fix the behaviour of getting lots of instances of: UserWarning: __unicode__ is not in TEMPLATE_ACCESSIBLE_SETTINGS. if you have django-debug-tool installed
* Prevent changes to FORMS_EXTRA_FIELDS setting creating new migrations
* Support access to related model on Django 2+
* Fix safe string handling in richtext filters
* Fix some test warnings
* Add deprecation handling for mark_safe as decorator
* Fix SplitSelectDateTimeWidget which Django 1.9 broke.
* Fix usage of request.scheme in password reset email
* Make thumbnail tag recognize .PNG and .GIF. Files with the upper case extensions .PNG and .GIF are now recognized by. the thumbnail template tag as being PNG- and GIF images, respectively,. instead of being treated as JPEG images
* Added gcc and rsync for the full deployment on the freshly installed Debian (eg. on OVH)
* Support SelectDateWidget in django 1.8 and django 2.x
* Narrow exception handling to ImportError only
Version 3.0.2:
Bug fixes
Merge Characters tokens after sanitizing them. This fixes issues in the
LinkifyFilter where it was only linkifying parts of urls.
Version 3.0.1:
Features
Support Python 3.7. It supported Python 3.7 just fine, but we added 3.7 to
the list of Python environments we test so this is now officially supported.
Bug fixes
Fix list object has no attribute lower in clean.
Fix abbr getting escaped in linkify.
Version 3.0.0:
Backwards incompatible changes
A bunch of functions were moved from one module to another.
These were moved from bleach.sanitizer to bleach.html5lib_shim:
convert_entity
convert_entities
match_entity
next_possible_entity
BleachHTMLSerializer
BleachHTMLTokenizer
BleachHTMLParser
These functions and classes weren't documented and aren't part of the
public API, but people read code and might be using them so we're
considering it an incompatible API change.
If you're using them, you'll need to update your code.
Features
Bleach no longer depends on html5lib. html5lib==1.0.1 is now vendored into
Bleach. You can remove it from your requirements file if none of your other
requirements require html5lib.
This means Bleach will now work fine with other libraries that depend on
html5lib regardless of what version of html5lib they require.
Bug fixes
Fixed tags getting added when using clean or linkify. This was a
long-standing regression from the Bleach 2.0 rewrite.
Fixed <isindex> getting replaced with a string. Now it gets escaped or
stripped depending on whether it's in the allowed tags or not.
0.3.7 release
* Fix processing of http-equiv meta tags incorrectly lower casing the content
* Fix error when a textbox contained within a form contains unicode characters
On NetBSD there is no <sys/sysinfo.h> but we can use hw.usermem64.
This should address WebKitGTK+ support for NetBSD ports where
USE_SYSTEM_MALLOC is by default OFF.
Side-note: on NetBSD/amd64 -current when building with -DUSE_SYSTEM_MALLOC=ON
both SunSpider and JetStream benchmarks shows a very little performance penalty,
so also remove the `-DUSE_SYSTEM_MALLOC=ON' commented out CMAKE_ARGS (i.e. when
possible just use the preferred malloc).
pkgsrc changes:
- Bump GCC_REQD to 6 (now gcc 6.0.0 or newer is needed)
- Add NetBSD support for JavaScript JIT on x86_64, i386, arm,
aarch64 and mips
- Add WebKitWebProcess and jsc to NOT_PAX_MPROTECT_SAFE.
At least on NetBSD/amd64, running SunSpider 1.0.2 JavaScript Benchmark
(<https://webkit.org/perf/sunspider/sunspider.html>) with MiniBrowser
before `paxctl +m'-ing them needed:
Total: 1006.9ms +/- 0.7%
...while after `paxctl +m'-ing them:
Total: 322.3ms +/- 3.0%
(Probably EACCESS due PaX MPROTECT are handled gracefully and
silently instead of failing hard at runtime.)
Please also note that webkit-gtk browsers should not need any
NOT_PAX_MPROTECT_SAFE because WebKitWebProcess is used and already
have that.
- Improve handling of `webkit-jit' by introducing a
WEBKIT_JIT_MACHINE_PLATFORMS list that contain all MACHINE_PLATFORMs
triplets that have `webkit-jit' option as suggested one.
- Always use OS(...) and BOS(...) macros instead of __Os__ macros for
consistency with webkit code.
- Add definition for BOS(SOLARIS) and OS(SOLARIS) and add it to the
OS(UNIX) OSes list.
- Limit patch-Source_JavaScriptCore_jit_ExecutableAllocator.cpp to
OpenBSD. It is no longer present in FreeBSD ports and it is not
problematic in NetBSD.
- Remove no longer needed patch-Source_WTF_wtf_ThreadSpecific.h:
NetBSD 5.x was already part of NOT_FOR_PLATFORM.
- Sync patch-CMakeLists.txt with FreeBSD ports.
Please note that this also removes WTF_CPU_SPARC64 definition that was
unused.
- madvise(2) on {Free,DragonFly,Net,Open}BSD supports MADV_FREE and
MADV_DONTNEED flags. Define the corresponding HAVE_* via
patch-Source_WTF_wtf_Platform.h.
- Use globbing for REPLACE_{PERL,PYTHON} where possible.
Changes:
WebKitGTK+ 2.22.2
=================
- Several fixes for video playback with media source extensions (MSE).
This allows using WebM support for YouTube, which no longer works through
regular video source. Note that MSE is still disabled by default and
webkit_settings_set_enable_mediasource() has to be used to enable the
feature.
- Fix the build when only Wayland support is enabled and X11 headers are
not available.
WebKitGTK+ 2.22.1
=================
- Fix printing in landscape.
- Fix the build in several platforms: s390x, ppc64le, armv7hl.
- Fix the build with a11y disabled.
- Fix the build with video disabled.
- Fix several crashes and rendering issues.
WebKitGTK+ 2.22.0
==================
- Add warn_unused_result attribute to some JavaScriptCore GLib APIs.
- Make pinch to zoom scale the page without changing the layout.
- Fix the build in mips64.
Changes with Apache 2.4.37
*) mod_ssl: Fix HTTP/2 failures when using OpenSSL 1.1.1.
*) mod_ssl: Fix crash during SSL renegotiation with OptRenegotiate set,
when client certificates are available from the original handshake
but were originally not verified and should get verified now.
This is a regression in 2.4.36 (unreleased).
*) mod_ssl: Correctly merge configurations that have client certificates set
by SSLProxyMachineCertificate{File|Path}.
Changes with Apache 2.4.36
*) mod_brotli, mod_deflate: Restore the separate handling of 304 Not Modified
responses. Regression introduced in 2.4.35.
*) mod_proxy_scgi, mod_proxy_uwsgi: improve error handling when sending the
body of the response.
*) mod_http2: adding defensive code for stream EOS handling, in case the request handler
missed to signal it the normal way (eos buckets).
*) ab: Add client certificate support.
*) ab: Disable printing temp key for OpenSSL before
version 1.0.2. SSL_get_server_tmp_key is not available
there.
*) mod_ssl: Fix a regression that the configuration settings for verify mode
and verify depth were taken from the frontend connection in case of
connections by the proxy to the backend.
*) MPMs: Initialize all runtime/asynchronous objects on a dedicated pool and
before signals handling to avoid lifetime issues on restart or shutdown.
*) mod_ssl: Add support for OpenSSL 1.1.1 and TLSv1.3. TLSv1.3 has
behavioural changes compared to v1.2 and earlier; client and
configuration changes should be expected. SSLCipherSuite is
enhanced for TLSv1.3 ciphers, but applies at vhost level only.
*) mod_auth_basic: Be less tolerant when parsing the credencial. Only spaces
should be accepted after the authorization scheme. \t are also tolerated.
*) mod_proxy_hcheck: Fix issues with interval determination.
*) mod_proxy_hcheck: Fix issues with TCP health checks.
*) mod_proxy_hcheck: take balancer's SSLProxy* directives into account.
*) mod_status, mod_echo: Fix the display of client addresses.
They were truncated to 31 characters which is not enough for IPv6 addresses.
This is done by deprecating the use of the 'client' field and using
the new 'client64' field in worker_score.
Note this update is based off an EOL firefox (ESR52). Use with caution.
What's New in SeaMonkey 2.49.4
SeaMonkey 2.49.4 uses the same backend as Firefox and contains the relevant Firefox 52.9.0 ESR security fixes.
SeaMonkey 2.49.4 shares most parts of the mail and news code with Thunderbird. Please read the Thunderbird 52.9.1 release notes for specific changes and security fixes in this release.
SeaMonkey-specific changes
Among the general platform and mail fixes this release contains backported fixes from Thunderbird for the EFAIL security vulnerability.
SeaMonkey now uses gtk3 on Linux. If you experience a problem because of this please file a bug and link it to Switch Linux builds to GTK3 with SeaMonkey 2.49. Pleae try another OS theme first. Some of them are buggy and cause problems with SeaMonkey, Thunderbird and Firefox.
18.10.1
Don't eat Component.stop() request when crossbar not connected
handle async on_progress callbacks properly
fix attribute error when ConnectionResetError does not contain "reason" attribute
infer rawsocket host, port from URL
fix error on connection lost if no reason (reason = None)
fixed typo on class name
3.9.0:
Improvements to ViewSet extra actions
Fix action support for ViewSet suffixes
Allow action docs sections
Deprecate the Router.register base_name argument in favor of basename.
Deprecate the Router.get_default_base_name method in favor of Router.get_default_basename.
Change CharField to disallow null bytes. To revert to the old behavior, subclass CharField and remove ProhibitNullCharactersValidator from the validators. python class NullableCharField(serializers.CharField): def __init__(self, *args, **kwargs): super().__init__(*args, **kwargs) self.validators = [v for v in self.validators if not isinstance(v, ProhibitNullCharactersValidator)]
Add OpenAPIRenderer and generate_schema management command.
Add OpenAPIRenderer by default, and add schema docs.
Allow permissions to be composed
Allow nullable BooleanField in Django 2.1
Add testing of Python 3.7 support
Test using Django 2.1 final release.
Added djangorestframework-datatables to third-party packages
Change ISO 8601 date format to exclude year/month
Update all pypi.python.org URLs to pypi.org
Ensure that html forms (multipart form data) respect optional fields
Allow hashing of ErrorDetail.
Correct schema parsing for JSONField
Render descriptions (from help_text) using safe
Removed input value from deault_error_message
Added min_value/max_value support in DurationField
Fixed instance being overwritten in pk-only optimization try/except block
Fixed AttributeError from items filter when value is None
Fixed Javascript e.indexOf is not a function error
Fix schemas for extra actions
Improved get_error_detail to use error_dict/error_list
Imprvied URLs in Admin renderer
Add "Community" section to docs, minor cleanup
Moved guardian imports out of compat
Deprecate the DjangoObjectPermissionsFilter class, moved to the djangorestframework-guardian package.
Drop Django 1.10 support
Only catch TypeError/ValueError for object lookups
Handle models without .objects manager in ModelSerializer.
Improve ModelSerializer.create() error message.
Fix CSRF cookie check failure when using session auth with django 1.11.6+
Updated JWT docs.
Fix autoescape not getting passed to urlize_quoted_links filter
- buildlink3 inclusion of textproc/icu was commented out in
www/libpsl/buildlink3.mk but at least building (latest and still
not committed) net/libsoup needs it, uncomment it.
- Add support for tests
Upstream changes:
5.90120 - 2018-10-19
- avoid problematic test using sysread() on :utf8 filehandles on dev perl
versions where this is fatal (starting with 5.29.4). see RT#125843.
5.90119 - 2018-09-24
- fix test for changes in MooseX::Getopt 0.73 (RT#127050)
Upstream changes:
1.21 2018-10-06 MANWAR
- Patched issue RT# 67061 (handle warning uninitialsed value).
1.20 2018-10-05 MANWAR
- Merge pull request #4 from jjatria/302-found, changing the
name of 302 statuses from Moved to Found.
1.19 2018-10-04 MANWAR
- Merged pull request #3 from jjatria/max-age, which sets max-age
attribute correctly from constructor.
1.18 2018-10-03 MANWAR
- Merged pull request #2 from jjatria/samesite, adding
SameSite support to Cookie handling.
1.17 2018-10-02 MANWAR
- Merged pull request #7 from asb-capfan/master, should fix
CPAN Testers fail report on some windows box.
Upstream changes:
6.36 2018-10-10 02:20:58Z
- fix broken link https://metacpan.org/pod/LWP::Simple by fixing pod
header (thanks for the report, traumschule!)
Update DEPENDS
Upstream changes:
1.3500 2018-10-12 21:31:46+01:00 Europe/London
Promoting previous trial releases to stable.
1.3403 2018-10-11 23:41:11+01:00 Europe/London (TRIAL RELEASE)
[ENHANCEMENTS]
- request->address now respects behind_proxy - if behind_proxy is set,
then request->address looks at HTTP_X_FORWARDED_FOR, so you get the
user's IP, not the proxy. (PR-1199, bigpresh)
- restore ability to use load_settings_from_yaml() without passing
YAML parser class (PR-1198, snakpak)
- Fixing some spurious cpantesters test failures by subclassing HTTP::Tiny
in our tests and disabling proxying for 127.0.0.1 - otherwise smokers
with HTTP proxy env vars set fail tests (PR-1197, bigpresh)
- Tidied POD for Tutorial (PR-1196, manwar)
1.3402 2018-10-10 11:42:07+01:00 Europe/London (TRIAL RELEASE)
1.3401 2018-10-01 12:49:53+01:00 Europe/London (TRIAL RELEASE)
[ENHANCEMENTS]
- Avoid test failures on perls without '.' in @INC
- censor cookie_key in dumps (PR-1193, thefatphil)
- spelling fixes in POD from Debian Perl Group, PR-1191
1.24:
Allow key_server_hostname to be specified when initializing a PoolManager to allow custom SNI to be overridden.
Test against Python 3.7 on AppVeyor.
Early-out ipv6 checks when running on App Engine.
Change ambiguous description of backoff_factor
Add ability to handle multiple Content-Encodings
Skip DNS names that can't be idna-decoded when using pyOpenSSL
Add a server_hostname parameter to HTTPSConnection which allows for overriding the SNI hostname sent in the handshake.
Drop support for EOL Python 2.6
Fixed bug where responses with header Content-Type: message/* erroneously raised HeaderParsingError, resulting in a warning being logged.
Move urllib3 to src/urllib3
Release notes
Maintenance and security release of the Drupal 8 series.
This release fixes security vulnerabilities. Sites are urged to upgrade
immediately after reading the notes below and the security announcement:
* Drupal Core - Multiple vulnerabilities - SA-CORE-2018-006
No other fixes are included.
Sites on 8.5.x should update immediately to Drupal 8.5.8 instead, and plan to
update to the latest 8.6.x release before May 2019.
Important update information
Site update and module owners planning to update to this should take note of
the following important changes.
For site owners
* Previously, users who didn't have access to use any Content Moderation
transitions were granted implicit access to update content provided the
state of the content did not change. This access has been removed. Site
owners should ensure that all content editor roles have access to
appropriate transitions for moderated content types (including published to
published where appropriate).
* There are no database updates in this release, but site owners will need to
run update.php to ensure a cache clear.
* No changes have been made to the .htaccess, web.config, robots.txt or
default settings.php files in this release, so upgrading custom versions of
those files is not necessary.
For contributed and custom module developers
* \Drupal\Core\EventSubscriber\RedirectResponseSubscriber::sanitizeDestination()
has been removed. If you have extended that class or are calling that
method, you should review your implementation in line with the changes in
the patch.
* An additional method has been added to
StateTransitionValidationInterface. Implementations should review the new
method and ensure compatibility with it.
* ModerationStateConstraintValidator now has two additional service
dependencies. Subclasses will need to update their constructor to inject the
new services.
1.9.0:
Added testing for Python 3.6.
Confirmed support for Django 2.0 and 2.1.
Dropped support for Django < 1.11.
ip_address is set to None when REMOTE_ADDR is empty
Tinyproxy version 1.10.0
Major changes in this release
-----------------------------
Add support for basic HTTP authentication
Add socks upstream support
Log to stdout if no logfile is specified
Activate reverse proxy by default
Support bind with transparent mode
Install tinyproxy to bin/ instead of sbin/
Ship manpages as part of distribution tarball
Allow multiple listen statements in the configuration
Coverity fixes
Simplified configure and build
Improved selftest environment
Included security fixes
-----------------------
Fix CVE-2017-11747: Create PID file before dropping privileges.
Fix CVE-2012-3505: algorithmic complexity DoS in hashmap
Bugfixes
--------
fix algorithmic complexity DoS in hashmap
fix CONNECT requests with IPv6 literal addresses as host
fix invalid free for GET requests to ipv6 literal address
conf: Allow multiple Listen statements in the config
allow listening on multiple families when no Listen is provided in config
Drop supplementary groups
build: fix build with autoconf >= 2.69
Move files installed in /etc/ to /etc/tinyproxy/
Fix crash (infinite loop) when writing to log file fails
Fix bug in ACL netmask generation
Fix FilterURLs with transparent proxy support
Fix upstream proxy support
Create log and pid files after we drop privs
Don't recompile regular expressions
Use output of id instead of $USER
keep track of error codes in return codes in tests
18.9.2
fix: TLS error logging
18.9.1
new: Interrupt has Options.reason to signal detailed origin of call cancelation (active cancel vs passive timeout)
fix: Cancel and Interrupt gets "killnowait" mode
new: Cancel and Interrupt no longer have ABORT/"abort"
18.8.2
new: WAMP call cancel support
fix: getting started documentation and general docs improvements
fix: WebSocket auto-reconnect on opening handshake failure
fix: more Python 3.7 compatibility and CI
fix: Docker image building using multi-arch, size optimizations and more
fix: asyncio failed to re-connect under some circumstances
v4.1:
Silenced spurious warning about missing directories when in development (i.e “autorefresh”) mode.
Support supplying paths as Pathlib instances, rather than just strings.
Add a new CompressedStaticFilesStorage backend to support applying compression without applying Django’s hash-versioning process.
Documentation improvements.
0.53.0:
- on_open() missing 1 required positional argument: 'ws'
0.52.0:
- fixed callback argument in _app.py
- Fixing none compare bug in run_forever
- Fix NoneType bug introduced by 386 fix
0.51.0:
- revert "WebSocketApp class to make it inheritable" because of breaking the compatibily
0.50.0:
- fixed pong before ping
- pass proper arguments to method callbacks
0.49.0:
- WebSocketApp class to make it inheritable
- Add option to disable sending the Origin header
- Websocket.close() meaning of "close status: XXXXX"
- Enable multithreading protection with ping_interval
- reset WebsocketApp.sock
- websocket.enableTrace not working
- AttributeError: 'module' object has no attribute 'NullHandler'
- WebSocketBadStatusException "not enough arguments for format string"
- handshake should deal with None in headers
Nghttp2 v1.34.0
lib
libnghttp2 now supports extended CONNECT method and :protocol pseudo header field defined in RFC 8441. To enable this functionality on server side, send NGHTTP2_SETTINGS_ENABLE_CONNECT_PROTOCOL using nghttp2_submit_settings().
nghttpx
nghttpx now supports “Bootstrapping WebSockets with HTTP/2” defined in RFC 8441 for both frontend and backend HTTP/2 connections.
read-timeout and write-timeout parameters have been added to --backend option to specify read/write timeouts per pattern which override values set by --backend-read-timeout and --backend-write-timeout options.
This release fixes stability issues in neverbleed with OpenSSL 1.1.1.
mruby has been updated to version 1.4.1.
env.tls_handshake_finished has been added to mruby scripting to know whether TLS handshake has been completed or not. This might be useful to decide that 0-RTT data should be processed or not.
--tls13-ciphers and --tls-client-ciphers options have been added to configure TLSv1.3 ciphers.
nghttpx now adds Early-Data header field to the request header field when request is included in 0-RTT packet, and TLS handshake has not been completed yet. Early-Data header field is defined in RFC 8470.
nghttpx now supports TLSv1.3 0-RTT data. By default, it accepts 0-RTT data, but postpones the request until TLS handshake completes. The new option --tls-no-postpone-early-data makes nghttpx not to postpone request and adds Early-Data header field to backend request. It is important to make sure that all backends must recognize Early-Data header field to mitigate reply attack.
To enable 0-RTT data and most of the TLSv1.3 features, OpenSSL 1.1.1 is required.
Fixed hangs on macOS Mojave (10.14) when various dialog windows (upload, download, print, etc) are activated (bug 1489785)
Fixed playback of some encrypted video streams on macOS (bug 1491940)
Unvisited bookmarks can once again be autofilled in the address bar (bug 1488879)
WebGL rendering issues (bug 1489099)
Updates from unpacked language packs no longer break the browser (bug 1488934)
Fix fallback on startup when a language pack is missing (bug 1492459)
Profile refresh from the Windows stub installer restarts the browser (bug 1491999)
Properly restore window size and position when restarting on Windows (bugs 1489214 and 1489852)
Avoid crash when sharing a profile with newer (as yet unreleased) versions of Firefox (bug 1490585)
Do not undo removal of search engines when using a language pack (bug 1489820)
Fixed rendering of some web sites (bug 1421885)
Restored compatibility with some sites using deprecated TLS settings (bug 1487517)
Fix screen share on MacOS when using multiple monitors (bug 1487419)
CVE-2018-12386: Type confusion in JavaScript
CVE-2018-12387:
CVE-2018-12385: Crash in TransportSecurityInfo due to cached data
1.5.2:
Fixed XSS vulnerability
Fixed Peewee support
Added detail view column formatters
Updated Flask-Login example to work with the newer version of the library
Various SQLAlchemy-related fixes
Various Windows related fixes for the file admin
PHP 7.2: Removed deprecated function each().
PHP 7.2: Avoid count() calls on uncountable variables.
PHP 7.2: Removed deprecated create_function() call.
PHP 7.2: Make sure variables are arrays in theme_links().
Fixed theme-settings.php not being loaded on cached forms
1.1.2:
Invalid characters present in Excel worksheet name
- Major Changes
- Django 2.0 compatibility
- Improved interface to database connection management
- Minor Changes
- Documentation updates
- Load images over same protocol as originating page
Changes with nginx 1.15.5:
*) Bugfix: a segmentation fault might occur in a worker process when
using OpenSSL 1.1.0h or newer; the bug had appeared in 1.15.4.
*) Bugfix: of minor potential bugs.
Changes with nginx 1.15.4:
*) Feature: now the "ssl_early_data" directive can be used with OpenSSL.
*) Bugfix: in the ngx_http_uwsgi_module.
Thanks to Chris Caputo.
*) Bugfix: connections with some gRPC backends might not be cached when
using the "keepalive" directive.
*) Bugfix: a socket leak might occur when using the "error_page"
directive to redirect early request processing errors, notably errors
with code 400.
*) Bugfix: the "return" directive did not change the response code when
returning errors if the request was redirected by the "error_page"
directive.
*) Bugfix: standard error pages and responses of the
ngx_http_autoindex_module module used the "bgcolor" attribute, and
might be displayed incorrectly when using custom color settings in
browsers.
Thanks to Nova DasSarma.
*) Change: the logging level of the "no suitable key share" and "no
suitable signature algorithm" SSL errors has been lowered from "crit"
to "info".
2.1.3:
Fix: Readme, add direct linkt to screencast video
Fix: graph_models, regression under Python 2
Fix: ForeignKeyAutocompleteAdmin, 2.0.8 breaks ForeignKeyAutocompleteAdmin
Fix: AutoSlugField, fix regression when copying an autoslug model require the explicit clearing of the slug if it needs to be recalculated
Fix: technical_response, check for AttributeError
Improvement: graph_models, Add feature disable_abstract_fields
Improvement: AutoSlugField, Add overwrite_on_add
Improvement: runscript, Improve module existence test in runscript
1.1.0:
fix: Django2.1 ImportExportModelAdmin export
setup: add django2.1 to test matrix
JSONWidget for jsonb fields
Add ExportActionMixin
Add Import Export Permissioning
write_to_tmp_storage() for import_action()
follow relationships on ForeignKeyWidget
Update all pypi.python.org URLs to pypi.org
added test for tsv import
added unicode support for TSV for pytjhon 2
Added ExportViewMixin
Changes:
Fri Sep 7 00:04:41 CEST 2018 mikulas:
Fix verifying SSL certificates for numeric IPv6 addresses
Thu Sep 6 22:07:03 CEST 2018 mikulas:
Delete the option -ftp.fast - it doesn't always work and ftp performance
is not an issue anymore
Passive ftp enabled by default because it will more likely work than
the port command
Wed Sep 5 22:39:11 CEST 2018 mikulas:
Add bold and monospaced Turkish letter 'i' without a dot
Wed Sep 5 01:28:31 cet 2018 mikulas:
On OS/2 allocate OpenSSL memory from the lower heap
It fixes SSL on systems with old 16-bit TCP/IP stack
Fri Aug 31 18:06:26 CEST 2018 mikulas:
Fix IPv6 on OpenVMS Alpha
Thu Jul 26 07:34:24 CEST 2018 mikulas:
Support mouse scroll wheel in textarea
Thu Jul 26 05:24:17 CEST 2018 mikulas:
Delete the option -http-bugs.bug-302-redirect - RFC7231 allows the
"buggy" behavior and defines new codes 307 and 308 that retain the
post data
Wed Jul 18 21:00:23 CEST 2018 mikulas:
X11 - fixed colormap leak when creating a new window
Mon Jul 16 02:33:26 CEST 2018 mikulas:
Fixed an infinite loop that happened in graphics mode if the user
clicked on OK in "Miscellaneous options" dialog and more than one
windows were open.
This bug was introduced in Links 2.15.
Sun Jul 15 21:36:04 CEST 2018 mikulas:
Support 6x6x6 RGB palette in 256-bit color mode on framebuffer
The palette may be switched in the "video options" menu
The 8x8x4 palette has better image quality
The 6x6x6 palette preserves gray
Sat Jul 14 04:49:45 cet 2018 mikulas:
Implement dithering properly on OS/2 in 15-bit and 16-bit color mode
In 8-bit mode, Links may optionally use a private palette - it
improves visual quality of Links images, but degrades visual
quality of other concurrently running programs.
Thu Jul 12 23:06:48 CEST 2018 mikulas:
Improve scrolling smoothness when the user drags the whole document
Thu Jul 12 06:48:00 cet 2018 mikulas:
On OS/2, allocate large memory blocks directly (not with malloc)
- it reduces memory waste
Thu Jul 12 00:56:57 cet 2018 mikulas:
Fixed a bug that setting terminal title and resizing a terminal didn't
work on OS/2 and Windows. The bug was introduced in Links 2.16 when
shutting up coverity warnings.
Sun Jun 17 15:31:28 CEST 2018 mikulas:
Set link color to yellow by default
Sun Jun 17 14:04:07 CEST 2018 mikulas:
Delete the option -http-bugs.bug-post-no-keepalive
It was needed in 1999 to avoid some bug in some http server and it is
not needed anymore
Tue Jun 5 20:24:42 CEST 2018 mikulas:
Trust Content-Length on HTTP/1.0 redirect requests
This fixes hangs with misbehaving servers that honor Connection:
keep-alive but send out HTTP/1.0 reply without Connection: keep-alive.
Links thought that they don't support keep-alive and waited for the
connection to close (for example http://www.raspberrypi.org/)
Tue May 22 00:51:35 CEST 2018 mikulas:
Use keys 'H' and 'L' to select the top and bottom link on the current
page
Django 2.1.2:
CVE-2018-16984: Password hash disclosure to “view only” admin users
Fixed a regression where nonexistent joins in F() no longer raised FieldError
Fixed a regression where files starting with a tilde or underscore weren’t ignored by the migrations loader
Made migrations detect changes to Meta.default_related_name
Added compatibility for cx_Oracle 7
Fixed a regression in Django 2.0 where unique index names weren’t quoted
Fixed a regression where sliced queries with multiple columns with the same name crashed on Oracle 12.1
Fixed a crash when a user with the view (but not change) permission made a POST request to an admin user change form
Selenium 3.14.1
* Fix ability to set timeout for urllib3
* get_cookie uses w3c endpoint when compliant
* Remove body from GET requests
* Fix actions pause for fraction of a second
* Fixed input pausing for some actions methods
* Capabilities can be set on Options classes
* WebElement rect method is now forward compatible for OSS endpoints
* Deprecation warnings now have a stacklevel of 2
* keep_alive can now be set on Webdriver init
* isDisplayed atom is now used for all w3c compliant browser, fixing issue with Safari 12
Changes with Apache 2.4.35
*) http: Enforce consistently no response body with both 204 and 304
statuses.
*) mod_status: Cumulate CPU time of exited child processes in the
"cu" and "cs" values. Add CPU time of the parent process to the
"c" and "s" values.
*) mod_proxy: Improve the balancer member data shown in mod_status when
"ProxyStatus" is "On": add "busy" count and show byte counts in
auto mode always in units of kilobytes.
*) mod_status: Add cumulated response duration time in milliseconds.
*) mod_status: Complete the data shown for async MPMs in "auto" mode.
Added number of processes, number of stopping processes and number
of busy and idle workers.
*) mod_ratelimit: Don't interfere with "chunked" encoding, fixing regression
introduced in 2.4.34.
*) mod_proxy: Remove load order and link dependency between mod_lbmethod_*
modules and mod_proxy.
*) Allow the argument to <IfFile>, <IfDefine>, <IfSection>, <IfDirective>,
and <IfModule> to be quoted. This is primarily for the benefit of
<IfFile>.
*) mod_watchdog: Correct some log messages.
*) mod_md: When the last domain name from an MD is moved to another one,
that now empty MD gets moved to the store archive.
*) mod_ssl: Fix merging of SSLOCSPOverrideResponder.
*) mod_proxy_balancer: Restore compatibility with APR 1.4.
3.8.4 / 2018-09-18
Bug Fixes
* 3.8.x: security: fix include bypass of EntryFilter#filter symlink check
(#7228)
3.8.3 / 2018-06-05
Bug Fixes
* Fix --unpublished not affecting collection documents (#7027)
3.8.2 / 2018-05-18
Bug Fixes
* Add whitespace control to LIQUID_TAG_REGEX (#7015)
3.8.1 / 2018-05-01
Bug Fixes
* Fix rendering Liquid constructs in excerpts (#6945)
* Liquify documents unless published == false (#6959)
3.8.0 / 2018-04-19
Minor Enhancements
* Two massive performance improvements for large sites (#6730)
* Cache the list of documents to be written (#6741)
* Allow Jekyll Doctor to detect stray posts dir (#6681)
* Excerpt relative-path should match its path (#6597)
* Remind user to resolve conflict in jekyll new with --force (#6801)
* Memoize helper methods in site-cleaner (#6808)
* Compute document's relative_path faster (#6767)
* Create a single instance of PostReader per site (#6759)
* Allow date filters to output ordinal days (#6773)
* Change regex to sanitize and normalize filenames passed to LiquidRenderer
(#6610)
* Allow passing :strict_variables and :strict_filters options to Liquid's
renderer (#6726)
* Debug writing files during the build process (#6696)
* Improve regex usage in Tags::IncludeTag (#6848)
* Improve comment included in the starter index.md (#6916)
* Store and retrieve converter instances for Jekyll::Filters via a hash (#6856)
* Implement a cache within the where filter (#6868)
* Store regexp in a constant (#6887)
* Optimize computing filename in LiquidRenderer (#6841)
Documentation
* Adding the jekyll-algolia plugin to the list of plugins (#6737)
* Added Premonition plugin to list of plugins (#6750)
* Add document on releasing a new version (#6745)
* Mention Talkyard, a new commenting system for Jekyll and others. (#6752)
* Add 'jekyll-fontello' to plugins (#6757)
* Install dh-autoreconf on Windows (#6765)
* Fix common typos (#6764)
* Fix documentation for {{ page.excerpt }} (#6779)
* Update docs on permalink configuration (#6775)
* Propose fix some typos (#6785)
* Say hello to Jekyll's New Lead Developer (#6790)
* Add reference to Liquid to plugin docs (#6794)
* Draft a release post for v3.7.3 (#6803)
* add missing step for gem-based theme conversion (#6802)
* Update windows.md to explain an issue with jekyll new. (#6838)
* Add Bundler Installation Instructions (#6828)
* Docs: describe difference between tags and categories (#6882)
* Add jekyll-random plugin to docs (#6833)
* Fixed typo in description of categories and tags (#6896)
* Add missing ul-tag (#6897)
* doc: add liquid tag plugin jekyll-onebox for html previews (#6898)
* Add jekyll-w2m to plugins (#6855)
* Fix tutorials navigation HTML (#6919)
* add Arch Linux instalation troubleshoot (#6782)
* Docs: Install Jekyll on macOS (#6881)
* Fix CodeClimate badges [ci skip] (#6930)
* Update index.md (#6933)
Site Enhancements
* Remove links to Gists (#6751)
* Always load Google Fonts over HTTPS (#6792)
* always load analytics.js over HTTPS (#6807)
Bug Fixes
* Append appropriate closing tag to Liquid block in an excerpt ### -minor
(#6724)
* Bypass rendering via Liquid unless required (#6735)
* Delegated methods after private keyword are meant to be private (#6819)
* Improve handling non-default collection documents rendering and writing
(#6795)
* Fix passing multiline params to include tag when using the variable syntax
(#6858)
* include_relative tag should find related documents in collections gathered
within custom collections_dir (#6818)
* Handle liquid tags in excerpts robustly (#6891)
* Allow front matter defaults to be applied properly to documents gathered
under custom collections_dir (#6885)
3.7.4 / 2018-09-07
Bug Fixes
* Security: fix include bypass of EntryFilter#filter symlink check (#7224)
## 2.5.0 / 2018-05-18
* Docs: Prevent GitHub Pages from processing Liquid raw tag (#276)
### Documentation
* Use gems config key for Jekyll < 3.5.0 (#255)
* docs/usage - replace "below" with correct link (#280)
### Development Fixes
* Test against Ruby 2.5 (#260)
* add tests for twitter.card types (#289)
* Target Ruby 2.3 and Rubocop 0.56.0 (#292)
### Minor Enhancements
* Add webmaster_verifications for baidu (#263)
* Include page number in title (#250)
* Configure default Twitter summary card type (V2) (#225)
2.0.4 / 2018-09-15
* Don't blow up when passing frozen string to send_file disposition #1137 by
Andrew Selder
* Fix ubygems LoadError #1436 by Pavel Rosický
* Unescape regex captures #1446 by Jordan Owens
* Slight performance improvements for IndifferentHash #1427 by Mike Pastore
* Improve development support and documentation and source code by Will Yang,
Jake Craige, Grey Baker and Guilherme Goettems Schneider
2.0.3 / 2018-06-09
* Fix the backports gem regression #1442 by Marc-André Lafortune
2.0.2 / 2018-06-05
* Escape invalid query parameters #1432 by Kunpei Sakai
o The patch fixes CVE-2018-11627.
* Fix undefined method error for Sinatra::RequiredParams with hash key #1431
by Arpit Chauhan
* Add xml content-types to valid html_types for Rack::Protection #1413 by
Reenan Arbitrario
* Encode route parameters using :default_encoding setting #1412 by Brian
m. Carlson
* Fix unpredictable behaviour from Sinatra::ConfigFile #1244 by John Hope
* Add Sinatra::IndifferentHash#slice #1405 by Shota Iguchi
* Remove status code 205 from drop body response #1398 by Shota Iguchi
* Ignore empty captures from params #1390 by Shota Iguchi
* Improve development support and documentation and source code by Zp Yuan,
Andreas Finger, Olle Jonsson, Shota Iguchi, Nikita Bulai and Joshua O'Brien
## 1.2.8
- restore support for Ruby 2.0+
## 1.2.7
- fix bug in previous version for Ruby 2.3
## 1.2.6
- duplicate variables passed in initializers to avoid changing them
5.4.1 (2018-07-23)
This release quiets some warnings for Ruby 2.6 preview releases
and enables tests to pass under Ruby 1.9.3. Otherwise, nothing
interesting for Ruby 2.0..2.5 users.
3.14.0 (2018-08-03)
===================
Ruby:
* Allow to customize default duration of movement of pointer actions using
Driver#action#default_move_duration= (thanks @prakharrr)
* Fixed an accidentally removed Selenium::WebDriver::Error::TimeoutError (thanks @twalpole)
Server:
* Fixed an issue when Server.latest couldn't parse the version
Remote:
* Added support for uploading multiple files by passing them as a string
separated by \n to Element#send_keys. Please, note that not all the drivers
have multiple file upload implemented (tested to work in ChromeDriver).
3.13.1 (2018-07-20)
===================
Chrome:
* Fixed an issue when empty Chrome options would cause DevToolsActivePort issue (thanks @artplan1)
Remote:
* Support detecting local files (thanks @mskvn)
3.13.0 (2018-06-25)
===================
Ruby:
* Address warnings for redefined methods and uninitialized instance variables
Chrome:
* Chrome options capabilities updated to use goog:chromeOptions.
Note that Selenium now requires ChromeDriver v2.31 at minimum.
* Added ability to tell headless Chrome to save files using Driver#download_path= (thanks @pelly)
3.12.0 (2018-05-08)
===================
Ruby:
* Added User-Agent header to requests from Selenium to give remote
ends more visibility into distribution of clients (thanks @sah)
* Added Selenium::WebDriver::VERSION constant (thanks @sah)
* Added changelog link to RubyGems page
* Fixed a bug when requests were sent with empty Content-Type,
which should instead be application/json (issue #5615 and #5659)
* Fixed a bug when failed connection attempt was retried without
grace period for remote to resolve its problem (thanks @amckinley42)
* Fixed a bug with accidentally removed HasNetworkConnection driver extension
Chrome:
* Fixed a bug when deprecation message for using Chrome extensions
was incorrectly shown (thanks @treby)
Safari:
* Added support getting permissions via Driver#permissions
* Added support setting permissions via Driver#permissions=
* Added support enabling web inspector via Driver#attach_debugger
3.2.1: (2018/08/16)
https://github.com/jneen/rouge/compare/v3.2.0...v3.2.1
* Perl Lexer
o Allow any non-whitespace character to delimit regexes (#974 by dblessing)
- Details: In specific cases where a previously unsupported regex
delimiter was used, a later rule could cause a backtrack in the regex
system. This resulted in Rouge hanging for an unspecified amount of
time.
3.2.0: (2018/08/02)
https://github.com/jneen/rouge/compare/v3.1.1...v3.2.0
* General
o Load pastie theme (#809 by rramsden)
o Fix build failures (#892 by olleolleolle)
o Update CLI style help text (#923 by nixpulvis)
o Fix HTMLLinewise formatter documentation in README.md (#910 by rohitpaulk)
* Terraform Lexer (NEW - #917 by lowjoel)
* Crystal Lexer (NEW - #441 by splattael)
* Scheme Lexer
o Allow square brackets (#849 by EFanZh)
* Haskell Lexer
o Support for Quasiquotations (#868 by enolan)
* Java Lexer
o Support for Java 10 var keyword (#888 by lc-soft)
* VHDL Lexer
o Fix time_vector keyword typo (#911 by ttobsen)
* Perl Lexer
o Recognize .t as valid file extension (#918 by miparnisari)
* Nix Lexer
o Improved escaping sequences for indented strings (#926 by veprbl)
* Fortran Lexer
o Recognize .f as valid file extension (#931 by veprbl)
* Igor Pro Lexer
o Update functions and operations for Igor Pro 8 (#921 by t-b)
* Julia Lexer
o Various improvements and fixes (#912 by ararslan)
* Kotlin Lexer
o Recognize .kts as valid file extension (#908 by mkobit)
* CSS Lexer
o Minor fixes (#916 by miparnisari)
* HTML Lexer
o Minor fixes (#916 by miparnisari)
* Javascript Lexer
o Minor fixes (#916 by miparnisari)
* Markdown Lexer
o Images may not have alt text (#904 by Himura2la)
* ERB Lexer
Fix greedy comment matching (#902 by ananace)
## 3.12.0 / 2018-07-13
* 5 features:
* You can now specify which SSL ciphers the server should support, default is unchanged (#1478)
* The setting for Puma's `max_threads` is now in `Puma.stats` (#1604)
* Pool capacity is now in `Puma.stats` (#1579)
* Installs restricted to Ruby 2.2+ (#1506)
* `--control` is now deprecated in favor of `--control-url` (#1487)
* 2 bugfixes:
* Workers will no longer accept more web requests than they have capacity to process. This prevents an issue where one worker would accept lots of requests while starving other workers (#1563)
* In a test env puma now emits the stack on an exception (#1557)
Mustermann 1.0.3 (2018-08-17)
* Handle with_look_ahead on SafeRenderer. Fixes sinatra/sinatra#1409
@namusyaka
* Fix EqualityMap#fetch to be compatible with the fallback Hash#fetch. Fixes
#89 @eregon
* Improve code base and documentation. @sonots, @iguchi1124
=== 2.7.6
* New Features
* Mechanize#set_proxy accepts an HTTP URL/URI. (#513)
* Bug fix
* Fix element(s)_with(search: selector) methods not working for forms, form fields and frames. (#444)
* Improve the filename parser for the `Content-Disposition` header. (#496, #517)
* Accept `Content-Encoding: identity`. (#515)
* Mechanize::Page#title no longer picks a title in an embeded SVG/RDF element. (#503)
* Make Mechanize::Form#has_field? boolean. (#501)
# Version 3.8.0
Release date: 2018-09-20
### Added
* Workaround gecodriver 0.22 issue with undefined pause durations
* :element selector ignores XML namespaces
### Fixed
* Added Errno::ECONNRESET to the errors which will allows https server detection
# Version 3.7.2
Release date: 2018-09-12
### Fixed
* Fix MatchQuery based matchers when used on a root element found using any type of parent/ancestor query - Issue #2097
* Fix Chrome/FF HTML5 drag simulation for elements (a, img) which default to draggable - Issue #2098
# Version 3.7.1
Release date: 2018-09-05
### Fixed
* Restored ability to pass symbol as the CSS selector when calling `has_css?`/`have_css`/etc - Issue #2093
# Version 3.7.0
Release date: 2018-09-02
### Added
* `Capybara.disable_animation` can be set to a CSS selector to identify which elements will have animation disabled [Michael Glass]
* `Capybara.default_normalize_ws` option which sets whether or not text predicates and matchers (`has_text?`, `has_content?`, `assert_text`, etc) use `normalize_ws` option by default. Defaults to false. [Stegalin Ivan]
* Selector based predicates, matchers, and finders now support the `:normalize_ws` option for the `:text`/`:exact_text` filters. Defaults to the `Capybara.default_normalize_ws`setting above.
* Element `choose`/`check`/`uncheck`/`attach_file`/`fill_in` can now operate on the element they're called on or a descendant if no locator is passed.
### Fixed
* All CSS styles applied by the `Element#attach_file` `:make_visible` option will now have `!important` priority set to ensure they override any other specified style.
* Firefox file inputs are only manually cleared when necessary.
# Version 3.6.0
Release date: 2018-08-14
### Added
* Workaround geckodriver/firefox send_keys issues as much as possible using the Selenium actions API
* Workaround lack of HTML5 native drag and drop events when using Selenium driver with Chrome and FF >= 62
* `Capybara.predicates_wait` option which sets whether or not Capybaras matcher predicate methods (`has_css?`, `has_selector?`, `has_text?`, etc.) default to using waiting/retrying behavior (defaults to true)
# Version 3.5.1
Release date: 2018-08-03
### Fixed
* Fixed misspelled method name `refute_matches_elector` => `refute_matches_selector`
# Version 3.5.0
Release date: 2018-08-01
### Added
* text predicates and matchers (`has_text?`, `has_content?`, `assert_text`, etc) now support a `normalize_ws` option
### Fixed
* `attach_file` with Selenium and local Firefox 62+ now correctly generates only one change event when attaching multiple files
# Version 3.4.2
Release date: 2018-07-24
### Fixed
* `match_xxx` selectors and `matches_xxx?` predicates work correctly with elements found using a sibling selector - Issue #2073
# Version 3.4.1
Release date: 2018-07-20
### Fixed
* `Session#evaluate_script` now strips the script in `Session` rather than only in the Selenium driver
# Version 3.4.0
Release date: 2018-07-19
### Fixed
* Make selenium driver :backspace clear stategy work even if caret location is in middle of field content [Champier Cyril]
* Selenium issue with fieldset nested in disabled fieldset not being considered disabled
* `Session#evaluate_script` and `Element#evaluate_script` now strip leading/trailing whitespace from scripts [Ian Lesperance]
### Added
* Work around Selenium lack of support for `file_detector` with remote geckodriver
* `#within_frame` locator is optional when only one frame exists
* `Capybara.test_id` option that allows for matching the Capybara provided selector types on an arbitrary attribute
(defaults to nil), set to your test id attribute ('data-test-id, etc) if using test id attributes in your project
# Version 3.3.1
Release date: 2018-06-27
### Fixed
* `selenium-webdriver` version check [ahorek]
* Selenium driver correctly responds to `disabled?` for fieldset elements - Issue #2059 [Thomas Walpole]
# Version 3.3.0
Release date: 2018-06-25
### Added
* RackTest driver now handles 307/308 redirects
* `execute_async_script` can now be called on elements to run the JS in the context of the element
* `:download` filter option on `:link' selector
* `Window#fullscreen`
* `Element#style` and associated matchers
### Changed
* Minimum "supported" `selenium-webdriver` is raised to 3.5.0 (but you really should be using newer than that)
### Fixes
* Selenium driver with Firefox workaround for clicking on table row - https://github.com/mozilla/geckodriver/issues/1228
* :class and :id filters applied to CSS based selectors now correctly handle the CSS comma
* Selenium driver handles namespaces when generating an elements `#path` - Issue #2048
# Version 3.2.1
Release date: 2018-06-04
### Fixes
* Only split CSS selectors when :class or :id options are given. Restores 3.1.1 functionality for now but the underlying issue
will require a larger fix, hopefully coming soon. - Issue #2044 [Thomas Walpole]
# Version 3.2.0
Release date: 2018-06-01
### Changed
* Ruby 2.3.0+ is now required
* `ElementNotFound` errors raised in selector filters are interpreted as non-matches
### Added
* New global configuration `default_set_options` used in `Capybara::Node::Element#set` as default `options` hash [Champier Cyril]
* `execute_script` and `evaluate_script` can now be called on elements to run the JS in the context of the element [Thomas Walpole]
* Filters in custom selectors now support a `matcher` Regexp to handle multiple filter options [Thomas Walpole]
* `:element` selector type which will match on any attribute (other than the reserved names) passed as a filter option [Thomas Walpole]
* `:class` filter option now supports preceding class names with `!` to indicate not having that class [Thomas Walpole]
* `:class` and `:id` filter options now accept `XPath::Expression` objects to allow for more flexibility in matching [Thomas Walpole]
* `Capybara.disable_animation` setting which triggers loading of a middleware that attempts to disable animations in pages.
This is very much a beta feature and may change/disappear in the future. [Thomas Walpole]
# Version 3.1.1
Release date: 2018-05-25
### Fixes
* Ensure keystrokes are sent when setting time/date fields to a string with the Selenium driver [Thomas Walpole]
# Version 3.1.0
Release date: 2018-05-10
### Added
* Support for using `select` with text inputs associated with a datalist element
* `type` filter on `:button` selector
* Support for server operating in https mode
* Selenium driver now uses JS to fill_in/set date and time fields when passed date or time objects [Aleksei Gusev, Thomas Walpole]
Emergency fix for a major bug that messes up the cluster view page.
Fixed upstream in the next release, but there is another regression
in the latest release that still needs to be identified before upgrading.
Remove www/contao45 package since Contao 4.5 were not distributed as
release tar files since version 4.5.11. And it is EOL by release of
Contao 4.6 after 28th Aug 2018.
And Contao 4.6 is also only available via Contao Manager. Please refer
<https://contao.org/download.html> in detail.
Remove www/contao44 package since Contao 4.4 were not distributed as
release tar files since version 4.4.21.
Instead, Contao 4.4 is available via Contao Manager. Please refer
<https://contao.org/download.html> in detail.
Version 3.5.36 (2018-09-18)
---------------------------
### Fixed
Prevent arbitrary code execution through .phar files (see CVE-2018-17057).
### Fixed
Correctly reset the autologin data upon logout (#8868).
### Fixed
Remove support for deprecated user password hashes (see #8889).
Tornado 5.1.1:
Bug fixes
Fixed an case in which the Future returned by RequestHandler.finish could fail to resolve.
The TwitterMixin.authenticate_redirect method works again.
Improved error handling in the tornado.auth module, fixing hanging requests when a network or other error occurs.
Upstream changes:
Moodle 3.5.2 release notes
Releases > Moodle 3.5.2 release notes
Release date: 10 September 2018
Here is the full list of fixed issues in 3.5.2.
Contents
1 Highlights
2 Fixes and improvements
3 Security issues
4 See also
Highlights
MDL-61652 - Configuration as to who can download SAR data
MDL-62026 - Privacy officer can mark general enquiries as complete
MDL-62660 - Option to set a data request expiry time
MDL-57741 - Launch URL for Publish as LTI tool
MDL-57977 - Global search allows searching for users by alternate name
Fixes and improvements
MDL-60826 - Memory exhaustion error when trying to add/edit calendar event as admin
MDL-60874 - Clearer search results in user enrolment
MDL-62782 - Users with the capability mod/assign:viewgrades can also view uploaded feedback files
MDL-62849 - Filemanager: cannot manage files when there are folders
MDL-62534 - Empty course sections deleted when upgrading
MDL-62600 - Admin is misinformed that there are no data requests
MDL-61351 - Shibboleth logout does not handle file sessions correctly
MDL-62996 - Missing upgrade.php file on tool_dataprivacy may cause errors when upgrading from 3.3 or 3.4
MDL-62643 - Online text assignment submissions generate a blank HTML document for grading when no text is entered
MDL-61515 - The current core php-css-parser prefixing library does not support sass syntax "@supports"
MDL-61424 - When token is rejected from moodle.net provide option to unregister
MDL-59847 - Behaviour when city/country are hiddenfields and identityfields at the same time
MDL-62965 - User profile fields missing on signup page
MDL-62889 - Multiple fixes when redirecting to a URL after clicking on a notification
MDL-62989 - Data requests are listed by date requested for users
MDL-62896 - Some non-core plugins are missing their Additional label on the Plugin data registry page
MDL-62993 - External tool Message in Membership Service not in an Array
MDL-62969 - External tool LtiLinkMemberships URL is invalid
MDL-62581 - Boost Course restore screen styling improvements
MDL-62769 - "Statistics for question positions" graph shows last shown variant, not stats for overall question
MDL-62341 - 'Go back to previous page' link on All policies page
MDL-62746 - Boost core_tag modals content layout improvements
MDL-45389 - Forum index page alignment improvements
MDL-61707 - Pre-signup (minor check) session is not deleted upon signup
MDL-62852 - All policies page lists policy type and audience
Security issues
A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
Changelog:
#CVE-2018-12377: Use-after-free in refresh driver timers
#CVE-2018-12378: Use-after-free in IndexedDB
#CVE-2018-12379: Out-of-bounds write with malicious MAR file
#CVE-2017-16541: Proxy bypass using automount and autofs
#CVE-2018-12381: Dragging and dropping Outlook email message results in page navigation
#CVE-2018-12376: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2
Git 2.19 Release Notes
Updates since v2.18
-------------------
UI, Workflows & Features
* "git diff" compares the index and the working tree. For paths
added with intent-to-add bit, the command shows the full contents
of them as added, but the paths themselves were not marked as new
files. They are now shown as new by default.
"git apply" learned the "--intent-to-add" option so that an
otherwise working-tree-only application of a patch will add new
paths to the index marked with the "intent-to-add" bit.
* "git grep" learned the "--column" option that gives not just the
line number but the column number of the hit.
* The "-l" option in "git branch -l" is an unfortunate short-hand for
"--create-reflog", but many users, both old and new, somehow expect
it to be something else, perhaps "--list". This step warns when "-l"
is used as a short-hand for "--create-reflog" and warns about the
future repurposing of the it when it is used.
* The userdiff pattern for .php has been updated.
* The content-transfer-encoding of the message "git send-email" sends
out by default was 8bit, which can cause trouble when there is an
overlong line to bust RFC 5322/2822 limit. A new option 'auto' to
automatically switch to quoted-printable when there is such a line
in the payload has been introduced and is made the default.
* "git checkout" and "git worktree add" learned to honor
checkout.defaultRemote when auto-vivifying a local branch out of a
remote tracking branch in a repository with multiple remotes that
have tracking branches that share the same names.
(merge 8d7b558bae ab/checkout-default-remote later to maint).
* "git grep" learned the "--only-matching" option.
* "git rebase --rebase-merges" mode now handles octopus merges as
well.
* Add a server-side knob to skip commits in exponential/fibbonacci
stride in an attempt to cover wider swath of history with a smaller
number of iterations, potentially accepting a larger packfile
transfer, instead of going back one commit a time during common
ancestor discovery during the "git fetch" transaction.
(merge 42cc7485a2 jt/fetch-negotiator-skipping later to maint).
* A new configuration variable core.usereplacerefs has been added,
primarily to help server installations that want to ignore the
replace mechanism altogether.
* Teach "git tag -s" etc. a few configuration variables (gpg.format
that can be set to "openpgp" or "x509", and gpg.<format>.program
that is used to specify what program to use to deal with the format)
to allow x.509 certs with CMS via "gpgsm" to be used instead of
openpgp via "gnupg".
* Many more strings are prepared for l10n.
* "git p4 submit" learns to ask its own pre-submit hook if it should
continue with submitting.
* The test performed at the receiving end of "git push" to prevent
bad objects from entering repository can be customized via
receive.fsck.* configuration variables; we now have gained a
counterpart to do the same on the "git fetch" side, with
fetch.fsck.* configuration variables.
* "git pull --rebase=interactive" learned "i" as a short-hand for
"interactive".
* "git instaweb" has been adjusted to run better with newer Apache on
RedHat based distros.
* "git range-diff" is a reimplementation of "git tbdiff" that lets us
compare individual patches in two iterations of a topic.
* The sideband code learned to optionally paint selected keywords at
the beginning of incoming lines on the receiving end.
* "git branch --list" learned to take the default sort order from the
'branch.sort' configuration variable, just like "git tag --list"
pays attention to 'tag.sort'.
* "git worktree" command learned "--quiet" option to make it less
verbose.
Performance, Internal Implementation, Development Support etc.
* The bulk of "git submodule foreach" has been rewritten in C.
* The in-core "commit" object had an all-purpose "void *util" field,
which was tricky to use especially in library-ish part of the
code. All of the existing uses of the field has been migrated to a
more dedicated "commit-slab" mechanism and the field is eliminated.
* A less often used command "git show-index" has been modernized.
(merge fb3010c31f jk/show-index later to maint).
* The conversion to pass "the_repository" and then "a_repository"
throughout the object access API continues.
* Continuing with the idea to programatically enumerate various
pieces of data required for command line completion, teach the
codebase to report the list of configuration variables
subcommands care about to help complete them.
* Separate "rebase -p" codepath out of "rebase -i" implementation to
slim down the latter and make it easier to manage.
* Make refspec parsing codepath more robust.
* Some flaky tests have been fixed.
* Continuing with the idea to programmatically enumerate various
pieces of data required for command line completion, the codebase
has been taught to enumerate options prefixed with "--no-" to
negate them.
* Build and test procedure for netrc credential helper (in contrib/)
has been updated.
* Remove unused function definitions and declarations from ewah
bitmap subsystem.
* Code preparation to make "git p4" closer to be usable with Python 3.
* Tighten the API to make it harder to misuse in-tree .gitmodules
file, even though it shares the same syntax with configuration
files, to read random configuration items from it.
* "git fast-import" has been updated to avoid attempting to create
delta against a zero-byte-long string, which is pointless.
* The codebase has been updated to compile cleanly with -pedantic
option.
(merge 2b647a05d7 bb/pedantic later to maint).
* The character display width table has been updated to match the
latest Unicode standard.
(merge 570951eea2 bb/unicode-11-width later to maint).
* test-lint now looks for broken use of "VAR=VAL shell_func" in test
scripts.
* Conversion from uchar[40] to struct object_id continues.
* Recent "security fix" to pay attention to contents of ".gitmodules"
while accepting "git push" was a bit overly strict than necessary,
which has been adjusted.
* "git fsck" learns to make sure the optional commit-graph file is in
a sane state.
* "git diff --color-moved" feature has further been tweaked.
* Code restructuring and a small fix to transport protocol v2 during
fetching.
* Parsing of -L[<N>][,[<M>]] parameters "git blame" and "git log"
take has been tweaked.
* lookup_commit_reference() and friends have been updated to find
in-core object for a specific in-core repository instance.
* Various glitches in the heuristics of merge-recursive strategy have
been documented in new tests.
* "git fetch" learned a new option "--negotiation-tip" to limit the
set of commits it tells the other end as "have", to reduce wasted
bandwidth and cycles, which would be helpful when the receiving
repository has a lot of refs that have little to do with the
history at the remote it is fetching from.
* For a large tree, the index needs to hold many cache entries
allocated on heap. These cache entries are now allocated out of a
dedicated memory pool to amortize malloc(3) overhead.
* Tests to cover various conflicting cases have been added for
merge-recursive.
* Tests to cover conflict cases that involve submodules have been
added for merge-recursive.
* Look for broken "&&" chains that are hidden in subshell, many of
which have been found and corrected.
* The singleton commit-graph in-core instance is made per in-core
repository instance.
* "make DEVELOPER=1 DEVOPTS=pedantic" allows developers to compile
with -pedantic option, which may catch more problematic program
constructs and potential bugs.
* Preparatory code to later add json output for telemetry data has
been added.
* Update the way we use Coccinelle to find out-of-style code that
need to be modernised.
* It is too easy to misuse system API functions such as strcat();
these selected functions are now forbidden in this codebase and
will cause a compilation failure.
* Add a script (in contrib/) to help users of VSCode work better with
our codebase.
* The Travis CI scripts were taught to ship back the test data from
failed tests.
(merge aea8879a6a sg/travis-retrieve-trash-upon-failure later to maint).
* The parse-options machinery learned to refrain from enclosing
placeholder string inside a "<bra" and "ket>" pair automatically
without PARSE_OPT_LITERAL_ARGHELP. Existing help text for option
arguments that are not formatted correctly have been identified and
fixed.
(merge 5f0df44cd7 rs/parse-opt-lithelp later to maint).
* Noiseword "extern" has been removed from function decls in the
header files.
* A few atoms like %(objecttype) and %(objectsize) in the format
specifier of "for-each-ref --format=<format>" can be filled without
getting the full contents of the object, but just with the object
header. These cases have been optimized by calling
oid_object_info() API (instead of reading and inspecting the data).
* The end result of documentation update has been made to be
inspected more easily to help developers.
* The API to iterate over all objects learned to optionally list
objects in the order they appear in packfiles, which helps locality
of access if the caller accesses these objects while as objects are
enumerated.
* Improve built-in facility to catch broken &&-chain in the tests.
* The more library-ish parts of the codebase learned to work on the
in-core index-state instance that is passed in by their callers,
instead of always working on the singleton "the_index" instance.
* A test prerequisite defined by various test scripts with slightly
different semantics has been consolidated into a single copy and
made into a lazily defined one.
(merge 6ec633059a wc/make-funnynames-shared-lazy-prereq later to maint).
* After a partial clone, repeated fetches from promisor remote would
have accumulated many packfiles marked with .promisor bit without
getting them coalesced into fewer packfiles, hurting performance.
"git repack" now learned to repack them.
* Partially revert the support for multiple hash functions to regain
hash comparison performance; we'd think of a way to do this better
in the next cycle.
* "git help --config" (which is used in command line completion)
missed the configuration variables not described in the main
config.txt file but are described in another file that is included
by it, which has been corrected.
* The test linter code has learned that the end of here-doc mark
"EOF" can be quoted in a double-quote pair, not just in a
single-quote pair.
