Bluefish 2.2.10 is a maintenance release. Various language files have been
improved, most notably languages that include CSS. There are also various fixes
for newer gtk versions and for gtk on wayland (which is now the default on
Fedora Linux). A new feature in the 2.2.10 release is the possibility to
import/export syntax color styles, included are styles for a light and a dark
theme. Last there have been fixes for a few rare crashes.
Bluefish 2.2.9 is a maintenance release that most importantly fixes
incompatibility with Gtk 3.20. Next to that some small dialogs have been
improved, and some user interface parts have been polished.
pkgsrc changes:
- Switch to www/webkit-gtk (instead of using webkit24-gtk3)
- Adjust GITHUB_RELEASE to remove the trailing `a', please note that this will
probably not needed for future releases!
Changes:
1.12.5
------
* #665: Webkit browser now supplies 'Liferea' component in user agent
* #664: Added "Mark All As Read" button to headerbar plugin
* #620: Added flatpak JSON
(glitsj16)
* #579: Added item list column drag and drop reordering
(Yanko Kaneti)
* #436, #662: Move from GnomeKeyring to libsecret
(bgermann)
* Fixes#663: Correct instapaper sharing link
(Daniel Alexandersen)
* Fixes#661: Update sharing links
(Daniel Alexandersen)
* Fixes#271: Consistent over usage of CPU (trigger by "Next Unread" loop)
(reported by GreenLunar)
* #472, #632: Dropping Inoreader support (API broke)
1.12.4
------
* Fixes#660: Added installable plugin to change accels
(Lars Windolf)
* Fixes#654: Segfault on date out of range
(Leaiz)
* Fixes#651: Fixes Free Music Archive link in default OPMLs
(reported by benjbrandall)
* Fixes#649: Switch from persistent to session-only cookies
(Daniel Alexandersen)
* Fixes#645, #646: unread count of vfolder
(Leaiz)
* Fixes#637: Extra keywords in .desktop file (syndication; rss; atom)
(Daniel Alexandersen)
* Fixes#557: Updating counters for remote sources
(Leiaz)
* Updated cookie usage hint in FAQ
1.12.3
------
* #634: Added setting for custom download commands
(Leiaz)
* #614: GTK Headerbar support via plugin
(Lars Windolf)
* #608: Refactoring UI code to switch to GAction and GtkBuilder
Note: this implies not having icons in the main menu anymore
which were still there for all non-GNOME users (see #626).
(Leiaz)
* #589: Item list view column order rework as a preparation for
possible real column drag&drop. Introduces a new DConf setting
for the column order.
(Yanko Kaneti)
* Fixes#280: Mark read toolbar button always disabled for search folders
(Lars Windolf, reported by dvahalev)
* Fixes#591: Please add a safety question when "marking all read"
(Leiaz, reported by Nudin)
* Fixes#625: Avoid exception in trayicon.py
(Lars Windolf)
* Fixes#627: GnomeKeyring plugin fails to activate when keyring doesn't exist
(Lars Windolf)
* Fixes#630: Fix feed list selection after DnD
(Peter Zaitev)
* Fixes#633: Big Memory leak in date code
(Leiaz)
* Update of Turkish translation (emintufan)
* Update of French translation (guilieb)
1.12.2
------
* Adding a plugin installer plugin that allows discovering
and automatically installing 3rd party plugins
* #585: Drop language from user agent to increase privacy
(Daniel Aleksandersen)
* #583: Add transmission-gtk and aria2 as download tool options
(Daniel Aleksandersen)
* #495: New command line option --disable-plugins (-p) to start
with all plugins disabled.
* Fixes#610: Liferea not showing up in GNOME Software
(Yanko Kaneti)
* Fixes#604: Correctly print error message when failing
to unlock GNOME keyring
(ghost)
* Fixes#602: CSS style for GTK link colors not used
(reported by pupyc)
* Fixes#581: Redirect location updates and adds HTTP 308 (RFC 7538) support
(Daniel Aleksandersen)
* Fixes#578: Unable to set unread items in bold
(Leiaz, reported by EverEve)
* #612: Update of French translation
(Guillaume Bernard)
* #596: Update of Swedish translation
(jony0008)
* #594: Update of Polish default feed list
(wmyrda)
* #584: Fixes broken OPML feed list entries
(Daniel Aleksandersen)
* #584: Added Norwegian feed list
(Daniel Aleksandersen)
* #577: Fixes newsbin doc typo
(Daniel Aleksandersen)
1.12.1
------
* Fixes#562: Lintian spelling errors
(reported by Paul Gevers)
* Fixes#563: Appstream data has new format
(patch by Paul Gevers)
* Fixes#572: Doesn't remember some sort orders
(reported by geplus)
* Fixes#504: Fix assertions/crashes on changing view layouts
(Leiaz)
* Fixes#573: Workaround to avoid GtkPaned shrinking
(Leiaz)
* #566: Update of Italian translation (Gianvito Cavasoli)
* #566: Update of Italian default feed list (Gianvito Cavasoli)
* #514: Update of Indonesian translation (Samsul Ma'arif)
* #514: Added Indonesian default feed list (Samsul Ma'arif)
* Update of German translation
1.12.0
------
* Fixes unhiding from tray icon when activated via GApplication
(when starting Liferea a 2nd time)
* #399: Reorder columns in 'Normal' email-like view
to have the date column always at the end
(Mikel Olasagasti)
* #532: Add plugin to make unread feeds titles bold
(Yanko Kaneti)
* Workaround for #503: Liferea deanonymize Tor
(Leiaz)
* Fixes#450: #546 Resize both panes in normal and wide view
(Leiaz)
* Fixes#538: toggle_visibility() does not make a minimized window
visible again
(reported by Balló György)
* Fixes#522: Segfault when switching feed in combined view
(patch by jonmstone)
* Fixes#419, #457: Handling of relative URLs in Atom parser
(Leiaz)
* Added 'View Image' context menu option in HTML view
* Dropped del.icio.us from social bookmarking options
as it is a read-only service now.
* Redesign of the wide view mode: larger titles with small text teasers
* Added optional AMP/HTML5 content enrichment feature
1.12-rc3
--------
* Fixes#459: Fixes GtkDoc warnings
(Leiaz)
* Fixes#415: Filter commands are not asynchronous
(Rich Coe)
* Fixes#363: Missing space above internal browser address bar
(reported by nekohayo, patch by Mikel Olasagasti)
* Fixes#208: All "Unread" search folder items marked read at once
(Leiaz)
* Fixes#251: Liferea does not always use theme icons when it is launched
on system startup (reported by GreenLunar, fix by Leiaz)
* Change headline column sorting in wide view to time sorted
* Updated Finnish translation (Jorma Karvonen)
* Updated Latvian translation (Rihards Prieditis)
* Updated Albanian translation (Bensik Bleta)
* Updated Hungarian translation (Balázs Úr)
* Updated Brazlian translation (Rafael Ferreira)
* Updated French translation (Guillaume Bernard)
1.12-rc2
--------
* Change all g_warnings() to g_print() for remote source
to avoid "crashing" on errors.
* Reorganized all UI definitions in separate files to simplify
GtkBuilder handling.
* Github #425: Add GeoRSS info and map link in item header
(Mikel Olasagasti)
* Github #407: Replacing deprecated elements in preferences
(Leiaz)
* Github #396: Create LifereaApplication type
(Leiaz)
* Github #434: Partial RFC3229+feed support for bandwidth savings
(Daniel Aleksandersen)
* Fixes Github #208: gtk_tree_store_get_path: assertion
'iter->stamp == priv->stamp'
(reported by Mno-hime)
* Fixes Github #403: Leftover OSM XSLT in item view
(reported by Paul Gevers)
* Fixes Github #423: Internal browser shows files system on go-back
(Leiaz, reported by Paul Gevers)
* Updated German translation
* Github #441: Updated French translation
(Surfoo)
1.12-rc1a
---------
* Fixing missing header files
1.12-rc1
--------
* Github #348: Added support for downloading content that
cannot be displayed by HTML widget (e.g. PDFs)
(Leiaz)
* Github #355: Migrate to Python3 libpeas loader
(patch by picsel2)
* Github #311: Upgrade to WebKit2
(patch by Leiaz)
* Github #292: Show new item count in tray icon
(patch by mozbugbox)
* Github #297: Minimize to systray on window close
(patch by Hugo Arregui)
* Github #325: Auto-fitting, translated license
(patches by GreenLunar and Adolfo Jayme-Barrientos)
* Fixes Github #73: Problem with favicon update
(reported by asl97)
* Fixes Github #177, #350: Tray icon not scaled properly
(patch by mozbugbox)
* Removes GeoIP rendering via OSM to avoid exposing
users to remote JS library resources.
(reported by Paul Gevers)
* Fixes Github #337: Case sensitive sorting
(reported by Pi03k)
* Fixes Github #361: Show all enclosuers
(Leiaz)
* Fixes Github #368: Segfault on liferea-feed-add
(Leiaz)
* Fixes Github #382: Broken Auto-Detect/No Proxy setting
(Leiaz)
* Fixes Github #383: Per feed don't use proxy setting is broken
(reported by Leiaz)
* Github #309: Update of Japanese translation
(IWAI, Masaharu)
* Github #329: Update of Hebrew translation
(GreenLunar)
* Github #330: Update of Spanish translation
(Adolfo Jayme-Barrientos)
* Update of Swedish translation
(Andreas Ronnquist)
1.11.7
------
* Github #287: Add support for media:group.
(patch by Leiaz)
* Github #287: Fixes issues with media:content.
(patch by Leiaz)
* Fixes Github #283: Bad .desktop categories definition
(reported by Wuzzy2)
* Fixes Github #279: Fixes rules no visible in searchdialog
(patch by Leiaz)
* Fixes Github #278: No "Download" tab in Tools/Preferences
(docs error, reported by Anders Jonsson)
* Fixes Github #83: Segfault when sorting feeds in folder
(patch by Leiaz)
* Fixes French translation
(patch by polo2ro)
* Github #300: Updated manpage
(patch by GreenLunar)
1.11.6
------
* Added "Do Not Track" support (enabled per default)
* Github #193: Added x-scheme-handler/feed to desktop file
(suggested by GreenLunar)
* Github #209: Add image icons to plugins
(by GreenLunar)
* Github #210: Enable tests for parsing RFC822 dates with 2 digit year
(patch by arunanbala)
* Fixes Github #78: Shaky text in feed list
(reported by GreenLunar)
* Fixes Github #195: Out-dated documentation on enclose download
(reported by brian-in-crawford)
* Fixes Github #198: Traceback on popup notifications
(reported by GreenLunar)
* Fixes Github #216: Untranslatable strings
(reported by GreenLunar)
* Fixes Github #256: PyGIWarnings on loading plugins
(patch by glitjs16)
1.11.5
------
* Github #178: Implementing full screen mode for videos
(mozbugbox)
* Fixes Github #32: Prevent erroneous "Mark all as read"
(reported by Mno-hime)
* Improves Github #36, #113: UI lock up during refresh
(suggested by mozbugbox)
* Fixes Github #180: Removing item from (v)folder marks all read
(reported by GreenLunar)
* Fixes Github #140, #158: Vertical pane placement is forgotten.
(patch by foresto)
* Fixes Github #182: Missing config.h include in date.c
(reported by Paul Gevers)
* Update of Russian translation (bboa)
1.11.4
------
* Fixes Github #154: Crashes while starting (corrupt icon)
(reported by jcamposz)
* Github #149: Fixes a random crash on startup
(patch by mozbugbox)
* Fixes Github #79: RTL ordering of Back/Forward icons
(reported by GreenLunar)
* Fixes Github #30: Segfault after updating from 1.8 to 1.10
(reported by vakuum)
* Fixes Github #87: URL resolving wrong if base tag involved
(reported by DanMan, fixed by mozbugbox)
* Fixes all defects reported by Coverity scan
* Simplied external browser handling. Now Liferea only supports
the gtk_show_uri() launch mechanism for the system default browser
and a user specified browser command.
* Update of Albanian translation (Besnik Bleta)
* Update of Hebrew translation (Genghis Khan)
* Update of Spanish translation (Juan Campos Zambrana)
* Fixes typo in Italian translation
1.11.3
------
* Fixes Github #134: Broken default news feed.
(reported by pvdl)
* Fixes Github #133: Subscribe into TheOldReader categories
* Fixes Github #122: Crashes at launch, "segmentation fault"
(reported by geoffm)
* Fixes some memory leaks
(patch by Rich Coe)
* Fixes Github #145: Incorrect method triggered for 'Launch External'
(patch by mozbugbox)
* Fixes Github #48: Window stays hidden on next start after Ctrl+W
(reported by Jeff Fortin)
* Expose LifereaHtmlView to GObject Introspection
(patch by mozbugbox)
* Improves Google Reader API error handling
* Now using HTTPS only when accessing TheOldReader
* Added LifereaNodeSourceActivatable interface to allow plugins
implementing new node source types.
* Downgrade enclosure drop warning from Glib warning to debug trace.
1.11.2
------
* Fixes Github #132: Broken documentation link
(reported by kallus)
* Fixes Github #121: Wrapping issue in folder display
(reported by Jeff Forting)
* Fixes Github #114: Avoid termination on UTF-8 validation error
* Fixes Github #90: Libnotify plugin not working
(reported by asl97)
* Fixes Github #86: Support HTTP content negotiation
(suggested by DanMan)
* Black-list some categories used by Google Reader clones
that should not be visible.
* Allowing browser history to go back to previously
shown headline when browsing inside the item view.
* Dropping offline option as this is duplicated with
desktop environment in GNOME/network manager.
* Fixes Github #100: Problems with dark Adwaita theme in GTK 3.14
(reported by majutsushi)
* Fixes for preferences dialog width.
(patch by Jeff Fortin)
* Update of Arabic translation (Khaled Hosny)
1.11.1
------
* Fixes Github #81: Inability to add subscriptions
(reported by GreenLunar)
* Fixes Javascript links not opening in new browser tabs
* Updated Hebrew translation (Genghis Khan)
* Fixes Github #88: Minor DE translation mistake (moraxy)
1.11.0
------
* Added experimental InoReader support
* Added experimental Reedah support
* Fixes SF #1123: Mistakenly claims "TinyTinyRSS source is not self-updating"
(reported by Dominik Grafenhoher)
* Fixes SF #1119: Crash on font resize at startup.
(reported by David Smith)
* Fixes#1056, #1089, #1098: Honor preferences when opening links
(patch by Daniel Seither)
* Fixes#1117: Selecting last unread item in reduced feed list jumps to next feed
(reported by Bruce Guenter)
* Fixes missing "Via" metadata type
(patch by Rich Coe)
* Fixes incorrect new count reset handling in item_state.c and
some of the node source implementations.
* Fixes SF #1096: missing installation of liferea.convert file
(reported by stqn)
* Fixes SF #1135: liferea-add-feed doesn't process feed:https//
(patch by Kevin Walke)
* Fixes SF #1137, #1142: startup race with LifereaHtmlView
(reported by Yanko Kaneti)
* Fixes Github #13: Parsing errors not visible with dark themes
(reported by Steve Kelly)
* Fixes Github #29: Do not use bold text for feeds/folders with unread items
in the leftmost treeview (repored by Jeff Fortin)
* Fixes SF #1141: Liferea does not update feeds with TinyTinyRSS
(reported by Dominik Grafenhofer, denk_mal, Fabian Henze)
* Fixes SF #1150: subscription prop/source: not all fields and
buttons visible (reported by David Smith)
* Fixes Github #26: RTL comments appear incorrectly
(reported by yaconf)
* Fixes Github #27: Images do not autosize to fit the available space
(reported by Jeff Fortin)
* Fixes Github #34: Add TinyTinyRSS Enclosure Support
(reported by Adrixan)
* Fixes Github #43: "Any of the following" search condition doesn't work
(reported by Jeff Fortin)
* Fixes Github #49: Some dialogs scrolling areas do not request enough height
(reported by Jeff Fortin)
* Fixes Github #53: Doesn't automatically update feed name and favicon
for new feed (reported by asl97)
* Patch SF #224: Update to new libxml2 buffer API
(Simon Kagedal Reimer)
* Patch SF #209: Avoid copying list in itemset_merge_items
(kaloyan)
* Make Liferea use ETags and send If-None-Match
(patch by Chris Siebenmann)
* Support NOCONFIGURE for RPM builds
(Charles A Edwards)
* Rename README to README.md
* Removing libindicate support (to be added as plugin maybe)
* Removing libnotify support (to be added as plugin maybe)
* Removing build in tray icon support
* Added tray icon plugin
* Added category/folder support for TheOldReader
* Added folder auto-removal for TinyTinyRSS & TheOldReader
* Updated README on plugin contribution
* Updated Arabic translation (Khaled Hosny)
Changelog:
Changes
Allow overwrite.cli.url without trailing slash (server#11772)
Remove duplicate call to decodeURIComponent (server#11781)
Check for empty string (server#11783)
Add "Referrer-Policy" to htaccess file, addresses issue #11099 (server#11798)
Always query the lookup server in a global scale setup (server#11800)
Fix a case where "password_by_talk" was not a boolean (server#11851)
Add .l10nignore files for compiled assets (server#11925)
Properly escape column name in "createFunction" call (server#11929)
Allow userId to be null (server#11939)
Allow "same-origin" as "Referrer-Policy" (Backport to stable14) (server#11950)
Do not emit preHooks twice on non-part-storage (server#11961)
Filter null values for UserManager::getByEmail (server#11976)
Allow local delivery of schedule message while prohibiting FreeBusy requests (server#11979)
Load apps/APP/l10n/*.js and themes/THEME/apps/APP/l10n/*.js (server#11990)
Lazy open first source stream in assemblystream (server#11994)
Fix opening a section again in the Files app (server#11995)
Remove cookies from Clear-Site-Data Header (server#12005)
Forwarded ExpiredTokenException (server#12032)
Allow chunked uploads even if your quota is not sufficient (server#12040)
Improve encrypt all / decrypt all (server#12045)
Double check for failed cache with a shared storage (server#12108)
Implement the size of an assembly stream (server#12111)
Bring the browser window of an actor to the foreground when acting as him (server#12120)
Move acceptance tests that crash the PHP built-in server to Apache (server#12121)
Remove unneeded empty search attribute values, fixes#12086 (server#12122)
Fixes wrong variable usage (server#12137)
LDAP: announce display name changes so that addressbook picks it up (server#12141)
Bruteforce protection handling in combination with (server#12160)
Add global site selector as user back-end which doesn't support password confirmation (server#12184)
Do not set indeterminate state for file shares (server#12187)
Revert "Wait for cron to finish before running upgrade command" (server#12197)
Fix bug #12151: fix list formatting by correcting malformed html (server#12202)
A folder should get a folder mimetype (server#12297)
Use the proper server for the apptoken flow login (server#12299)
Do not log FileLock as exception (server#12300)
Set the filemodel before rending the detailsview (server#12301)
Disabled ldap fix (server#12331)
Fix - Add to favorites not working in IE11 (server#12339)
Remove arrow function for ie compatibility (server#12341)
Fix default types of activity event member variables (server#12353)
Suppress wrong audit log messages about failed login attempts (server#12372)
Add fix for IE11 flexbox height bug (server#12374)
Properly search the root of a shared external storage (server#12375)
Fix app update available check (server#12412)
Use nextcloud-password-confirmation (server#12416)
Fix IE rule for min width (server#12431)
Added cache override to ensure an always up-to-date accessibility css (server#12432)
Unique contraint and deadlock fixes for filecache and file_locks (server#12433)
Fix app menu calculation for random size of the right header (server#12440)
Fix missing quickaccess favorite folder on add (server#12441)
Fixes dav share issue with owner (server#12459)
Fix wrong share popover opening on share link (server#12482)
Only use width and opacity for transition (server#12492)
Forward object not found error in swift as dav 404 (server#12502)
Fix the warning appearing in the admin section when mail_smtpmode is not configured (server#12529)
Remove unused svg api route (server#12542)
Bearer tokens are app token (server#12545)
Handle permission in update of share better (server#12561)
Correctly restrict affected users when using command to send emails (activity#312)
Improve code blocks in markdown rendering (files_texteditor#121)
Properly escape column name in "createFunction" call (survey_client#85)
5.7.2
5.7.2 contains a security fix preventing malicious directory names
from being able to execute javascript. CVE request pending.
5.7.1
5.7.1 contains a security fix preventing nbconvert endpoints from executing javascript with access to the server API. CVE request pending.
5.7.0
New features:
- Update to CodeMirror to 5.37, which includes f-string sytax for Python 3.6
- Update jquery-ui to 1.12
- Check Host header to more securely protect localhost deployments from DNS rebinding.
This is a pre-emptive measure, not fixing a known vulnerability
Use .NotebookApp.allow_remote_access and .NotebookApp.local_hostnames to configure
access.
- Allow access-control-allow-headers to be overridden
- Allow configuring max_body_size and max_buffer_size
- Allow configuring get_secure_cookie keyword-args
- Respect nbconvert entrypoints as sources for exporters
- Include translation sources in source distributions
- Various improvements to documentation
Fixing problems:
- Fix breadcrumb link when running with a base url
- Fix possible type error when closing activity stream
- Disable metadata editing for non-editable cells
- Fix some styling and alignment of prompts caused by regressions in 5.6.0.
- Enter causing page reload in shortcuts editor
- Fix uploading to the same file twice
5.4.0:
New Features
- No input flag (--no-input)
- Add alias --to ipynb for notebook exporter
- Add export_from_notebook
- If set, use nb.metadata.authors for LaTeX author line
- Populate language_info metadata when executing
- Support for \mathscr
- Allow the execute preprocessor to make use of an existing kernel
- Refactor ExecutePreprocessor
- Update widgets CDN for ipywidgets 7 w/fallback
- Add support for adding custom exporters to the "Download as" menu.
- Enable ANSI underline and inverse
- Update notebook css to 5.4.0
- Change default for slides to direct to the reveal cdn rather than locally
- Use "title" instead of "name" for metadata to match the notebook format
- Img filename metadata
- Added MathJax compatibility definitions
- Per cell exception
- Simple API for in-memory templates
- Set BIBINPUTS and BSTINPUTS environment variables when making PDF
- If nb.metadata.title is set, default to that for notebook
Deprecations
- Drop support for python 3.3
Fixing Problems
- Fix api break
- Don't remove empty cells by default
- Handle attached images in html converter
- No need to check for the channels already running
- Update font-awesome version for slides
- Properly treat JSON data
- Skip executing empty code cells
- Ppdate log.warn (deprecated) to log.warning
- Cleanup notebook.tex during PDF generation
- Windows unicode error fixed, nosetest added to setup.py
- Better content hiding; template & testing improvements
- Fix Jinja syntax in custom template example.
- Fix for an issue with empty math block
- Add parser for Multiline math for LaTeX blocks
- Use defusedxml to parse potentially untrusted XML
- Fixes for traitlets 4.1 deprecation warnings
Testing, Docs, and Builds
- A couple of typos
- Add python_requires metadata.
- Document --inplace command line flag.
- Fix minor typo in usage.rst
- Add note about local reveal_url_prefix
- Move onlyif_cmds_exist decorator to test-specific utils
- Include LICENSE file in wheels
- Added Ubuntu Linux Instructions
- Check for too recent of pandoc version
- Removing more nose remnants via dependencies.
- Remove offline statement and add some clarifications in slides docs
- Linkify PR number
- Added shebang for python
- Upgrade mistune dependency
- add feature to improve docs by having links to prs
- Update notebook CSS from version 4.3.0 to 5.1.0
- Explicitly exclude or include all files in Manifest.
2.2.3:
* Enforce that response headers are only bytestrings, rather than allowing
unicode strings and coercing them into bytes.
* New command-line options to set proxy header names: --proxy-headers-host and
--proxy-headers-port.
Upstream changes:
1.90 2018-11-12 18:02:03Z
[DOCUMENTATION]
- Pod fixes (GH#261) (Julien Fiegehenn)
- Fixed pod error as reported by CPANTS. (GH#264) (Mohammad S Anwar)
[ENHANCEMENTS]
- Upgrade to HTML::TreeBuilder version 5 to get support for weak references in
HTML::Element (GH#251) (Julien Fiegehenn)
1.89 2018-10-18 19:13:34Z
[ENHANCEMENTS]
- Add support to find_image() and find_all_images() via 'id'
and 'class' (GH#242) (Julien Fiegehenn)
- Pass strict/verbose constructor args to HTML::Form (GH#256) (Julien Fiegehenn)
- Add ability to clear history and tests for history (GH#259) (mschae94)
Upstream changes:
version 2.28 at 2018-09-17 09:19:09 +0000
-----------------------------------------
Change: cf677362a133592236f3a438ba339ae0fa030c80
Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
Date : 2018-09-17 10:19:09 +0000
Release engineering for 2.28
Change: d712a41b23990ecbee9050b997532b8c6b4c6065
Author: Damyan Ivanov <dmn@debian.org>
Date : 2018-09-16 20:51:07 +0000
add support for IPv6
Upstream changes:
0.25 2018-11-03
* Add support for compiling :disabled, :selected, :checked, :text,
:last-of-type
I'm not sure whether the Perl XPath libaries support this, but at least
we can compile it.
This addresses RT #124406, thanks to Andrew Maguire
0.24 2018-11-02
* Test stability improvement if HTML::TreeBuilder::XPath is not installed
* Re-release with properly fixed META.* information
(RT 127555, reported by Dan Book)
* No code changes, no need to upgrade
o add url remap support via .bzremap file, from martin@netbsd.org
o handle redirections for any protocol, not just http:
o fix a denial of service attack against header contents, which
is now bounded at 16KiB. reported by JP
o reduce default timeouts, and add expand timeouts to handle the
initial line, each header, and the total time spent
o add -T option to expose new timeout settings
o minor RFC fixes related to timeout handling
o fix special file (.htpasswd, .bz*) bypass. reported by JP.
anyone using .htpasswd files should update ASAP.
Nghttp2 v1.35.0
lib
Use __has_declspec_attribute in order to check that dllexport/dllimport can be used.
build
libevent detection with cmake has been improved.
src
C++14 language features are now required.
nghttpx
mruby send_info non-final response is now written early.
Fix assertion failure on mruby send_info with HTTP/1.1 frontend.
h2load
HTTP/1.1 non-final response is now handled correctly.
Clarify that time for connect includes TLS handshake.
Changes 2.1.4:
Fix: shell_plus, fix 1261 check for --notebook-dir=... argument style
Fix: graph_models, Excluded models displayed as an underscore
Fix: set_fake_password, requires_model_validation has been replaced with requires_system_checks since 1.9
Docs: admin_generator, new documentation and examples
Improvement: JSONField, use new from_db_value syntax on Django 2 and up
Improvement: EncryptedTextField, use new from_db_value syntax on Django 2 and up
Improvement: graph_models, add --dot option
Improvement: graph_models, allow to redirect (text) output to file
Improvement: sqldiff, better support for indexes, index_together and unique_together
Changelog:
Version 14.0.3 October 12 2018
Changes
Fixes the apps menu scrollbar (server#11662)
Ignore "session_lifetime" if it can not be converted to a number (server#11761)
Normalize getUnjailedPath (server#11770)
Version 14.0.2 October 11 2018
Changes
Fix contacts menu on mentions (server#11350)
Make the server ready to use global scale with SAML as auth back-end (server#11373)
Fix default flex shrink on list (server#11374)
Fixes the logo height (server#11385)
Do not explode when getting permissions from a FailedStorage (server#11389)
Do not hide the progress bar while the chunked upload is being assembled (server#11399)
Fix "checkWellKnownUrl" not being run (server#11418)
Add back the total used space per user (server#11425)
Fix invalid inline input confirm border (server#11426)
Center back the history icon (server#11430)
AssemblyStream is also eof if we have no more source stream (server#11436)
Re-enable upload button after updating Avatar (server#11451)
Fix typo in config.sample.php (server#11488)
Bugfix 2FA theme: buttons white (server#11489)
Update config and babel for ie11 (server#11490)
Only catch QueryException when trying to build class (server#11492)
Show auth type "None" in email settings (server#11493)
Fix public page footer link wrap (server#11510)
Fix share header text on small widths (server#11511)
Add missing compiled mimetype list (server#11516)
Fixes the move/copy picker buttons (server#11525)
Fix breadcrumbs (server#11530)
Added kinetic scrolling for iOS to apps dropdown menu #10281 (server#11554)
Throw an error if a node is smaller than expected in assemblystream (server#11555)
Reduce the min-width of the files table so it works on sharing pages on mobile (server#11556)
Fix header overflow, fix more apps menu, fix#11552 (server#11558)
Add new group entry on users list + fixes (server#11575)
Redirect guests to login if they follow the link of a comment mention-notifications (server#11577)
Force multiselect max-height to 5.5 items (server#11579)
Just update password hash without validating (server#11580)
Fix sticky header on users list (server#11582)
Fix header border on users list (server#11608)
Fix call to logger (server#11610)
Allow the creationg of previews of files stored in appdata (server#11703)
Update CRL due to changed cert for linkshareex (server#11706)
Fix a misleading setup check for .well-known/caldav & carddav (server#11738)
Remove unneeded CSS rule for IE 11 (files_pdfviewer#101)
Hide footer in public share page (files_pdfviewer#103)
Fix embedded viewer with new server layout on IE 11 (files_pdfviewer#98)
Version 14.0.1 September 25 2018
Changes
Fixes the upload progress bar layout - 14 backport (server#11039)
Fix markup and style of mentions in comments (server#11077)
Do not invalidate main token on OAuth (server#11090)
Expire tokens hardening (server#11103)
fix js files client for user names with spaces (server#11152)
Fix user and group listing with users that have an integer user id (server#11186)
Fix exception class (server#11187)
Remove posix_getpwuid and compare only userid (server#11191)
Fix check for more users in sharing dialogue (server#11201)
Remove filter_var flags due to PHP 7.3 deprecation, fixes#10894 (server#11237)
Fixes empty favorite names for trailing slashes (server#11259)
Fix size of icons in menus inside apps when shown as images (server#11276)
Prevent comment being composed from overlapping the submit button (server#11277)
replace setcookie value with '' instead of null. (server#11280)
Fix the link and anchor for the update notifications (server#11282)
Include empty directories in the default state of acceptance tests (server#11283)
Get permission of storage for shares (server#11287)
Shared by info for room shares without names (server#11288)
Fix icons cacher regex for compressed output (server#11291)
Revert "Use APCu caching of composer" (server#11293)
Use user locale as default in the template (server#11294)
Fix expiration code of tokens (server#11302)
Add unit test for findLanguageFromLocale (server#11340)
14 scroll fix (activity#295)
Update stable14 target versions (files_texteditor#111)
Update stable14 target versions (firstrunwizard#80)
Update stable14 target versions (gallery#467)
Update stable14 target versions (nextcloud_announcements#32)
Update stable14 target versions (notifications#158)
Update config and babel for ie11 (notifications#161)
Version 14.0.0 September 10 2018
Changes
Nextcloud 14 merged nearly 1000 pull requests with improvements and changes, almost 150 more than Nextcloud 13. This only covers the core server, hundreds more changes were made in the apps that make up our release, making this version officially our biggest release ever.
While we can never cover everything that has improved, these are the main feature highlights:
Video Verification - use a video call with Talk to verify the identity of somebody before granting them access to a share
Two-factor authentication now with Signal and Telegram as well as NFC and SMS
Accessibility improvements & dark theme
Add a note to shares, share files in a Talk chat, new Deck Kanban app and much more
Version 13.0.7 October 11 2018
Changes
Prefer using dir instead of allinfo for getting smb file info (server#10804)
[LDAP] The WebUI Wizard also should not assign empty config IDs (server#10824)
Fix mimetype detection for junked uploads (server#10829)
Improve performance when dealing with large numbers of shares (server#10884)
Cast timestamps older than unix epoch to 0 (server#10902)
Use the same ignored properties list for both CustomerPropertiesBackends (server#10911)
Do not hide the progress bar while the chunked upload is being assembled (server#11400)
Fix "checkWellKnownUrl" not being run (server#11419)
AssemblyStream is also eof if we have no more source stream (server#11437)
Show auth type "None" in email settings (server#11494)
Fixes the move/copy picker buttons (server#11524)
Allow the creationg of previews of files stored in appdata (server#11704)
Update CRL due to changed cert for linkshareex (server#11707)
Fix a misleading setup check for .well-known/caldav & carddav (server#11739)
Version 13.0.6 August 30 2018
Changes
Add sabre plugin to allow anonymous options requests to the dav root (server#10285)
Do scan the root storage in background scan (server#10376)
Adding test for table schedulingobjects and fixing postgres LOB (server#10552)
Fix transfering ownership of a share to user with same id as receiver (server#10565)
Make file cache updates more robust (server#10581)
Retry smb stat on timeout (server#10591)
Use insertIfNotExists to store new mimetypes. (server#10620)
Only warn about data lose on password reset if per-user keys are used (server#10646)
Update the scope of the lockdownmanager (server#10682)
Log entries that are hidden during file listing (server#10698)
Forgotten pass fix link (server#10735)
Fix comment style in config sample (server#10759)
Make sure error_log() always receives a string (server#10760)
Fix call to OC.generateUrl for caldav birthday calendar on/off (server#10761)
Use the path_hash instead of the path to query the filecache (server#10762)
Don't blame random people for background email updates (server#10763)
Resolve all group memberships properly (server#10783)
Remove unexecutable code (server#10816)
Improve URL detection (server#10821)
MySQL 8.0+ and MariaDB 10.3+ are large prefix and barracuda by default (server#10823)
Disallow negative mtime in dav search (server#10837)
- Fixed a bug when user clicking confirmation link after confirmation
and expiration causes confirmation email to resend.
- Added support for I18N.
- Added options `SECURITY_EMAIL_PLAINTEXT` and `SECURITY_EMAIL_HTML`
for sending respecively plaintext and HTML version of email.
- Fixed validation when missing login information.
- Fixed condition for token extraction from JSON body.
- Better support for universal bdist wheel.
- Added port of CLI using Click configurable using options
`SECURITY_CLI_USERS_NAME` and `SECURITY_CLI_ROLES_NAME`.
- Added new configuration option `SECURITY_DATETIME_FACTORY` which can
be used to force default timezone for newly created datetimes.
- Better IP tracking if using Flask 0.12.
- Renamed deprecated Flask-WFT base form class.
- Added tests for custom forms configured using app config.
- Added validation and tests for next argument in logout endpoint.
- Bumped minimal required versions of several packages.
- Extended test matric on Travis CI for minimal and released package
versions.
- Added of .editorconfig and forced tests for code style.
- Fixed a security bug when validating a confirmation token, also checks
if the email that the token was created with matches the user's current
email.
- Replaced token loader with request loader.
- Changed trackable behavior of `login_user` when IP can not be detected
from a request from 'untrackable' to `None` value.
- Use ProxyFix instead of inspecting X-Forwarded-For header.
- Fix identical problem with app as with datastore.
- Removed always-failing assertion.
- Fixed failure of init_app to set self.datastore.
- Changed to new style flask imports.
- Added proper error code when returning JSON response.
- Changed obsolete Required validator from WTForms to DataRequired. Bumped
Flask-WTF to 0.13.
- Fixed missing `SECURITY_SUBDOMAIN` in config docs.
- Added cascade delete in PeeweeDatastore.
- Added notes to docs about `SECURITY_USER_IDENTITY_ATTRIBUTES`.
- Inspect value of `SECURITY_UNAUTHORIZED_VIEW`.
- Send password reset instructions if an attempt has expired.
- Added "Forgot password?" link to LoginForm description.
- Upgraded passlib, and removed bcrypt version restriction.
- Removed a duplicate line ('retype_password': 'Retype Password') in
forms.py.
- Various documentation improvement.
Changes:
=================
WebKitGTK+ 2.22.4
=================
What's new in WebKitGTK+ 2.22.4?
- Expose ENABLE_MEDIA_SOURCE as a public build option.
- Fix a crash when using Cairo versions between 1.15 and 1.16.0
- Fix the build with -DLOG_DISABLED=0.
- Fix the build with ENABLE_VIDEO=OFF and ENABLE_WEB_AUDIO=OFF.
- Fix debug builds of JavaScriptCore.
- Fix several crashes and rendering issues.
0.12.0
Drop support for Python 3.3
ca_certs from environment HTTPLIB2_CA_CERTS or certifi
PROXY_TYPE_HTTP with non-empty user/pass raised TypeError: bytes required
Revert http:443->https workaround
eliminate connection pool read race
cache: stronger safename
1.0.0:
* Added --style=auto which follows the terminal ANSI color styles.
* Added support for selecting TLS 1.3 via --ssl=tls1.3
(available once implemented in upstream libraries).
* Added true/false as valid values for --verify
(in addition to yes/no) and the boolean value is case-insensitive.
* Changed the default --style from solarized to auto (on Windows it stays fruity).
* Fixed default headers being incorrectly case-sensitive.
* Removed Python 2.6 support.
2.1.0:
Removed support for Django 1.8, 1.9, 1.10
2.0.5:
Deal with missing context from aldryn-search
Add support for newer Django versions
Add parameters for embed_link
Fix swappable filer image model support
2.0.4:
Added URL parsing for the embed url. It now accepts various versions of YouTube urls and converts them to an embed link.
Added the python3.5 test env
2.0.3:
Prevent changes to DJANGOCMS_VIDEO_XXX settings from requiring new migrations
Changed naming of Aldryn to Divio Cloud
Adapted testing infrastructure (tox/travis) to incorporate django CMS 3.4 and dropped 3.2
Updated translations
2.0.2:
Fixed an issues with migrations where Null values caused IntegrityError
2.0.1:
Removed base.html for performance reasons
Fixed faulty settings parsing in aldryn_config.py
Fixed an issue where ValidationError wasn't imported
Adapted private get_template method
Updated translations
2.0.0:
Dropped flash support
Dropped django CMS <3.3.1 support
Dropped Django <1.8 support
Renamed Video to VideoPlayer
Added Video Source Plugin
Added Video Track Plugin
Adapted files to resemble best practices
Updated translations
2.1.0:
Fixed a validation issue with attributes
Added support for Django 1.11, 2.0 and 2.1
Removed support for Django 1.8, 1.9, 1.10
Adapted testing infrastructure (tox/travis) to incorporate django CMS 3.5 and 4.0
2.0.2:
Ensure class ordering is maintained
2.0.1:
Prevent changes to DJANGOCMS_STYLE_XXX settings from requiring new migrations
Changed naming of Aldryn to Divio Cloud
Adapted testing infrastructure (tox/travis) to incorporate django CMS 3.4 and dropped 3.2
Updated translations
2.1.1:
Added reference variables to migrations
Fixed a text typo in models
2.1.0:
Removed support for Django 1.8, 1.9, 1.10
2.0.8:
Fixed an issue where default DJANGOCMS_PICTURE_RESPONSIVE_IMAGES was not in settings
2.0.7:
Add responsive image support
Add support for Django 2.0 and 2.1
Fix swappable filer image model support
2.0.6:
Fixed a misleading link to MDN inside code documentation
Abstract the link model so it can be extended by other addons
2.0.5:
Fixed an issue in DJANGOCMS_PICTURE_ALIGN where "Align center" pointed to the wrong value
Updated translations
2.0.4:
Prevent changes to DJANGOCMS_PICTURE_XXX settings from requiring new migrations
Changed naming of Aldryn to Divio Cloud
Adapted testing infrastructure (tox/travis) to incorporate django CMS 3.4 and dropped 3.2
Fixed an issue when no image is set after deletion in django-filer (on_delete=SET_NULL)
Updated translations
2.0.3:
Fixed an issue with picture_link not working as expected in the template
Fixed an issue where the alt text was not displayed appropriately
Fixed an issue where placeholder params can be strings
2.0.2:
Fixed an issues with migrations where Null values caused IntegrityError
2.0.1:
Fixes an issue where images throw an AttributeError
1.2.0:
Fixed an issue with map not always setting correct zoom level
Removed admin url data attribute from the map marker if cms isn't in edit mode
Added support for Django 1.11, 2.0 and 2.1
Removed support for Django 1.8, 1.9, 1.10
Adapted testing infrastructure (tox/travis) to incorporate django CMS 3.5 and 4.0
1.1.1:
Refactored migration 0005 to avoid using the django CMS api because it can lead to database errors when the models on file don't match the ones in the migration.
Moved Google Apps API Key to an environment variable on Divio Cloud
1.1.0:
Added support for customize marker icon
Updated translations
1.0.2:
Fixed an issue where 0005 migration mismatches lat/lng values when creating the new nested structure from older upgrades
Updated translations
1.0.1:
Prevent changes to DJANGOCMS_GOOGLEMAP_XXX settings from requiring new migrations
Changed naming of Aldryn to Divio Cloud
Adapted testing infrastructure (tox/travis) to incorporate django CMS 3.4 and dropped 3.2
Fixed zoom level not correctly being applied
Fixed latitude/longitude data attribute values being incorrectly parsed for locales not using a period as decimal separator (e.g. german)
2.1.0:
Removed support for Django 1.8, 1.9, 1.10
2.0.3:
Add support for Django 1.10, 1.11, 2.0 and 2.1
Adapted testing infrastructure (tox/travis) to incorporate django CMS 3.5 and 4.0
2.0.2:
Prevent changes to DJANGOCMS_FILE_XXX settings from requiring new migrations
Changed naming of Aldryn to Divio Cloud
Adapted testing infrastructure (tox/travis) to incorporate django CMS 3.4 and dropped 3.2
Updated translations
2.0.1:
Fixes an issue where images throw an AttributeError
2.0.0:
Added tests
Cleaned up file structure
Removed Django < 1.8 support
Adapted README.txt
Added translations
3.6.1:
Added Django 2.0 & 2.1 support
Updated setup.py to use html5lib>=0.999999999
Fixed ValueError on static file resolution at import time
3.6.0:
Changed the way ckeditor widget is initialized
3.5.3:
Updated CKEditor to 4.7.3
Added context to translation payload when dealing with TextPlugin instances
3.5.1:
Introduced support for django CMS 3.5.0
Fixed a regression which prevented multiple HTMLFields from having different configurations.
Fixed a bug where text coming from HtmlField was escaped when using it with other third party apps like django-parler.
Fixed a bug where dialog backdrop would've been incorrectly removed allowing for disallowed actions.
Fixed a bug when a dialog would open underneath maximized editor.
3.5.0:
Fixed an issue where the rendered HTML of plugins nested in text plugins leaked and became editable in some cases.
Updated CKEditor to 4.6.2
3.4.0:
Introduced support for the djangocms-history app.
Fixed an issue when CKEditor was triggering unnecessary delete-on-cancel requests after editing a plugin.
Fixed a bug which raised an exception when using a lazy object on the plugin configuration.
This project aims to provide a sensible means of storing and managing arbitrary
HTML element attributes for later emitting them into templates.
There are a wide variety of types of attributes and using the "normal" Django
method of adding ModelFields for each on a business model is cumbersome at best
and moreover may require related tables to allow cases where any number of the
same type of attribute should be supported (i.e., data-attributes). This can
contribute to performance problems.
To avoid these pitfalls, this package allows all of these attributes to be
stored together in a single text field in the database as a JSON blob, but
provides a nice widget to provide an intuitive, key/value pair interface and
provide sensible validation of the keys used.
1.4.0:
* Added support for Django 2.0 and 2.1
* Enabled django-mptt 0.9
* Converted QueryDict to dict before manipulating in admin
* Hide 'Save as new' button in file admin
* Fixed history link for folder and image object
* Fixed rendering canonical URL in change form
3.5.3:
* Fixed TreeNode.DoesNotExist exception raised when exporting
and loading database contents via dumpdata and loaddata.
* Fixed a bug where request.current_page would always be the public page,
regardless of the toolbar status (draft / live). This only affected custom
urls from an apphook.
* Removed extra quotation mark from the sideframe button template
* Fixed a bug where structureboard tried to preload markup when using legacy
renderer
* Fixed a bug where updates on other tab are not correctly propagated if the
operation was to move a plugin in the top level of same placeholder
* Fixed a bug where xframe options were processed by clickjacking middleware
when page was served from cache, rather then get this value from cache
* Fixed a bug where cached page permissions overrides global permissions
* Fixed a bug where plugins that are not rendered in content wouldn't be
editable in structure board
* Fixed a bug with expanding static placeholder by clicking on "Expand All" button
* Fixed a bug where descendant pages with a custom url would lose the overwritten
url on save.
* Fixed a bug where setting the on_delete option on PlaceholderField
and PageField fields would be ignored.
* Fixed a bug when deleting a modal from changelist inside a modal
Changes with nginx 1.15.6:
*) Security: when using HTTP/2 a client might cause excessive memory
consumption (CVE-2018-16843) and CPU usage (CVE-2018-16844).
*) Security: processing of a specially crafted mp4 file with the
ngx_http_mp4_module might result in worker process memory disclosure
(CVE-2018-16845).
*) Feature: the "proxy_socket_keepalive", "fastcgi_socket_keepalive",
"grpc_socket_keepalive", "memcached_socket_keepalive",
"scgi_socket_keepalive", and "uwsgi_socket_keepalive" directives.
*) Bugfix: if nginx was built with OpenSSL 1.1.0 and used with OpenSSL
1.1.1, the TLS 1.3 protocol was always enabled.
*) Bugfix: working with gRPC backends might result in excessive memory
consumption.
This is currently a, hopefully, simple to use LibSass Go API. It
uses the C bindings in https://github.com/wellington/go-libsass/libs
to do the heavy lifting.
The primary motivation for this project is to add SCSS support to
Hugo. It is has some generic tocss package names hoping that there
will be a solid native Go implementation that can replace LibSass
in the near future.
Spritewell performs image composition on a glob of source images.
This is useful for creating spritesheets of images. This is a thread
safe library and is optimized for multicore systems.
This package contains several lexers and parsers written in Go.
All subpackages are built to be streaming, high performance and to
be in accordance with the official (latest) specifications.
The lexers are implemented using buffer.Lexer in
https://github.com/tdewolff/parse/buffer and the parsers work on
top of the lexers. Some subpackages have hashes defined (using
Hasher) that speed up common byte-slice comparisons.
Minify is a minifier package written in Go. It provides HTML5,
CSS3, JS, JSON, SVG and XML minifiers and an interface to implement
any other minifier. Minification is the process of removing bytes
from a file (such as whitespace) without changing its output and
therefore shrinking its size and speeding up transmission over the
internet and possibly parsing. The implemented minifiers are designed
for high performance.
The core functionality associates mimetypes with minification
functions, allowing embedded resources (like CSS or JS within HTML
files) to be minified as well. Users can add new implementations
that are triggered based on a mimetype (or pattern), or redirect
to an external command (like ClosureCompiler, UglifyCSS, ...).
Package urlesc implements query escaping as per RFC 3986.
It contains some parts of the net/url package, modified so as to
allow some reserved characters incorrectly escaped by net/url.
Games using WebGL (created in Unity) get stuck after very short time of gameplay (bug 1502748)
Slow page loading for some users with specific proxy configurations (bug 1495024)
Disable HTTP response throttling by default for causing bugs with videos in background tabs (bug 1503354)
Opening magnet links no longer works (bug 1498934)
Crash fixes (bug 1498510, bug 1503424)
Version 0.7.0
~~~~~~~~~~~~~
* Update to Markdown 3.0 with new extension loading syntax.
* Added `FLATPAGES_EXTENSION_CONFIGS` for configuring extensions
specified by import string.
* Add support for loading pages from Flask instance folder
* Add a case insensitive loading option
Version 0.6.1
~~~~~~~~~~~~~
* Update dependencies to `Flask>=1.0` (as Flask 0.12.1 has known
vulnerabilities).
* Pin `Markdown<=3.0` as the Markdown extension API has changed.
Changes:
## [3.3.0] - 2018-11-06
### Added
* Allow to change following webkit settings during runtime
* allow-file-access-from-file-urls
* allow-universal-access-from-file-urls
* Added `#define CHECK_WEBEXTENSION_ON_STARTUP 1` to config.def.h to enable
checks during runtime if the webextension file could be found. Hope that
this helps user to fix compile/installation issues easier.
* Re-Added support for page marks to jump around within long single pages by
using names marks.
Set a marks by `m{a-z}` in normal mode. Jump to marks by `'{a-z}`.
* Re-Added `gf` to show page source (Thanks to Leonardo Taccari) #361.
Webkit2 does not allow to show tha page in the source view mode so the `gf`
writes the HTML to a temporary files and opens it in the editor configured
by `:set editor-command=...`
### Changed
* New created files in `$XDG_CONFIG_HOME/vimb` are generated with `0600`
permission to prevent cookies be observed on multi users systems. Existing
files are not affected by this change. It's a good advice to change the
permission of all the files in `$XDG_CONFIG_HOME/vimb` to `0600` by
hand.
### Fixed
* Fixed missing dependency in Makefile which possibly caused broken builds
(Thanks to Patrick Steinhardt).
* Fixed weird scroll position values shown in scroll indicator on some pages #501.
* Fixed wrong hint label position on xkcd.com #506.
* Fixed wrong hint label position in case of hints within iframes.
## [3.2.0] - 2018-06-16
### Added
* Allow basic motion commands for hinting too.
* Show the numbers of search matches in status bar.
* Show dialog if the page makes a permission request e.g. gelocation to allow
the user to make a decission.
* new Setting `show-titlebar` to toggle window decorations.
### Changed
* Use sqlite as cookie storage #470 to prevent cookies lost on running many
vimb instances.
* Start vimb with maximized window #483.
* Hints are now styled based on the vimbhint attributes. The old additional set
classes are not set anymore to the hints. So customized css for the hints have
to be adapted to this.
* Element ID is stored in case the editor was spawned. So it's now possible to
start the editor, load another page, come back and paste the edotor contents
(thanks to Sven Speckmaier).
### Fixed
* Fixed none cleaned webextension object files on `make clean`.
* Remove none used gui styling for completion.
### Removed
* Removed webkit1 combat code.
## [3.1.0] - 2017-12-18
### Added
* Added completion of bookmarked URIs for `:bmr` to allow to easily remove
bookmarks without loading the page first.
* Refresh hints after scrolling the page or resizing the window which makes
extended hint mode more comfortable.
* Reintroduce the automatic commands from vimb2. An automatic command is
executed automatically in response to some event, such as a URI being opened.
### Changed
* Number of webprocesses in no longer limited to one.
* Treat hint label generation depending on the first hint-key char.
If first char is '0' generate numeric style labels else the labels start with
the first char (thanks to Yoann Blein).
* `hint-keys=0123` -> `1 2 3 10 11 12 13`
* `hint-keys=asdf` -> `a s d f aa as ad af`
* Show versions of used libs on `vimb --bug-info` and the extension directory
for easier issue investigation.
* During hinting JavaScript is enabled and reset to it's previous setting after
hinting is done might be security relevant.
* Allow extended hints mode also for open `g;o` to allow the user to toggle
checkboxes and radiobuttons of forms.
* Rename `hint-number-same-length` into `hint-keys-same-length` for consistency.
* Search is restarted on pressing `n` or `N` with previous search query if no
one was given (thanks to Yoann Blein).
### Fixed
* Deduced min required webkit version 2.16.x -> 2.8.x to compile vimb also on
older systems.
* Fixed undeleted desktop file on `make uninstall`.
* Fixed window not redrawn properly in case vimb was run within tabbed.
* Fixed cursor appearing in empty inputbox on searching in case a normal mode
command was used that switches vimb into command mode like 'T' or ':'.
* Fixed hint labels never started by the first char of the 'hint-keys'.
* Fixed items where added to history even when `history-max-items` is set to 0
(thanks to Patrick Steinhardt).
* Fixed hinting caused dbus timeout on attempt to open URI with location hash.
* Fixed wrong scroll position shown in the right of the statusbar on some pages.
* Fixed vimb keeping in normal mode when HTTP Authentication dialog is shown.
* Fixed password show in title bar and beeing written to hisotry in case the
pssword was given by URI like https://user:password@host.tdl.
## [3.0-alpha] - 2017-05-27
### Changed
* completely rebuild of vimb on webkit2 api.
* Syntax for the font related gui settings has be changed.
Fonts have to be given as `[ font-style | font-variant | font-weight | font-stretch ]? font-size font-family`
Example `set input-font-normal=bold 10pt "DejaVu Sans Mono"` instead of
previous `set input-fg-normal=DejaVu Sans Mono Bold 10`
* Renames some settings to consequently use dashed setting names. Following
settings where changed.
```
previous setting - new setting name
--------------------------------------
cursivfont - cursiv-font
defaultfont - default-font
fontsize - font-size
hintkeys - hint-keys
minimumfontsize - minimum-font-size
monofont - monospace-font
monofontsize - monospace-font-size
offlinecache - offline-cache
useragent - user-agent
sansfont - sans-serif-font
scrollstep - scroll-step
seriffont - serif-font
statusbar - status-bar
userscripts - user-scripts
xssauditor - xss-auditor
```
### Removed
* There where many features removed during the webkit2 migration. That will
hopefully be added again soon.
* auto-response-headers
* autocommands and augroups
* external downloader
* HSTS
* kiosk mode
* multiple ex commands on startup via `--cmd, -C`
* page marks
* prevnext
* showing page source via `gF` this viewtype is not supported by webkit
anymore.
* socket support
Packaged by Yorick Hardy and myself in pkgsrc-wip.
Changes with nginx 1.14.1 06 Nov 2018
*) Security: when using HTTP/2 a client might cause excessive memory
consumption (CVE-2018-16843) and CPU usage (CVE-2018-16844).
*) Security: processing of a specially crafted mp4 file with the
ngx_http_mp4_module might result in worker process memory disclosure
(CVE-2018-16845).
*) Bugfix: working with gRPC backends might result in excessive memory
consumption.
Full compatibility with PHP 7.2 (#2947772)
Drupal 7.61, 2018-11-07
-----------------------
- File upload validation functions and hook_file_validate() implementations are
now always passed the correct file URI.
- The default form cache expiration of 6 hours is now configurable (API
addition: https://www.drupal.org/node/2857751).
- Allowed callers of drupal_http_request() to optionally specify an explicit
Host header.
- Allowed the + character to appear in usernames.
- PHP 7.2: Fixed Archive_Tar incompatibility.
- PHP 7.2: Removed deprecated function each().
- PHP 7.2: Avoid count() calls on uncountable variables.
- PHP 7.2: Removed deprecated create_function() call.
- PHP 7.2: Make sure variables are arrays in theme_links().
- Fixed theme-settings.php not being loaded on cached forms
- Fixed problem with IE11 & Chrome(PointerEvents enabled) & some Firefox scroll to the top of the page after dragging the bottom item with jquery 1.5 <-> 1.11
18.11.1
new: forward_for WAMP message attribute (for Crossbar.io Router-to-Router federation)
new: support RawSocket URLs (eg "rs://localhost:5000" or "rs://unix:/tmp/file.sock")
new: support WAMP-over-Unix sockets for WAMP components ("new API")
fix: use same WAMP serializer construction code for WAMP components ("new API") and ApplicationSession/Runner
fix: memory leak with Twisted/WebSocket, dropConnection and producer
1.5.1:
* has-class XPath function handles newlines and other separators
in class names properly;
* fixed parsing of HTML documents with null bytes;
* documentation improvements;
* Python 3.7 tests are run on CI; other test improvements.
Version 2.0:
2.0 introduced a number of small changes and tidy-ups.
Please see the migration guide:
https://django-filter.readthedocs.io/en/master/guide/migration.html#migrating-to-2-0
* Added testing for Python 3.7
* Improve exception message for invalid filter result
* Test QueryDict against CSV filters
* Add `renderer` argument to `render()` method of `BooleanWidget`
* Fix lookups for reverse relationships
* Refactor backend filterset instantiation
* Improve view-related attribute name consistency
* Fix distinct call for range filters
* Fix empty value check for CSV range
* Rework DateRangeFilter
* Added testing for Django 2.1
* Rework 'lookup types' handling into LookupChoiceFilter
* Add linting and docs builds to CI
* Use DRF BooleanFilter for NullBooleanField
* Added Brazilian locale
* List Django as a dependency in setup.py
* Keep coverage reports files off version control.
* Update migration docs
* Added be, cs and uk translations. Updated de and ru
* Slovak translation
* Added Django 2.0 support.
* Fix warnings build
* Add greek translation
* Replaced super(ClassName, self) with super()
* Fixed doc URL in utils.deprecate().
* Added danish translation to django-filter
* Rework validation, add queryset filter method
* Fix Schema warnings
* Update {Range,LookupType}Widgets to use suffixes
* Method signature improvements
* Remove more deprecations
* Drop python 2, Django<1.11 support
* Remove 'Meta.together' option
* [2.x] Remove some deprecations
Changes:
2018-07-08 (2.8.9rel.1)
* documentation/metrics updates -TD
2018-06-10 (2.8.9pre.1)
* fix an inconsistency in message for "-listonly" option (Debian #805753) -TD
2018-05-17 (2.8.9dev.19)
* update test-packages to use current ncurses test-packages -TD
* improve portability for sockaddr structures used in HTTP and FTP, for
IPv6 and SOCKS configurations -TD
* fix several minor warnings reported by Coverity -TD
* build-fix overlooked in 2.8.9dev.3 when INACTIVE_INPUT_STYLE_VH is defined,
for problem introduced by 2.8.8dev.17 code-cleanup -GV
* trim unnecessary intllib symbols from src/chrtrans/makefile.in -TD
* when cross-compiling, trim LDFLAGS from makefile rule linking makeuctb,
because it is a build tool, which should generally use BUILD_LDFLAGS
(patch by Thomas Petazzoni)
2018-05-06 (2.8.9dev.18)
* ignore content-encoding in HTContentToCompressType() if the content-type is
known, to improve the suggested filename (report by Russell Bell) -TD
* add support for using client certificate with OpenSSL configuration (patch
by Elliot Thomas).
* fix a few more memory leaks -TD
* put Lynx.leaks file in home directory like Lynx.trace (report by GV) -TD
* fix a memory leak in HTFTP.c -GV
* modify HTDoConnect(), adding a check for keyboard interrupt with 'z' in the
select-loop -TD
* modify legacy feature from Lynx 2.7.2 which checks the hostname of a URI
to guess whether to use HTTP, FTP, etc., depending upon the prefix of the
URIs hostname. This is now an optional feature, GUESS_SCHEME, which defaults
to FALSE (Debian #893907) -TD
2018-03-21 (2.8.9dev.17)
* modify samples/oldlynx.bat to check if Lynx recognizes the -lss option -TD
* modify samples/*lynx.bat to check for environment variables that Lynx would
test for temp-directory, and only if those are absent will the scripts
attempt to create a temp-directory -TD
* modify samples/*lynx.bat to set PATH for executing utility programs -TD
* remove unused critSec_DNS -TD
* use EnterCriticalSection in ws_netread rather than InitializeCriticalSection
since critSec_READ was initialized in LYMain.c (report by GV) -TD
* use freeaddrinfo() in one case where free() was used (report by GV) -TD
* implement "+" item type for gopher protocol (report by James Tomasino) -TD
* add checks in options-menu in case no color-styles have been defined -TD
* add Visual Studio project files for 2010, 2012 -TD
* improve checks for strings which should not be empty -TD
* check for empty personal-mail-address (report by TG) -TD
* modify samples/lynx-demo.cfg to use SOURCE_CACHE:memory -TD
* modify samples/*lynx.bat to use existing TEMP-directory if possible -TD
* modify windows installer to select directory containing SSL DLLs and copy
them into lynx's application directory -TD
* add oldlynx.bat sample script to windows installer -TD
* use default lynx.lss color scheme with samples/lynx.bat -TD
* modify windows installers to use static libraries for pdcurses and slang,
because the dll for the latter is much larger than the rest of lynx.
Even with this change, lynx.exe is 50% larger when using slang than with
pdcurses -TD
* rename test-package for ".rpm" to "lynx-dev" for consistency with ".deb" -TD
* improve samples/lynx.bat by using location of script rather than current
directory -loto1992@inbox.ru ("Smuggler")
* permanently enable MISC_EXP feature -TD
* remove several obsolete ifdefs: DGUX, DGUX_OLD, HP_TERMINAL,
REVERSE_CLEAR_SCREEN_PROBLEM, SHORTENED_RBIND, SLANG_MBCS_HACK, SNAKE -TD
* improve logic in HTCopy used to limit reads based on content-length to
take into account server headers which extend past the first block read
(report/test-case by Dick Wesseling) -TD
* permanently enable EXP_HTTP_HEADERS feature -TD
* modify color-style hashing to check for collisions (reported by TG, Russell
Bell) -TD
* add PREFERRED_CONTENT_TYPE defaulting to text/plain and options-menu to
replace an assumption in HTMIMEConvert that everything is text/html.
Since most servers provide a valid Content-Type for HTML, and are more likely
to omit it for files lacking a known suffix, defaulting to text/plain is a
better choice -TD
* remove dead-code for OMIT_SCN_KEEPING -TD
* remove dead/unreachable pretty-source code in HTML.c, noticed because
it complicates hashing -TD
* improve hashing for anchors and styles by using a more suitable hash-table
size -TD
* add a note in lynx.cfg telling how to remove a default key-mapping -TD
* modify "=" command to make it possible to disable margins for the URL string,
by first disabling wrapping using "|" -TD
* several fixes for Windows version -TH
+ fix an abnormal terminate when pressing 'd'(download) on no action button.
+ work around incompatibility in move() between POSIX and Windows.
ref: https://www.securecoding.cert.org/confluence/display/c/FIO10-C.+Take+care+when+using+the+rename%28%29+function
+ fix limit-check for SJIS which prevented showing a show long title in the
title bar on Windows environment.
+ fix problem with PDCurses when wrapping lines.
ref: lynx-dev discussions "Subject: Wrapping line behavior"
+ fix resizing terminal problem with Windows + PDCurses.
This problem occurs only with some combinations of source and destination
screen size.
For example: 80x25 -> 90x20
+ including some code clean up
* improve consistency in help-files discussing line-edit keymaps (prompted by
Debian #888391) -TD
* additional fixes to work with LibreSSL on OpenBSD 6.2 -TD
* build-fixes for OpenSSL 1.1.0 versus 1.0.0 (patch by Quentin Minster).
* modify configure script to make a quirk of NetBSD's make-program less
noticeable -TD
* modify configure script to work around pkgsrc's misconfiguration of shared
libraries -TD
* modify po/makefile.inn to ensure the temporary files have distinct names
to avoid problem with "make -j8" (Debian #890811) -TD
* update makefile/batch-scripts to allow building with newer Visual Studio
versions, e.g., 2010, 2012, so that a 64-bit executable can be built -TD
* repair link in lynx_help_main.html to HTML 3.2 documentation
(Savannah #47803) -TD
* update eo.po, fr.po from
http://translationproject.org/latest/lynx
* improved several configure macros:
CF_BUILD_CC, CF_CC_ENV_FLAGS, CF_CURSES_FUNCS, CF_CURSES_LIBS,
CF_NCURSES_CONFIG -D
* updated ftp-site url -TD
* update config.guess (2018-01-26), config.sub (2018-01-15)
2017-07-10 (2.8.9dev.16)
* modify configure script to warn if NLS cannot be configured, and disable
the feature rather than leaving it partly configured and failing during
the build -TD
* modify configure script to allow pre-set $MSGFMT and $XGETTEXT variables to
to used to build the NLS configuration using system's native NLS support -TD
* convert po/zh_TW.po to UTF-8 to work with Solaris10, which lacks big5 -TD
* build-fix for OSX Panther, which has PRId64 but not SCNd64 (patch by Martijn
Dekker).
* modify po-makefile to use msgmerge to align with lynx.pot, and also use sed
to update some obsolete homepage URLs in translations -TD
* add a note in the comments for INCLUDE in lynx.cfg regarding the default
directory searches LYOpenCFG(), added in 2.8.4dev.20 (Debian #818047) -TD
* add a check to ensure that HTML_put_string() will not append a chunk onto
itself (report by Ned Williamson) -TD
* update da.po, et.po, tr.po from
http://translationproject.org/latest/lynx
2017-07-04 (2.8.9dev.15)
* add note in lynx.cfg about default values (Debian #408448) -TD
* amended Backes' change to the COLLAPSE_BR_TAGS feature for compatibility -TD
+ use ENABLE_LYNXRC to determine whether it is written to the .lynxrc file.
+ add command-line option, etc., for controlling whether blank lines are
trimmed, e.g., trailing lines as well as the special case for collapsing
br-tags. Leading blank lines at the top of the document are untouched.
+ modify limit for trimmed lines to retain as little as 1 line; previously
the trimming would go no smaller than 2 lines.
* add command-line option and options-menu item for COLLAPSE_BR_TAGS (patch
by Peter Backes).
* fix strict gcc7 warnings on OSX, aside from those due to incorrect system
headers -TD
* adjust definition of alloca() in HTUtils.h to quiet bogus compiler warning
with NetBSD 7 -TD
* add configure check for preprocessor -C option, overlooked in c99 -TD
* correct logic in HTCopy() when re-reading a page (Debian #863008) -TD
* fix lintian warnings in ".deb" test-package -TD
* build-fix for PGI compilers, e.g., symbol conflicts -TD
* update eo.po from
http://translationproject.org/latest/lynx
2017-05-10 (2.8.9dev.14)
* amend fix for Debian #841155, adding check for complete multibyte strings to
decide when the cell-limit has been met (Debian #862148) -TD
* minor improvements to configure script to reduce warnings in config.log -TD
* update config.sub (2017-04-02)
* compiler-warning fixes for c99 on OSX -TD
2017-04-29 (2.8.9dev.13)
* amend fix for Debian #841155, adding check for special case where the
expected number of cells is zero (report by Larry Hynes) -TD
2017-04-28 (2.8.9dev.12)
* correct logic in cell2char(), which gave up too early in determining the
number of cells needed for a multibyte string in the editable text-fields
(Debian #841155) -TD
* improve manual page discussion of environment variables, prompted by
comments in Debian #791452, which overlooked the fact that details of proxy
behavior are found in the user guide -TD
* cleanup some of the user's guide formatting, e.g., for quote-characters -TD
* consistently use "_" in command-line options table and manual page, to work
with program logic that treats "-" as "_", but not the reverse (report by
Larry Hynes) -TD
* improved several configure macros: CF_ADD_CFLAGS, CF_CC_ENV_FLAGS,
CF_GNU_SOURCE, CF_LARGEFILE, CF_MATH_LIB, CF_PROG_LINT, CF_SRAND,
CF_XOPEN_SOURCE -TD
* modify Windows makefile to allow SSL_LIBS and SSL_DEFS to be overridden,
reflecting naming-incompatibility in recent OpenSSL development -TD
* modify ncurses-specific code to allow its TERMINAL struct to be opaque -TD
* refine special case of server Content-Type from 2.8.7dev.11 changes to
decompress files offered for download when the server has gzip'd them
(report by TH) -TD
* amend comparision from 2.8.8dev.10 changes to handle slang specially
(report/testcase by TH) -TD
* minor cleanup of UCDomap.c -TD
* build-fix for color-style with leak-checking -TD
* amend merge/fixes from
http://en.sourceforge.jp/project/lynx-win32-pata
as well as problem introduced by 2.8.8dev.6 cleanup -TH
* update ca.po, from
http://translationproject.org/latest/lynx
* tidy whitespace in lynx.cfg (report by David Niklas) -TD
* fix two more typos in the list of ENABLE_LYNXRC in lynx.cfg -TD
* remove a repeated item for SEND_USERAGENT from lynx.cfg (Larry Hynes)
* accept userinfo in a URL, subject to override by -auth option or -pauth
options. According to RFC-3986, this is deprecated, but testing shows other
clients support it -TD
* fix several minor warnings reported by Coverity -TD
* remove redundant asserts which follow a check that leads to outofmem(),
added in 2.8.8dev.4 to appease clang 2.6, since clang 3.x understands
no-return function declarations -TD
* when converting host+params to idna, temporarily separate the params to
avoid a warning from idna_to_ascii_8z() -TD
* improve warning messages from 2.8.9dev.11 fixes when stripping user/password,
dropping an unnecessary message and fixing a case where all-punctuation
user name was not logged (report by Axel Beckert) -TD
* update config.guess (2017-03-05), config.sub (2017-02-07)
2016-11-15 (2.8.9dev.11)
* amend fix for stripping user/password to ensure that the stripped value is
used when connecting to the host (prompted by discussion of CVE-2016-9179
at https://lists.debian.org/debian-lts/2016/11/threads.html#00072) -TD
2016-11-08 (2.8.9dev.10)
* improved fix for OpenSSL 1.1 (Taketo Kabe).
* improve warning message when stripping user/password from URL; report on
http://seclists.org/oss-sec/2016/q4/322 treated as a Lynx parsing error the
punctuation such as "?" which is permitted by RFC-1738 in a user or password
field. RFC-3986 subsequently modified this. The improved message points out
the possible confusion by users when these fields contain punctuation -TD
* build-fix for OpenSSL 1.1 (Kamil Dudka)
* begin work to parse gopher extension "link to URL" -TD
* remove an obsolete comment in the manual page about -dump versus -force_html
(report by Peter Schmitt) -TD
* modify samples/oldlynx to provide an empty ".lss" file as a better default
than providing an empty "-lss" option -TD
* amend change made in 2.8.8dev.17 to permit multiple COLOR_STYLE items to
restore the ability to cancel the color-style by providing an explicitly
empty configuration item (in lynx.cfg, -lss or $LYNX_LSS). In lynx.cfg, it
is possible to follow the empty COLOR_STYLE with other data, but the -lss
option overrides everything, and if that is not found, $LYNX_LSS overrides
lynx.cfg -TD
* correct ifdef so that if the "news" parsing is disabled at compile time,
HTTP.c interprets https:// links correctly when a https_proxy is set up
(patch by Al Walker).
* add a limit-check in case colspan is given as zero for non-nested-table case
(report by Sami Liedes) -TD
* update nl.po, sl.po from
http://translationproject.org/latest/lynx
2016-04-26 (2.8.9dev.9)
* add workaround for servers such as https://www.xing.com which fail to close
the connection when they finish sending compressed data. This relies on
the content-length (report by Klaus-Peter Wegge) -TD
* restore fix to filter out left-to-right marks which was broken in refactoring
in 2.8.9dev.2, and also filter out right-to-left marks (Debian #808949) -TD
* fix build for current gnutls configuration which dropped the
gnutls_protocol_set_priority function (reported by Axel Beckert, Andreas
Metzler) -TD
* modify CF_LD_RPATH_OPT configure macro, changing FreeBSD case to use
-Wl,-rpath rather than -rpath option. According to FreeBSD #178732, either
works since FreeBSD 4.x; however scons does not accept anything except the
-Wl,-rpath form -TD
* add null-pointer checks for ssl_ctx in HTTP.c in case of error from calls
on SSL_CTX_new (report by Yuan Jochen Kang) -TD
* update config.guess (2016-01-01), config.sub (2016-01-01)
* update da.po, fi.po, tr.po from
http://translationproject.org/latest/lynx
2015-12-18 (2.8.9dev.8)
* fix regression in SSL support (report by Axel Beckert) -TD
* update et.po, fr.po, vi.po, zh_CN.po from
http://translationproject.org/latest/lynx
2015-12-18 (2.8.9dev.7)
* make the HTTP version configurable, defaulting to "1.0" (HTTP/1.0) as
HTTP_PROTOCOL, and make it changeable in the options menu -TD
* switch HTTP version to 1.1, adding an explicit "close" to work around
the pitfall of persistent connections. This is to work around a selective
reading of RFC 2068 by duckduckgo.com - see
http://lists.nongnu.org/archive/html/lynx-dev/2015-12/index.html
-Axel Beckert
* fix a potential null dereference in tidy_tls.c reported by Coverity -TD
* extend advanced mode by showing field names in forms in the status line
(suggested by TG) -TD
* fix some typos found by lintian -Axel Beckert
* correct buffer size in pretty_html() function of LYKeymap.c -TG
* add support for some HTML5 elements -Kihara Hideto
Using this change, you can jump to <section id="speakers">.
(The addition in src{0,1}_HTMLDTD.txt is copied from DIV.)
<section>, <article>, <main>, <aside>, <header>, <footer>, <nav>, <figure>
* improve configure check for extended curses functions, needed for compiling
with ncursesw on OSX, in particular when configuring with ncurses6 (report
by Tom Wyant) -TD
* set SSL_MODE_AUTO_RETRY in OpenSSL configuration, completing work needed for
Debian #707059 -TD
* correct description used for "K" vs "k" key binding in manpage -TD
* adopt some of the patches from Debian lynx package:
+ add Delete key usage to manpage (patch by Denis Briand, Debian #74358)
+ add $(LDFLAGS) when building makeuctb (patch by Atsuhito Kohda).
+ add NO_BUILDSTAMP symbol to appease
https://wiki.debian.org/ReproducibleBuilds/TimestampsFromCPPMacros
+ add -n option to gzip when making gzip'd helpfiles (patch by Andreas
Metzler).
+ add support for client certificates (patch by Simon Kainz, Debian #797901).
* use POSIX locale when sorting entries in cfg_defs.h (patch by Reiner Hermann,
Debian #792770).
* move homepage for Lynx from
http://lynx.isc.org
to
http://lynx.invisible-island.net
because ISC has ended support -TD
* change "GNU Public License" to "GNU General Public License" for consistency
(report by Axel Beckert) -TD
* free a use-after-free in scan_cookie_sublist (Redhat #1120925) -TG
* updates for configure macros from ncurses and xterm -TD
* fix for gnutls logic to support rehandshake on negotiation for optional
client certificate, e.g., for https://contributors.debian.org (patch by
Simon Kainz, Debian #797059).
* update ca.po, sv.po, et.po from
http://translationproject.org/latest/lynx
* use gnutls_set_default_priority() to simplify algorithm priorities in the
gnutls configuration as well as track occassional changes in that library
(patch by Andreas Metzler, Debian #789189, Debian #784430).
* correct logic in LYsetRcValue() from 2.8.8dev.13, which would free the wrong
pointer if the input had leading blanks (patch by Ruda Moura).
* fix CF_CHECK_SIZEOF autoconf macro to work when its working variables have
been preset to an empty value (report by Andrew Arensburger) -TD
* update config.guess (2015-10-21), config.sub (2015-08-20)
2015-05-06 (2.8.9dev.6)
* add a note about OCSP to url-support documentation (Debian #745835) -TD
* change defaults for SSL prompts when a problem is detected to "no" (Debian
#783477) -TD
* if an SSL error message is too long for the screen-width, trim it with an
ellipsis so that the "(y)" part of the prompt for continuing will be visible
(Debian #783476) -TD
* update test-packages to use ncurses6 test-packages -TD
* modify configure script to check for ncurses ".pc" files first before looking
for the "ncurses*-config" scripts -TD
* modify configure script to accept a release-number for the ncurses/ncursesw
values of the "--with-screen" option, e.g., "--with-screen=ncursesw6" -TD
* cosmetic fixes for autoconf macros to avoid vi-workaround -TD
* update da.po, et.po, fr.po, nl.po, vi.po from
http://translationproject.org/latest/lynx
* regenerated lynx.pot, sent to translation project -TD
* update config.guess (2015-03-04), config.sub (2015-03-08)
2015-04-12 (2.8.9dev.5)
* add codes U+200A, U+200B to def7_uni.tbl (prompted by report by Sven
Hartrumpf, as well as referring to
https://www.cs.tut.fi/~jkorpela/chars/spaces.html) -TD
* restore large buffer-size from follow_link_number() which was altered in
2.8.8dev.10 changes to use LYgetBString() (Debian #699068) -TD, -TG
* loosen the check in IsOurFile() to permit hard-linked files
(Debian #429606) -TD
* update ca.po, cs.po, et.po, fi.po, fr.po, id.po, nl.po, pt_BR.po, ru.po,
sl.po, tr.po, vi.po from
http://translationproject.org/latest/lynx
2015-01-25 (2.8.9dev.4)
* modify check after gnutls_certificate_verify_peers2() to use
gnutls_certificate_verification_status_print() when available, to give
potentially more details on certficate revocation (patch by Andreas Metzler,
Debian #745835, Debian #752610)
2015-01-05 (2.8.9dev.3)
* correct shortcut for "Send To" link used in Inno Setup script, broken in
2.8.8dev.15 -TD
* amend change made in 2.8.8dev.10 to LYLocal.c get_filename(), ensuring that
the bstring parameter can be (re)allocated within that function's call to
LYgetBString() (report by Raoul Megelas) -TG
* build-fixes for djgpp 2.04 and gcc 4.8.4 using Watt-32 -GV
2014-12-21 (2.8.9dev.2)
* correct an inconsistent check for reload using isLYNXCGI() in the
options-screen -TD
* add script after using msginit to create en.po, to work around renaming in
Cygwin environment -TD
* improve overlay of field contents in form for "-dump" option; the change
in 2.8.8dev.3 did not take into account UTF-8 values (Debian #770011) -TD
* correct a bug in the map_string_to_keysym() function introduced in
2.8.8dev.17: as used via the remap() function, this returns the curses
code for a special key rather than Lynx's internal code (Debian #769601) -TD
* add checks when translating from UTF-8 to Unicode, to ensure that only the
shortest encoding is accepted. Other/longer encodings are mapped to the UCS
replacement character as in xterm (Debian #763268) -TD
* modify LYExpandHostForURL() to call HTGetAddrInfo(), allowing DNS lookups
for IPv6 to be interrupted, e.g., by typing ^G. This was a path overlooked
in 2.8.8dev.13 (reports by Chad Kline, etc.) -TD
* drop libgnutls-extra when using --with-gnutls-compat option -TD
* drop libgcrypt dependency when building with gnutls, using gnutls_rnd()
rather than gcry_randomize() (adapted from patch by Andreas Metzler,
Debian #753699) -TD
* fix a reference-after-free in scan_cookie_sublist(), probably fixing RedHat
#1120925 -Mike Gorse
* update eo.po, id.po from
http://translationproject.org/latest/lynx
* improve workaround for too-long pathnames in LYPrint.c SetupFilename() -TD
* fix a few inconsistencies between #if / #ifdef, including one for sleep()
which broke cross-compiles for MinGW -TD
* updated/improved configure script macros (TD):
+ CF_ACVERSION_CHECK: work around another gratuitous incompatibility
introduced in 2.69 (reported by Ross Burton, openembedded.org)
+ CF_ADD_CFLAGS: workaround for ash-shell
+ CF_ADD_LIBS: workaround in CF_X_TOOLKIT uses pkgconfig, whose files
generally are using incomplete dependencies - in turn introducing lots of
duplication. filter out the duplicates.
+ CF_CHECK_CFLAGS: workaround for ash-shell
+ CF_CURSES_FUNCS: improve workaround for weak-linkage, seems to fix tests
with NetBSD 6.1
+ CF_INTEL_COMPILER: cleanup the -no-gcc option which was leftover from
testing - prcs does not build with this option.
+ CF_MAKEFLAGS: workaround for GNU make 4.0 incompatibility with previous
releases.
+ CF_SUBDIR_PATH: add /usr/pkg and /opt/local to help configuring with
pkgsrc and macports -TD
+ CF_XOPEN_SOURCE: Minix3.2 ifdef's the POSIX.1-2001 functions inside
_NETBSD_SOURCE, even though it was released 2012-02-29 - appease it. At
the same time, turn on the verbose flag to show that most platforms need
platform-specific define's to get POSIX (sic). Also, add case for UnixWare
(report/discussion with Mark Ryan).
+ CF_X_ATHENA: add --with-Xaw3dxft option
+ CF_X_TOOLKIT: add workaround for breakage in XQuartz upgrades
* add check to ensure that "submit" command from 2.8.8dev.10 is performed
in a form (report by Karen Lewellen) -TD
* update config.guess (2014-03-23), config.sub (2014-07-28)
3.4.4:
Bugfixes
* Refine the django.conf module check to see if the settings really are
configured.
* Avoid crash after OSError during Django path detection.
Features
* Add parameter info to fixture assert_num_queries to display additional message on failure.
Docs
* Improve doc for django_assert_num_queries/django_assert_max_num_queries.
* Add warning about sqlite specific snippet + fix typos.
Misc
* MANIFEST.in: include tests for downstream distros.
* Ensure that the LICENSE file is included in wheels.
* Run black on source.
Import/adapt patches from FreeBSD to fix the build on aarch64.
Thanks to <jakllsch>!
XXX: (There is a compiler warning about m_compareRegister bitfield
XXX: that's probably needs XXX: further investigation the `: 6' should
XXX: be probably `: 7')
Version 2.2.1
-------------
Released on June 7th, 2018
- :class:`~fields.StringField` only sets ``data = ''`` when form data
is empty and an initial value was not provided. This fixes an issue
where the default value wasn't rendered with the initial form.
(`#291`_, `#401`_)
.. _#291: https://github.com/wtforms/wtforms/issues/291
.. _#401: https://github.com/wtforms/wtforms/issues/401
Version 2.2
-----------
Released on June 2nd, 2018
- Merged new and updated translations from the community.
- Passing ``data_`` args to render a field converts all the
underscores to hyphens when rendering the HTML attribute, not just
the first one. ``data_foo_bar`` becomes ``data-foo-bar``. (`#248`_)
- The :class:`~validators.UUID` validator uses the :class:`uuid.UUID`
class instead of a regex. (`#251`_)
- :class:`~fields.SelectField` copies the list of ``choices`` passed
to it so modifying an instance's choices will not modify the global
form definition. (`#286`_)
- Fields call :meth:`~fields.Field.process_formdata` even if the raw
data is empty. (`#280`_)
- Added a :class:`~fields.MultipleFileField` to handle a multi-file
input. :class:`~fields.FileField` continues to handle only one
value. The underlying :class:`~widgets.FileInput` widget gained a
``multiple`` argument. (`#281`_)
- :class:`~fields.SelectField` choices can contain HTML (MarkupSafe
``Markup`` object or equivalent API) and will be rendered properly.
(`#302`_)
- :class:`~fields.TimeField` and
:class:`html5.TimeField <fields.html5.TimeField>` were added.
(`#254`_)
- Improved :class:`~validators.Email`. Note that it is still
unreasonable to validate all emails with a regex and you should
prefer validating by actually sending an email. (`#294`_)
- Widgets render the ``required`` attribute when using a validator
that provides the ``'required'`` flag, such as
:class:`~validators.DataRequired`. (`#361`_)
- Fix a compatibility issue with SQLAlchemy 2.1 that caused
:class:`~ext.sqlalchemy.fields.QuerySelectField` to fail with
``ValueError: too many values to unpack``. (`#391`_)
.. _#248: https://github.com/wtforms/wtforms/pull/248
.. _#251: https://github.com/wtforms/wtforms/pull/251
.. _#254: https://github.com/wtforms/wtforms/pull/254
.. _#280: https://github.com/wtforms/wtforms/pull/280
.. _#281: https://github.com/wtforms/wtforms/pull/281
.. _#286: https://github.com/wtforms/wtforms/pull/286
.. _#294: https://github.com/wtforms/wtforms/pull/294
.. _#302: https://github.com/wtforms/wtforms/pull/302
.. _#361: https://github.com/wtforms/wtforms/pull/361
.. _#391: https://github.com/wtforms/wtforms/pull/391
3.5.5 Vroom vroom:
Breaking
Revert changes to raw CSS @imports
Deprecations
Add deprecation messages for colour arithmetic
Features
Support hex colors with alpha channels
Add a sass_option_push_import_extension C-API
Fixes
Fix segfault in handling modulo operator
Fix handling of unclosed interpolant in url
Fix possible bug with handling empty reference combinators
Fix -Wmissing-declarations for gcc < 7
0.54.0
- Change license from LGPL to BSD.
- Status return for WebSocketApp.run_forever()
- Handle redirects in handshake
- Make proxy_type option available in WebSocketApp.run_forever()
- Fix typo in supress_origin
- WebSocketApp's on_close never emits status code or reason
7.0:
websockets sends Ping frames at regular intervals and closes the connection if it doesn't receive a matching Pong frame. See :class:~protocol.WebSocketCommonProtocol for details.
Added process_request and select_subprotocol arguments to :func:~server.serve() and :class:~server.WebSocketServerProtocol to customize :meth:~server.WebSocketServerProtocol.process_request and :meth:~server.WebSocketServerProtocol.select_subprotocol without subclassing :class:~server.WebSocketServerProtocol
Added support for sending fragmented messages.
Added the :meth:~protocol.WebSocketCommonProtocol.wait_closed method to protocols.
Added an interactive client: python -m websockets <uri>.
Changed the origins argument to represent the lack of an origin with None rather than ''.
Fixed a data loss bug in :meth:~protocol.WebSocketCommonProtocol.recv: canceling it at the wrong time could result in messages being dropped.
Improved handling of multiple HTTP headers with the same name.
Improved error messages when a required HTTP header is missing.
2.1.5:
* Django middleware caching now works on Django 1.11 and Django 2.0.
The previous release only ran on 2.1.
2.1.4:
* Django middleware is now cached rather than instantiated per request
resulting in a sigificant speed improvement
* ChannelServerLiveTestCase now serves static files again
* Improved error message resulting from bad Origin headers
* runserver logging now goes through the Django logging framework
* Generic consumers can now have non-default channel layers
* Improved error when accessing scope['user'] before it's ready
3.0.3
* Ensure pytest requirements set properly.
3.0.2
* Encoding fixes in paste.fixture.
3.0.1
* Remove use of future for sake of html.escape and use own. Using
future was causing installation loops.
3.0.0
* Fixes for use with Python 3.7, mostly to do with StopIteration.
* Moving to https://github.com/cdent/paste to keep things maintained.
* Minimize pkgsrc specific patches.
* A build system written in Rust lang does not find a C++ header files
from pkgsrc (non-base) GCC, this version is not buildable on NetBSD 7.
I will investigate this problem again.
Changelog:
63.0.1
Fixed
Snippets are not loaded due to missing element (bug 1503047)
Print preview always shows 30% scale when it is actually Shrink To Fit
(bug 1501952)
Dialog displayed when closing multiple windows shows unreplaced %1$S
placeholder in Japanese and potentially other locales (bug 1500823)
63.0
New
Performance and visual improvements for Windows users
Performance improvements for macOS users
Added content blocking, a collection of Firefox settings that offer
users greater control over technology that can track them around the
web. In 63, users can opt to block third-party tracking cookies or
block all trackers and create exceptions for trusted sites that don't
work correctly with content blocking enabled.
WebExtensions now run in their own process on Linux
Firefox now warns about having multiple windows and tabs open
when quitting from the main menu. The Save and Quit feature has been
removed. You can restore your session by ticking the box for Restore
previous session in the General->Startup options or by using Restore
Previous Session in the main menu.
Firefox now recognizes the operating system accessibility setting for
reducing animation
Added search shortcuts for Top Sites: Amazon and Google appear as Top
Sites tiles on the Firefox Home (New Tab) page. When selected these
tiles will change focus to the address bar to initiate a search.
Currently in US only.
Fixed
Resolved an issue that prevented the address bar from autofilling
bookmarked URLs in certain cases
Various security fixes
Changed
In the Library, the Open in Sidebar feature for individual bookmarks
was removed
The option to Never check for updates was removed from about:preferences.
You can use the DisableAppUpdate enterprise policy as a substitute.
The Ctrl+Tab shortcut now displays thumbnail previews of your tabs and
cycles through tabs in recently used order. This new default behavior
is activated only in new profiles and can be changed in preferences.
#CVE-2018-12391: HTTP Live Stream audio data is accessible cross-origin
#CVE-2018-12392: Crash with nested event loops
#CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript
#CVE-2018-12395: WebExtension bypass of domain restrictions through header rewriting
#CVE-2018-12396: WebExtension content scripts can execute in disallowed contexts
#CVE-2018-12397: Missing warning prompt when WebExtension requests local file access
#CVE-2018-12398: CSP bypass through stylesheet injection in resource URIs
#CVE-2018-12399: Spoofing of protocol registration notification bar
#CVE-2018-12400: Favicons are cached in private browsing mode on Firefox for Android
#CVE-2018-12401: DOS attack through special resource URI parsing
#CVE-2018-12402: SameSite cookies leak when pages are explicitly saved
#CVE-2018-12403: Mixed content warning is not displayed when HTTPS page loads a favicon over HTTP
#CVE-2018-12388: Memory safety bugs fixed in Firefox 63
#CVE-2018-12390: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3
Django 2.1.3
Bugfixes:
Fixed a regression in Django 2.0 where combining Q objects with __in lookups and lists crashed
Fixed a regression in Django 1.11 where django-admin shell may hang on startup
Fixed a regression in Django 2.0 where test databases aren’t reused with manage.py test --keepdb on MySQL
Fixed a regression where cached foreign keys that use to_field were incorrectly cleared in Model.save()
Fixed a regression in Django 2.0 where FileSystemStorage crashes with FileExistsError if concurrent saves try to create the same directory
Upstream changes (from NEWS):
== Ruby-GNOME2 3.3.0: 2018-10-31
This is a release for fixing memory leak bugs of cairo-gobject,
improving macOS support and adding support for GEGL.
=== Changes
==== Ruby/GLib2
* Improvements
* Added support for the same constant name and class name for error.
* Fixes
* Fixed wrong constant values:
* (({GLib2::MINLONG}))
* (({GLib2::MAXLONG}))
* (({GLib2::MAXULONG}))
* (({GLib2::MINUINT64}))
* (({GLib2::MAXSIZE}))
* (({GLib2::MINFLOAT}))
* (({GLib2::MINDOUBLE}))
[GitHub#1244][Reported by cobodo]
==== Ruby/CairoGObject
* Fixes
* Fixed a memory leak.
[GitHub#1232][Reported by Jean-Christophe Le Lann]
* Stopped to increase needless reference.
[GitHub#1079][Reported by noanoa07]
==== Ruby/GObjectIntrospection
* Improvements
* Added support for transfer full output parameter.
* Fixes
* Fixed a bug that class method closure doesn't work.
[GitHub#1245][Reported by kojix2]
==== Ruby/GdkPixbuf2
* Improvements
* (({GdkPixbuf::Pixbuf.new})): Added support for auto row stride
detection for (({[Integer]})) data.
==== Ruby/Pango
* Improvements
* Made test more robust.
[GitHub#1239][Reported by Michael Hudson-Doyle]
==== Ruby/GTK3
* Improvements
* Improved backward compatibility for (({Gtk::ListStore#set_column_types})).
[GitHub#1240][Reported by Edward Hennessy]
* Fixes
* Fixed wrong size used bug on HiDPI.
[GitHub#1079][Reported by noanoa07]
==== Ruby/Poppler
* Improvements
* Added support for Popper 0.70.0.
==== Ruby/GEGL
* Improvements
* Added.
=== Thanks
* Jean-Christophe Le Lann
* Michael Hudson-Doyle
* Edward Hennessy
* cobodo
* kojix2
* noanoa07
Changes:
7.62.0
------
This release includes the following changes:
o multiplex: enable by default
o url: default to CURL_HTTP_VERSION_2TLS if built h2-enabled
o setopt: add CURLOPT_DOH_URL
o curl: --doh-url added
o setopt: add CURLOPT_UPLOAD_BUFFERSIZE: set upload buffer size
o imap: change from "FETCH" to "UID FETCH"
o configure: add option to disable automatic OpenSSL config loading
o upkeep: add a connection upkeep API: curl_easy_upkeep()
o URL-API: added five new functions
o vtls: MesaLink is a new TLS backend
This release includes the following bugfixes:
o CVE-2018-16839: SASL password overflow via integer overflow
o CVE-2018-16840: use-after-free in handle close
o CVE-2018-16842: warning message out-of-buffer read
o CURLOPT_DNS_USE_GLOBAL_CACHE: deprecated
o Curl_dedotdotify(): always nul terminate returned string
o Curl_follow: Always free the passed new URL
o Curl_http2_done: fix memleak in error path
o Curl_retry_request: fix memory leak
o Curl_saferealloc: Fixed typo in docblock
o FILE: fix CURLOPT_NOBODY and CURLOPT_HEADER output
o GnutTLS: TLS 1.3 support
o SECURITY-PROCESS: mention the bountygraph program
o VS projects: add USE_IPV6:
o Windows: fixes for MinGW targeting Windows Vista
o anyauthput: fix compiler warning on 64-bit Windows
o appveyor: add WinSSL builds
o appveyor: run test suite (on Windows!)
o certs: generate tests certs with sha256 digest algorithm
o checksrc: enable strict mode and warnings
o checksrc: handle zero scoped ignore commands
o cmake: Backport to work with CMake 3.0 again
o cmake: Improve config installation
o cmake: add support for transitive ZLIB target
o cmake: disable -Wpedantic-ms-format
o cmake: don't require OpenSSL if USE_OPENSSL=OFF
o cmake: fixed path used in generation of docs/tests
o cmake: remove unused *SOCKLEN_T variables
o cmake: suppress MSVC warning C4127 for libtest
o cmake: test and set missed defines during configuration
o comment: Fix multiple typos in function parameters
o config: Remove unused SIZEOF_VOIDP
o config_win32: enable LDAPS
o configure: force-use -lpthreads on HPUX
o configure: remove CURL_CONFIGURE_CURL_SOCKLEN_T
o configure: s/AC_RUN_IFELSE/CURL_RUN_IFELSE
o cookies: Remove redundant expired check
o cookies: fix leak when writing cookies to file
o curl-config.in: remove dependency on bc
o curl.1: --ipv6 mutexes ipv4 (fixed typo)
o curl: enabled Windows VT Support and UTF-8 output
o curl: update the documentation of --tlsv1.0
o curl_multi_wait: call getsock before figuring out timeout
o curl_ntlm_wb: check aprintf() return codes
o curl_threads: fix classic MinGW compile break
o darwinssl: Fix realloc memleak
o darwinssl: more specific and unified error codes
o data-binary.d: clarify default content-type is x-www-form-urlencoded
o docs/BUG-BOUNTY: explain the bounty program
o docs/CIPHERS: Mention the options used to set TLS 1.3 ciphers
o docs/CIPHERS: fix the TLS 1.3 cipher names
o docs/CIPHERS: mention the colon separation for OpenSSL
o docs/examples: URL updates
o docs: add "see also" links for SSL options
o example/asiohiper: insert warning comment about its status
o example/htmltidy: fix include paths of tidy libraries
o examples/Makefile.m32: sync with core
o examples/http2-pushinmemory: receive HTTP/2 pushed files in memory
o examples/parseurl.c: show off the URL API
o examples: Fix memory leaks from realloc errors
o examples: do not wait when no transfers are running
o ftp: include command in Curl_ftpsend sendbuffer
o gskit: make sure to terminate version string
o gtls: Values stored to but never read
o hostip: fix check on Curl_shuffle_addr return value
o http2: fix memory leaks on error-path
o http: fix memleak in rewind error path
o krb5: fix memory leak in krb_auth
o ldap: show precise LDAP call in error message on Windows
o lib: fix gcc8 warning on Windows
o memory: add missing curl_printf header
o memory: ensure to check allocation results
o multi: Fix error handling in the SENDPROTOCONNECT state
o multi: fix memory leak in content encoding related error path
o multi: make the closure handle "inherit" CURLOPT_NOSIGNAL
o netrc: free temporary strings if memory allocation fails
o nss: fix nssckbi module loading on Windows
o nss: try to connect even if libnssckbi.so fails to load
o ntlm_wb: Fix memory leaks in ntlm_wb_response
o ntlm_wb: bail out if the response gets overly large
o openssl: assume engine support in 0.9.8 or later
o openssl: enable TLS 1.3 post-handshake auth
o openssl: fix gcc8 warning
o openssl: load built-in engines too
o openssl: make 'done' a proper boolean
o openssl: output the correct cipher list on TLS 1.3 error
o openssl: return CURLE_PEER_FAILED_VERIFICATION on failure to parse issuer
o openssl: show "proper" version number for libressl builds
o pipelining: deprecated
o rand: add comment to skip a clang-tidy false positive
o rtmp: fix for compiling with lwIP
o runtests: ignore disabled even when ranges are given
o runtests: skip ld_preload tests on macOS
o runtests: use Windows paths for Windows curl
o schannel: unified error code handling
o sendf: Fix whitespace in infof/failf concatenation
o ssh: free the session on init failures
o ssl: deprecate CURLE_SSL_CACERT in favour of a unified error code
o system.h: use proper setting with Sun C++ as well
o test1299: use single quotes around asterisk
o test1452: mark as flaky
o test1651: unit test Curl_extract_certinfo()
o test320: strip out more HTML when comparing
o tests/negtelnetserver.py: fix Python2-ism in neg TELNET server
o tests: add unit tests for url.c
o timeval: fix use of weak symbol clock_gettime() on Apple platforms
o tool_cb_hdr: handle failure of rename()
o travis: add a "make tidy" build that runs clang-tidy
o travis: add build for "configure --disable-verbose"
o travis: bump the Secure Transport build to use xcode
o travis: make distcheck scan for BOM markers
o unit1300: fix stack-use-after-scope AddressSanitizer warning
o urldata: Fix "connecting" comment
o urlglob: improve error message on bad globs
o vtls: fix ssl version "or later" behavior change for many backends
o x509asn1: Fix SAN IP address verification
o x509asn1: always check return code from getASN1Element()
o x509asn1: return CURLE_PEER_FAILED_VERIFICATION on failure to parse cert
o x509asn1: suppress left shift on signed value
Changes:
WebKitGTK+ 2.22.3
=================
- Many improvements and fixes for video playback with media source
extensions (MSE), which improve the user experience across the board,
and in particular for playback of WebM videos.
- Fix a memory leak during media playback when using playbin3.
- Fix portions of Web views not being rendered after resizing.
- Fix Resource Timing reporting for <iframe> elements.
- Fix the build with the remote Web Inspector disabled.
- Fix the build on ARMv7 with NEON extensions.
- Fix several crashes and rendering issues.
Add py-zope.proxy package version 4.3.1.
``zope.proxy``
==============
Proxies are special objects which serve as mostly-transparent
wrappers around another object, intervening in the apparent behavior of
the wrapped object only when necessary to apply the policy (e.g., access
checking, location brokering, etc.) for which the proxy is responsible.
zope.proxy is implemented via a C extension module, which lets it do things
like lie about its own ``__class__`` that are difficult in pure Python (and
were completely impossible before metaclasses). It also proxies all the
internal slots (such as ``__int__``/``__str__``/``__add__``).
Version 4.3.1:
* Allow fabfile to be importable when building docs
* Remove top-level __init__.py from new projects.
* Fix HTML escaping.
Version 4.3.0:
* Added explicit on_delete arguments for all ForeignKey models
* Only generate thumbnails in RichText when absolute width/height used.
* Removed null attribute from slug CharField
* Converted all template.render calls to pass a dict instead of a Context object
* Fixed MezzanineBackend.authenticate backend to accept a request argument, added in Django 1.11
* Fixed test_multiple_comment_forms to be agnostic of the order of HTML attributes
* Altered annotation behaviour of search results. Previously this was done implicitly in the SearchQuerySet.iterator() method,. which Django would call internally when evaluating the queryset. Django 1.11 changed its behaviour to use a ModelIterator class instead of. just calling iterator() on the queryset. Rather than suppy a custom. ModelIterator, we just make the annotate explicit
* Updated setup and test configuration to include Django 1.11
* password reset: 'http' -> request.schema. This fixes a potential security vulnerability in which the password. reset url is exposed to untrusted intermediary nodes in the network.
* Add explicit on_delete arguments to foreign keys in migrations
* Use TextField for Field.label and Field.help_text. Now length limits for user-defined labels and help_texts are enforced in the admin instead of the DB, which should prevent any further migrations
* Get rid of max_length settings for mezzanine.forms
* Timezone aware blog months.
* Test and simplify blog_months
* Weigh search results by age. Weigh search results by their age by default. Add a new setting,. SEARCH_AGE_SCALE_FACTOR, controlling how much emphasis to put on the. age when ranking results (set this to 0 to revert to the old behavior)
* Split dev and prod ALLOWED_HOSTS. Django started checking ALLOWED_HOSTS when DEBUG=True a few releases back.
* Update docs related to ALLOWED_HOSTS
* Fix the old url parsing in import wordpress
* Use Django's six module
* Don't warn Mezzanine about itself
* Looser check for LocalMiddleware.
* Modified the blog homepage pattern to a working version. Added import it requires
* Remove explicit show_banner argument from inner_run. This broke --noreload for me.
* Handle MIDDLEWARE_CLASSES -> MIDDLEWARE
* Don't use lazy static loading when Django's ManifestStaticFilesStorage is configured.
* Link to Pillow docs for dependencies
* Adding new site to site list. Adding "The National: New Australian Art" to the site list. https://the-national.com.au
* Doesn't convert JPG/JPEG images to RGBA.
* Remove all device-detection features
* Remove mentions of device handling from docs
* Use template loaders instead of middlware for host-based template swapping
* Add docs on upgrading from TemplateForHostMiddleware
* Create __init__.py so Python can find directory
* Properly parse positional args. As demonstrated by using call_command, the positional args not. processed. This may be a left-over from optarg migration. Usage property is no longer necessary
* Fix build fail while in here
* Added more tests por pages
* Update page_not_found view args.
* Rename Displayable is_public to published
* Test Nginx config before restarting. This way the configuration won't be updated if it's broken, and you also get an error message in the terminal explaining why it's broken (instead of just telling you to check service status/journal)
* Enable browser-native spell checking in WYSIWYG tinymce editor, which got wiped in 82339b0 . Previously introduced in 86f6ef6
* Fixing the support for external links which are moved to child categories in the menu hierarchy
* Update LOGOUT_URL to make use of ACCOUNT_URL
* Ensure template vars for form defaults are properly escaped
* Fix drag-n-drop for Form field inlines. Inherit from DynamicInlineAdminForm to inject the necessary JS files
* Fix failing tests that assume threadlocals have been set up
* Pulled out middleware present check into its own function. And fixed Python 3 compat
* Made all middleware installation checking consistent. All check by string first, and then for classes and subclasses,. correctly ignoring things that aren't classes
* Fix failing tests that assume threadlocals have been set up
* Fix keywords widget for Django 1.11.
* Fix sense of SITE_PERMISSION_MIDDLEWARE check. Issue introduced by commit 00f4a63c
* Fix sense of other check for SITE_PERMISSION_MIDDLEWARE. Issue introduced by commit 00f4a63
* Added basic tests for TemplateSettings. The tests follow the existing functionality
* Gave TemplateSettings a useful __repr__. Previously it just returned '{}' always, from super()s empty dict
* Don't emit warning when doing force_text(TestSettings()). This is to fix the behaviour of getting lots of instances of: UserWarning: __unicode__ is not in TEMPLATE_ACCESSIBLE_SETTINGS. if you have django-debug-tool installed
* Prevent changes to FORMS_EXTRA_FIELDS setting creating new migrations
* Support access to related model on Django 2+
* Fix safe string handling in richtext filters
* Fix some test warnings
* Add deprecation handling for mark_safe as decorator
* Fix SplitSelectDateTimeWidget which Django 1.9 broke.
* Fix usage of request.scheme in password reset email
* Make thumbnail tag recognize .PNG and .GIF. Files with the upper case extensions .PNG and .GIF are now recognized by. the thumbnail template tag as being PNG- and GIF images, respectively,. instead of being treated as JPEG images
* Added gcc and rsync for the full deployment on the freshly installed Debian (eg. on OVH)
* Support SelectDateWidget in django 1.8 and django 2.x
* Narrow exception handling to ImportError only
Version 3.0.2:
Bug fixes
Merge Characters tokens after sanitizing them. This fixes issues in the
LinkifyFilter where it was only linkifying parts of urls.
Version 3.0.1:
Features
Support Python 3.7. It supported Python 3.7 just fine, but we added 3.7 to
the list of Python environments we test so this is now officially supported.
Bug fixes
Fix list object has no attribute lower in clean.
Fix abbr getting escaped in linkify.
Version 3.0.0:
Backwards incompatible changes
A bunch of functions were moved from one module to another.
These were moved from bleach.sanitizer to bleach.html5lib_shim:
convert_entity
convert_entities
match_entity
next_possible_entity
BleachHTMLSerializer
BleachHTMLTokenizer
BleachHTMLParser
These functions and classes weren't documented and aren't part of the
public API, but people read code and might be using them so we're
considering it an incompatible API change.
If you're using them, you'll need to update your code.
Features
Bleach no longer depends on html5lib. html5lib==1.0.1 is now vendored into
Bleach. You can remove it from your requirements file if none of your other
requirements require html5lib.
This means Bleach will now work fine with other libraries that depend on
html5lib regardless of what version of html5lib they require.
Bug fixes
Fixed tags getting added when using clean or linkify. This was a
long-standing regression from the Bleach 2.0 rewrite.
Fixed <isindex> getting replaced with a string. Now it gets escaped or
stripped depending on whether it's in the allowed tags or not.
0.3.7 release
* Fix processing of http-equiv meta tags incorrectly lower casing the content
* Fix error when a textbox contained within a form contains unicode characters
On NetBSD there is no <sys/sysinfo.h> but we can use hw.usermem64.
This should address WebKitGTK+ support for NetBSD ports where
USE_SYSTEM_MALLOC is by default OFF.
Side-note: on NetBSD/amd64 -current when building with -DUSE_SYSTEM_MALLOC=ON
both SunSpider and JetStream benchmarks shows a very little performance penalty,
so also remove the `-DUSE_SYSTEM_MALLOC=ON' commented out CMAKE_ARGS (i.e. when
possible just use the preferred malloc).
pkgsrc changes:
- Bump GCC_REQD to 6 (now gcc 6.0.0 or newer is needed)
- Add NetBSD support for JavaScript JIT on x86_64, i386, arm,
aarch64 and mips
- Add WebKitWebProcess and jsc to NOT_PAX_MPROTECT_SAFE.
At least on NetBSD/amd64, running SunSpider 1.0.2 JavaScript Benchmark
(<https://webkit.org/perf/sunspider/sunspider.html>) with MiniBrowser
before `paxctl +m'-ing them needed:
Total: 1006.9ms +/- 0.7%
...while after `paxctl +m'-ing them:
Total: 322.3ms +/- 3.0%
(Probably EACCESS due PaX MPROTECT are handled gracefully and
silently instead of failing hard at runtime.)
Please also note that webkit-gtk browsers should not need any
NOT_PAX_MPROTECT_SAFE because WebKitWebProcess is used and already
have that.
- Improve handling of `webkit-jit' by introducing a
WEBKIT_JIT_MACHINE_PLATFORMS list that contain all MACHINE_PLATFORMs
triplets that have `webkit-jit' option as suggested one.
- Always use OS(...) and BOS(...) macros instead of __Os__ macros for
consistency with webkit code.
- Add definition for BOS(SOLARIS) and OS(SOLARIS) and add it to the
OS(UNIX) OSes list.
- Limit patch-Source_JavaScriptCore_jit_ExecutableAllocator.cpp to
OpenBSD. It is no longer present in FreeBSD ports and it is not
problematic in NetBSD.
- Remove no longer needed patch-Source_WTF_wtf_ThreadSpecific.h:
NetBSD 5.x was already part of NOT_FOR_PLATFORM.
- Sync patch-CMakeLists.txt with FreeBSD ports.
Please note that this also removes WTF_CPU_SPARC64 definition that was
unused.
- madvise(2) on {Free,DragonFly,Net,Open}BSD supports MADV_FREE and
MADV_DONTNEED flags. Define the corresponding HAVE_* via
patch-Source_WTF_wtf_Platform.h.
- Use globbing for REPLACE_{PERL,PYTHON} where possible.
Changes:
WebKitGTK+ 2.22.2
=================
- Several fixes for video playback with media source extensions (MSE).
This allows using WebM support for YouTube, which no longer works through
regular video source. Note that MSE is still disabled by default and
webkit_settings_set_enable_mediasource() has to be used to enable the
feature.
- Fix the build when only Wayland support is enabled and X11 headers are
not available.
WebKitGTK+ 2.22.1
=================
- Fix printing in landscape.
- Fix the build in several platforms: s390x, ppc64le, armv7hl.
- Fix the build with a11y disabled.
- Fix the build with video disabled.
- Fix several crashes and rendering issues.
WebKitGTK+ 2.22.0
==================
- Add warn_unused_result attribute to some JavaScriptCore GLib APIs.
- Make pinch to zoom scale the page without changing the layout.
- Fix the build in mips64.
Changes with Apache 2.4.37
*) mod_ssl: Fix HTTP/2 failures when using OpenSSL 1.1.1.
*) mod_ssl: Fix crash during SSL renegotiation with OptRenegotiate set,
when client certificates are available from the original handshake
but were originally not verified and should get verified now.
This is a regression in 2.4.36 (unreleased).
*) mod_ssl: Correctly merge configurations that have client certificates set
by SSLProxyMachineCertificate{File|Path}.
Changes with Apache 2.4.36
*) mod_brotli, mod_deflate: Restore the separate handling of 304 Not Modified
responses. Regression introduced in 2.4.35.
*) mod_proxy_scgi, mod_proxy_uwsgi: improve error handling when sending the
body of the response.
*) mod_http2: adding defensive code for stream EOS handling, in case the request handler
missed to signal it the normal way (eos buckets).
*) ab: Add client certificate support.
*) ab: Disable printing temp key for OpenSSL before
version 1.0.2. SSL_get_server_tmp_key is not available
there.
*) mod_ssl: Fix a regression that the configuration settings for verify mode
and verify depth were taken from the frontend connection in case of
connections by the proxy to the backend.
*) MPMs: Initialize all runtime/asynchronous objects on a dedicated pool and
before signals handling to avoid lifetime issues on restart or shutdown.
*) mod_ssl: Add support for OpenSSL 1.1.1 and TLSv1.3. TLSv1.3 has
behavioural changes compared to v1.2 and earlier; client and
configuration changes should be expected. SSLCipherSuite is
enhanced for TLSv1.3 ciphers, but applies at vhost level only.
*) mod_auth_basic: Be less tolerant when parsing the credencial. Only spaces
should be accepted after the authorization scheme. \t are also tolerated.
*) mod_proxy_hcheck: Fix issues with interval determination.
*) mod_proxy_hcheck: Fix issues with TCP health checks.
*) mod_proxy_hcheck: take balancer's SSLProxy* directives into account.
*) mod_status, mod_echo: Fix the display of client addresses.
They were truncated to 31 characters which is not enough for IPv6 addresses.
This is done by deprecating the use of the 'client' field and using
the new 'client64' field in worker_score.
Note this update is based off an EOL firefox (ESR52). Use with caution.
What's New in SeaMonkey 2.49.4
SeaMonkey 2.49.4 uses the same backend as Firefox and contains the relevant Firefox 52.9.0 ESR security fixes.
SeaMonkey 2.49.4 shares most parts of the mail and news code with Thunderbird. Please read the Thunderbird 52.9.1 release notes for specific changes and security fixes in this release.
SeaMonkey-specific changes
Among the general platform and mail fixes this release contains backported fixes from Thunderbird for the EFAIL security vulnerability.
SeaMonkey now uses gtk3 on Linux. If you experience a problem because of this please file a bug and link it to Switch Linux builds to GTK3 with SeaMonkey 2.49. Pleae try another OS theme first. Some of them are buggy and cause problems with SeaMonkey, Thunderbird and Firefox.
18.10.1
Don't eat Component.stop() request when crossbar not connected
handle async on_progress callbacks properly
fix attribute error when ConnectionResetError does not contain "reason" attribute
infer rawsocket host, port from URL
fix error on connection lost if no reason (reason = None)
fixed typo on class name
3.9.0:
Improvements to ViewSet extra actions
Fix action support for ViewSet suffixes
Allow action docs sections
Deprecate the Router.register base_name argument in favor of basename.
Deprecate the Router.get_default_base_name method in favor of Router.get_default_basename.
Change CharField to disallow null bytes. To revert to the old behavior, subclass CharField and remove ProhibitNullCharactersValidator from the validators. python class NullableCharField(serializers.CharField): def __init__(self, *args, **kwargs): super().__init__(*args, **kwargs) self.validators = [v for v in self.validators if not isinstance(v, ProhibitNullCharactersValidator)]
Add OpenAPIRenderer and generate_schema management command.
Add OpenAPIRenderer by default, and add schema docs.
Allow permissions to be composed
Allow nullable BooleanField in Django 2.1
Add testing of Python 3.7 support
Test using Django 2.1 final release.
Added djangorestframework-datatables to third-party packages
Change ISO 8601 date format to exclude year/month
Update all pypi.python.org URLs to pypi.org
Ensure that html forms (multipart form data) respect optional fields
Allow hashing of ErrorDetail.
Correct schema parsing for JSONField
Render descriptions (from help_text) using safe
Removed input value from deault_error_message
Added min_value/max_value support in DurationField
Fixed instance being overwritten in pk-only optimization try/except block
Fixed AttributeError from items filter when value is None
Fixed Javascript e.indexOf is not a function error
Fix schemas for extra actions
Improved get_error_detail to use error_dict/error_list
Imprvied URLs in Admin renderer
Add "Community" section to docs, minor cleanup
Moved guardian imports out of compat
Deprecate the DjangoObjectPermissionsFilter class, moved to the djangorestframework-guardian package.
Drop Django 1.10 support
Only catch TypeError/ValueError for object lookups
Handle models without .objects manager in ModelSerializer.
Improve ModelSerializer.create() error message.
Fix CSRF cookie check failure when using session auth with django 1.11.6+
Updated JWT docs.
Fix autoescape not getting passed to urlize_quoted_links filter
- buildlink3 inclusion of textproc/icu was commented out in
www/libpsl/buildlink3.mk but at least building (latest and still
not committed) net/libsoup needs it, uncomment it.
- Add support for tests
Upstream changes:
5.90120 - 2018-10-19
- avoid problematic test using sysread() on :utf8 filehandles on dev perl
versions where this is fatal (starting with 5.29.4). see RT#125843.
5.90119 - 2018-09-24
- fix test for changes in MooseX::Getopt 0.73 (RT#127050)
Upstream changes:
1.21 2018-10-06 MANWAR
- Patched issue RT# 67061 (handle warning uninitialsed value).
1.20 2018-10-05 MANWAR
- Merge pull request #4 from jjatria/302-found, changing the
name of 302 statuses from Moved to Found.
1.19 2018-10-04 MANWAR
- Merged pull request #3 from jjatria/max-age, which sets max-age
attribute correctly from constructor.
1.18 2018-10-03 MANWAR
- Merged pull request #2 from jjatria/samesite, adding
SameSite support to Cookie handling.
1.17 2018-10-02 MANWAR
- Merged pull request #7 from asb-capfan/master, should fix
CPAN Testers fail report on some windows box.
Upstream changes:
6.36 2018-10-10 02:20:58Z
- fix broken link https://metacpan.org/pod/LWP::Simple by fixing pod
header (thanks for the report, traumschule!)
Update DEPENDS
Upstream changes:
1.3500 2018-10-12 21:31:46+01:00 Europe/London
Promoting previous trial releases to stable.
1.3403 2018-10-11 23:41:11+01:00 Europe/London (TRIAL RELEASE)
[ENHANCEMENTS]
- request->address now respects behind_proxy - if behind_proxy is set,
then request->address looks at HTTP_X_FORWARDED_FOR, so you get the
user's IP, not the proxy. (PR-1199, bigpresh)
- restore ability to use load_settings_from_yaml() without passing
YAML parser class (PR-1198, snakpak)
- Fixing some spurious cpantesters test failures by subclassing HTTP::Tiny
in our tests and disabling proxying for 127.0.0.1 - otherwise smokers
with HTTP proxy env vars set fail tests (PR-1197, bigpresh)
- Tidied POD for Tutorial (PR-1196, manwar)
1.3402 2018-10-10 11:42:07+01:00 Europe/London (TRIAL RELEASE)
1.3401 2018-10-01 12:49:53+01:00 Europe/London (TRIAL RELEASE)
[ENHANCEMENTS]
- Avoid test failures on perls without '.' in @INC
- censor cookie_key in dumps (PR-1193, thefatphil)
- spelling fixes in POD from Debian Perl Group, PR-1191
1.24:
Allow key_server_hostname to be specified when initializing a PoolManager to allow custom SNI to be overridden.
Test against Python 3.7 on AppVeyor.
Early-out ipv6 checks when running on App Engine.
Change ambiguous description of backoff_factor
Add ability to handle multiple Content-Encodings
Skip DNS names that can't be idna-decoded when using pyOpenSSL
Add a server_hostname parameter to HTTPSConnection which allows for overriding the SNI hostname sent in the handshake.
Drop support for EOL Python 2.6
Fixed bug where responses with header Content-Type: message/* erroneously raised HeaderParsingError, resulting in a warning being logged.
Move urllib3 to src/urllib3
Release notes
Maintenance and security release of the Drupal 8 series.
This release fixes security vulnerabilities. Sites are urged to upgrade
immediately after reading the notes below and the security announcement:
* Drupal Core - Multiple vulnerabilities - SA-CORE-2018-006
No other fixes are included.
Sites on 8.5.x should update immediately to Drupal 8.5.8 instead, and plan to
update to the latest 8.6.x release before May 2019.
Important update information
Site update and module owners planning to update to this should take note of
the following important changes.
For site owners
* Previously, users who didn't have access to use any Content Moderation
transitions were granted implicit access to update content provided the
state of the content did not change. This access has been removed. Site
owners should ensure that all content editor roles have access to
appropriate transitions for moderated content types (including published to
published where appropriate).
* There are no database updates in this release, but site owners will need to
run update.php to ensure a cache clear.
* No changes have been made to the .htaccess, web.config, robots.txt or
default settings.php files in this release, so upgrading custom versions of
those files is not necessary.
For contributed and custom module developers
* \Drupal\Core\EventSubscriber\RedirectResponseSubscriber::sanitizeDestination()
has been removed. If you have extended that class or are calling that
method, you should review your implementation in line with the changes in
the patch.
* An additional method has been added to
StateTransitionValidationInterface. Implementations should review the new
method and ensure compatibility with it.
* ModerationStateConstraintValidator now has two additional service
dependencies. Subclasses will need to update their constructor to inject the
new services.
1.9.0:
Added testing for Python 3.6.
Confirmed support for Django 2.0 and 2.1.
Dropped support for Django < 1.11.
ip_address is set to None when REMOTE_ADDR is empty
Tinyproxy version 1.10.0
Major changes in this release
-----------------------------
Add support for basic HTTP authentication
Add socks upstream support
Log to stdout if no logfile is specified
Activate reverse proxy by default
Support bind with transparent mode
Install tinyproxy to bin/ instead of sbin/
Ship manpages as part of distribution tarball
Allow multiple listen statements in the configuration
Coverity fixes
Simplified configure and build
Improved selftest environment
Included security fixes
-----------------------
Fix CVE-2017-11747: Create PID file before dropping privileges.
Fix CVE-2012-3505: algorithmic complexity DoS in hashmap
Bugfixes
--------
fix algorithmic complexity DoS in hashmap
fix CONNECT requests with IPv6 literal addresses as host
fix invalid free for GET requests to ipv6 literal address
conf: Allow multiple Listen statements in the config
allow listening on multiple families when no Listen is provided in config
Drop supplementary groups
build: fix build with autoconf >= 2.69
Move files installed in /etc/ to /etc/tinyproxy/
Fix crash (infinite loop) when writing to log file fails
Fix bug in ACL netmask generation
Fix FilterURLs with transparent proxy support
Fix upstream proxy support
Create log and pid files after we drop privs
Don't recompile regular expressions
Use output of id instead of $USER
keep track of error codes in return codes in tests
18.9.2
fix: TLS error logging
18.9.1
new: Interrupt has Options.reason to signal detailed origin of call cancelation (active cancel vs passive timeout)
fix: Cancel and Interrupt gets "killnowait" mode
new: Cancel and Interrupt no longer have ABORT/"abort"
18.8.2
new: WAMP call cancel support
fix: getting started documentation and general docs improvements
fix: WebSocket auto-reconnect on opening handshake failure
fix: more Python 3.7 compatibility and CI
fix: Docker image building using multi-arch, size optimizations and more
fix: asyncio failed to re-connect under some circumstances
v4.1:
Silenced spurious warning about missing directories when in development (i.e “autorefresh”) mode.
Support supplying paths as Pathlib instances, rather than just strings.
Add a new CompressedStaticFilesStorage backend to support applying compression without applying Django’s hash-versioning process.
Documentation improvements.
0.53.0:
- on_open() missing 1 required positional argument: 'ws'
0.52.0:
- fixed callback argument in _app.py
- Fixing none compare bug in run_forever
- Fix NoneType bug introduced by 386 fix
0.51.0:
- revert "WebSocketApp class to make it inheritable" because of breaking the compatibily
0.50.0:
- fixed pong before ping
- pass proper arguments to method callbacks
0.49.0:
- WebSocketApp class to make it inheritable
- Add option to disable sending the Origin header
- Websocket.close() meaning of "close status: XXXXX"
- Enable multithreading protection with ping_interval
- reset WebsocketApp.sock
- websocket.enableTrace not working
- AttributeError: 'module' object has no attribute 'NullHandler'
- WebSocketBadStatusException "not enough arguments for format string"
- handshake should deal with None in headers
Nghttp2 v1.34.0
lib
libnghttp2 now supports extended CONNECT method and :protocol pseudo header field defined in RFC 8441. To enable this functionality on server side, send NGHTTP2_SETTINGS_ENABLE_CONNECT_PROTOCOL using nghttp2_submit_settings().
nghttpx
nghttpx now supports “Bootstrapping WebSockets with HTTP/2” defined in RFC 8441 for both frontend and backend HTTP/2 connections.
read-timeout and write-timeout parameters have been added to --backend option to specify read/write timeouts per pattern which override values set by --backend-read-timeout and --backend-write-timeout options.
This release fixes stability issues in neverbleed with OpenSSL 1.1.1.
mruby has been updated to version 1.4.1.
env.tls_handshake_finished has been added to mruby scripting to know whether TLS handshake has been completed or not. This might be useful to decide that 0-RTT data should be processed or not.
--tls13-ciphers and --tls-client-ciphers options have been added to configure TLSv1.3 ciphers.
nghttpx now adds Early-Data header field to the request header field when request is included in 0-RTT packet, and TLS handshake has not been completed yet. Early-Data header field is defined in RFC 8470.
nghttpx now supports TLSv1.3 0-RTT data. By default, it accepts 0-RTT data, but postpones the request until TLS handshake completes. The new option --tls-no-postpone-early-data makes nghttpx not to postpone request and adds Early-Data header field to backend request. It is important to make sure that all backends must recognize Early-Data header field to mitigate reply attack.
To enable 0-RTT data and most of the TLSv1.3 features, OpenSSL 1.1.1 is required.
Fixed hangs on macOS Mojave (10.14) when various dialog windows (upload, download, print, etc) are activated (bug 1489785)
Fixed playback of some encrypted video streams on macOS (bug 1491940)
Unvisited bookmarks can once again be autofilled in the address bar (bug 1488879)
WebGL rendering issues (bug 1489099)
Updates from unpacked language packs no longer break the browser (bug 1488934)
Fix fallback on startup when a language pack is missing (bug 1492459)
Profile refresh from the Windows stub installer restarts the browser (bug 1491999)
Properly restore window size and position when restarting on Windows (bugs 1489214 and 1489852)
Avoid crash when sharing a profile with newer (as yet unreleased) versions of Firefox (bug 1490585)
Do not undo removal of search engines when using a language pack (bug 1489820)
Fixed rendering of some web sites (bug 1421885)
Restored compatibility with some sites using deprecated TLS settings (bug 1487517)
Fix screen share on MacOS when using multiple monitors (bug 1487419)
CVE-2018-12386: Type confusion in JavaScript
CVE-2018-12387:
CVE-2018-12385: Crash in TransportSecurityInfo due to cached data
1.5.2:
Fixed XSS vulnerability
Fixed Peewee support
Added detail view column formatters
Updated Flask-Login example to work with the newer version of the library
Various SQLAlchemy-related fixes
Various Windows related fixes for the file admin
PHP 7.2: Removed deprecated function each().
PHP 7.2: Avoid count() calls on uncountable variables.
PHP 7.2: Removed deprecated create_function() call.
PHP 7.2: Make sure variables are arrays in theme_links().
Fixed theme-settings.php not being loaded on cached forms
1.1.2:
Invalid characters present in Excel worksheet name
- Major Changes
- Django 2.0 compatibility
- Improved interface to database connection management
- Minor Changes
- Documentation updates
- Load images over same protocol as originating page
Changes with nginx 1.15.5:
*) Bugfix: a segmentation fault might occur in a worker process when
using OpenSSL 1.1.0h or newer; the bug had appeared in 1.15.4.
*) Bugfix: of minor potential bugs.
Changes with nginx 1.15.4:
*) Feature: now the "ssl_early_data" directive can be used with OpenSSL.
*) Bugfix: in the ngx_http_uwsgi_module.
Thanks to Chris Caputo.
*) Bugfix: connections with some gRPC backends might not be cached when
using the "keepalive" directive.
*) Bugfix: a socket leak might occur when using the "error_page"
directive to redirect early request processing errors, notably errors
with code 400.
*) Bugfix: the "return" directive did not change the response code when
returning errors if the request was redirected by the "error_page"
directive.
*) Bugfix: standard error pages and responses of the
ngx_http_autoindex_module module used the "bgcolor" attribute, and
might be displayed incorrectly when using custom color settings in
browsers.
Thanks to Nova DasSarma.
*) Change: the logging level of the "no suitable key share" and "no
suitable signature algorithm" SSL errors has been lowered from "crit"
to "info".
2.1.3:
Fix: Readme, add direct linkt to screencast video
Fix: graph_models, regression under Python 2
Fix: ForeignKeyAutocompleteAdmin, 2.0.8 breaks ForeignKeyAutocompleteAdmin
Fix: AutoSlugField, fix regression when copying an autoslug model require the explicit clearing of the slug if it needs to be recalculated
Fix: technical_response, check for AttributeError
Improvement: graph_models, Add feature disable_abstract_fields
Improvement: AutoSlugField, Add overwrite_on_add
Improvement: runscript, Improve module existence test in runscript
1.1.0:
fix: Django2.1 ImportExportModelAdmin export
setup: add django2.1 to test matrix
JSONWidget for jsonb fields
Add ExportActionMixin
Add Import Export Permissioning
write_to_tmp_storage() for import_action()
follow relationships on ForeignKeyWidget
Update all pypi.python.org URLs to pypi.org
added test for tsv import
added unicode support for TSV for pytjhon 2
Added ExportViewMixin
Changes:
Fri Sep 7 00:04:41 CEST 2018 mikulas:
Fix verifying SSL certificates for numeric IPv6 addresses
Thu Sep 6 22:07:03 CEST 2018 mikulas:
Delete the option -ftp.fast - it doesn't always work and ftp performance
is not an issue anymore
Passive ftp enabled by default because it will more likely work than
the port command
Wed Sep 5 22:39:11 CEST 2018 mikulas:
Add bold and monospaced Turkish letter 'i' without a dot
Wed Sep 5 01:28:31 cet 2018 mikulas:
On OS/2 allocate OpenSSL memory from the lower heap
It fixes SSL on systems with old 16-bit TCP/IP stack
Fri Aug 31 18:06:26 CEST 2018 mikulas:
Fix IPv6 on OpenVMS Alpha
Thu Jul 26 07:34:24 CEST 2018 mikulas:
Support mouse scroll wheel in textarea
Thu Jul 26 05:24:17 CEST 2018 mikulas:
Delete the option -http-bugs.bug-302-redirect - RFC7231 allows the
"buggy" behavior and defines new codes 307 and 308 that retain the
post data
Wed Jul 18 21:00:23 CEST 2018 mikulas:
X11 - fixed colormap leak when creating a new window
Mon Jul 16 02:33:26 CEST 2018 mikulas:
Fixed an infinite loop that happened in graphics mode if the user
clicked on OK in "Miscellaneous options" dialog and more than one
windows were open.
This bug was introduced in Links 2.15.
Sun Jul 15 21:36:04 CEST 2018 mikulas:
Support 6x6x6 RGB palette in 256-bit color mode on framebuffer
The palette may be switched in the "video options" menu
The 8x8x4 palette has better image quality
The 6x6x6 palette preserves gray
Sat Jul 14 04:49:45 cet 2018 mikulas:
Implement dithering properly on OS/2 in 15-bit and 16-bit color mode
In 8-bit mode, Links may optionally use a private palette - it
improves visual quality of Links images, but degrades visual
quality of other concurrently running programs.
Thu Jul 12 23:06:48 CEST 2018 mikulas:
Improve scrolling smoothness when the user drags the whole document
Thu Jul 12 06:48:00 cet 2018 mikulas:
On OS/2, allocate large memory blocks directly (not with malloc)
- it reduces memory waste
Thu Jul 12 00:56:57 cet 2018 mikulas:
Fixed a bug that setting terminal title and resizing a terminal didn't
work on OS/2 and Windows. The bug was introduced in Links 2.16 when
shutting up coverity warnings.
Sun Jun 17 15:31:28 CEST 2018 mikulas:
Set link color to yellow by default
Sun Jun 17 14:04:07 CEST 2018 mikulas:
Delete the option -http-bugs.bug-post-no-keepalive
It was needed in 1999 to avoid some bug in some http server and it is
not needed anymore
Tue Jun 5 20:24:42 CEST 2018 mikulas:
Trust Content-Length on HTTP/1.0 redirect requests
This fixes hangs with misbehaving servers that honor Connection:
keep-alive but send out HTTP/1.0 reply without Connection: keep-alive.
Links thought that they don't support keep-alive and waited for the
connection to close (for example http://www.raspberrypi.org/)
Tue May 22 00:51:35 CEST 2018 mikulas:
Use keys 'H' and 'L' to select the top and bottom link on the current
page
Django 2.1.2:
CVE-2018-16984: Password hash disclosure to “view only” admin users
Fixed a regression where nonexistent joins in F() no longer raised FieldError
Fixed a regression where files starting with a tilde or underscore weren’t ignored by the migrations loader
Made migrations detect changes to Meta.default_related_name
Added compatibility for cx_Oracle 7
Fixed a regression in Django 2.0 where unique index names weren’t quoted
Fixed a regression where sliced queries with multiple columns with the same name crashed on Oracle 12.1
Fixed a crash when a user with the view (but not change) permission made a POST request to an admin user change form
Selenium 3.14.1
* Fix ability to set timeout for urllib3
* get_cookie uses w3c endpoint when compliant
* Remove body from GET requests
* Fix actions pause for fraction of a second
* Fixed input pausing for some actions methods
* Capabilities can be set on Options classes
* WebElement rect method is now forward compatible for OSS endpoints
* Deprecation warnings now have a stacklevel of 2
* keep_alive can now be set on Webdriver init
* isDisplayed atom is now used for all w3c compliant browser, fixing issue with Safari 12
Changes with Apache 2.4.35
*) http: Enforce consistently no response body with both 204 and 304
statuses.
*) mod_status: Cumulate CPU time of exited child processes in the
"cu" and "cs" values. Add CPU time of the parent process to the
"c" and "s" values.
*) mod_proxy: Improve the balancer member data shown in mod_status when
"ProxyStatus" is "On": add "busy" count and show byte counts in
auto mode always in units of kilobytes.
*) mod_status: Add cumulated response duration time in milliseconds.
*) mod_status: Complete the data shown for async MPMs in "auto" mode.
Added number of processes, number of stopping processes and number
of busy and idle workers.
*) mod_ratelimit: Don't interfere with "chunked" encoding, fixing regression
introduced in 2.4.34.
*) mod_proxy: Remove load order and link dependency between mod_lbmethod_*
modules and mod_proxy.
*) Allow the argument to <IfFile>, <IfDefine>, <IfSection>, <IfDirective>,
and <IfModule> to be quoted. This is primarily for the benefit of
<IfFile>.
*) mod_watchdog: Correct some log messages.
*) mod_md: When the last domain name from an MD is moved to another one,
that now empty MD gets moved to the store archive.
*) mod_ssl: Fix merging of SSLOCSPOverrideResponder.
*) mod_proxy_balancer: Restore compatibility with APR 1.4.
3.8.4 / 2018-09-18
Bug Fixes
* 3.8.x: security: fix include bypass of EntryFilter#filter symlink check
(#7228)
3.8.3 / 2018-06-05
Bug Fixes
* Fix --unpublished not affecting collection documents (#7027)
3.8.2 / 2018-05-18
Bug Fixes
* Add whitespace control to LIQUID_TAG_REGEX (#7015)
3.8.1 / 2018-05-01
Bug Fixes
* Fix rendering Liquid constructs in excerpts (#6945)
* Liquify documents unless published == false (#6959)
3.8.0 / 2018-04-19
Minor Enhancements
* Two massive performance improvements for large sites (#6730)
* Cache the list of documents to be written (#6741)
* Allow Jekyll Doctor to detect stray posts dir (#6681)
* Excerpt relative-path should match its path (#6597)
* Remind user to resolve conflict in jekyll new with --force (#6801)
* Memoize helper methods in site-cleaner (#6808)
* Compute document's relative_path faster (#6767)
* Create a single instance of PostReader per site (#6759)
* Allow date filters to output ordinal days (#6773)
* Change regex to sanitize and normalize filenames passed to LiquidRenderer
(#6610)
* Allow passing :strict_variables and :strict_filters options to Liquid's
renderer (#6726)
* Debug writing files during the build process (#6696)
* Improve regex usage in Tags::IncludeTag (#6848)
* Improve comment included in the starter index.md (#6916)
* Store and retrieve converter instances for Jekyll::Filters via a hash (#6856)
* Implement a cache within the where filter (#6868)
* Store regexp in a constant (#6887)
* Optimize computing filename in LiquidRenderer (#6841)
Documentation
* Adding the jekyll-algolia plugin to the list of plugins (#6737)
* Added Premonition plugin to list of plugins (#6750)
* Add document on releasing a new version (#6745)
* Mention Talkyard, a new commenting system for Jekyll and others. (#6752)
* Add 'jekyll-fontello' to plugins (#6757)
* Install dh-autoreconf on Windows (#6765)
* Fix common typos (#6764)
* Fix documentation for {{ page.excerpt }} (#6779)
* Update docs on permalink configuration (#6775)
* Propose fix some typos (#6785)
* Say hello to Jekyll's New Lead Developer (#6790)
* Add reference to Liquid to plugin docs (#6794)
* Draft a release post for v3.7.3 (#6803)
* add missing step for gem-based theme conversion (#6802)
* Update windows.md to explain an issue with jekyll new. (#6838)
* Add Bundler Installation Instructions (#6828)
* Docs: describe difference between tags and categories (#6882)
* Add jekyll-random plugin to docs (#6833)
* Fixed typo in description of categories and tags (#6896)
* Add missing ul-tag (#6897)
* doc: add liquid tag plugin jekyll-onebox for html previews (#6898)
* Add jekyll-w2m to plugins (#6855)
* Fix tutorials navigation HTML (#6919)
* add Arch Linux instalation troubleshoot (#6782)
* Docs: Install Jekyll on macOS (#6881)
* Fix CodeClimate badges [ci skip] (#6930)
* Update index.md (#6933)
Site Enhancements
* Remove links to Gists (#6751)
* Always load Google Fonts over HTTPS (#6792)
* always load analytics.js over HTTPS (#6807)
Bug Fixes
* Append appropriate closing tag to Liquid block in an excerpt ### -minor
(#6724)
* Bypass rendering via Liquid unless required (#6735)
* Delegated methods after private keyword are meant to be private (#6819)
* Improve handling non-default collection documents rendering and writing
(#6795)
* Fix passing multiline params to include tag when using the variable syntax
(#6858)
* include_relative tag should find related documents in collections gathered
within custom collections_dir (#6818)
* Handle liquid tags in excerpts robustly (#6891)
* Allow front matter defaults to be applied properly to documents gathered
under custom collections_dir (#6885)
3.7.4 / 2018-09-07
Bug Fixes
* Security: fix include bypass of EntryFilter#filter symlink check (#7224)
## 2.5.0 / 2018-05-18
* Docs: Prevent GitHub Pages from processing Liquid raw tag (#276)
### Documentation
* Use gems config key for Jekyll < 3.5.0 (#255)
* docs/usage - replace "below" with correct link (#280)
### Development Fixes
* Test against Ruby 2.5 (#260)
* add tests for twitter.card types (#289)
* Target Ruby 2.3 and Rubocop 0.56.0 (#292)
### Minor Enhancements
* Add webmaster_verifications for baidu (#263)
* Include page number in title (#250)
* Configure default Twitter summary card type (V2) (#225)
2.0.4 / 2018-09-15
* Don't blow up when passing frozen string to send_file disposition #1137 by
Andrew Selder
* Fix ubygems LoadError #1436 by Pavel Rosický
* Unescape regex captures #1446 by Jordan Owens
* Slight performance improvements for IndifferentHash #1427 by Mike Pastore
* Improve development support and documentation and source code by Will Yang,
Jake Craige, Grey Baker and Guilherme Goettems Schneider
2.0.3 / 2018-06-09
* Fix the backports gem regression #1442 by Marc-André Lafortune
2.0.2 / 2018-06-05
* Escape invalid query parameters #1432 by Kunpei Sakai
o The patch fixes CVE-2018-11627.
* Fix undefined method error for Sinatra::RequiredParams with hash key #1431
by Arpit Chauhan
* Add xml content-types to valid html_types for Rack::Protection #1413 by
Reenan Arbitrario
* Encode route parameters using :default_encoding setting #1412 by Brian
m. Carlson
* Fix unpredictable behaviour from Sinatra::ConfigFile #1244 by John Hope
* Add Sinatra::IndifferentHash#slice #1405 by Shota Iguchi
* Remove status code 205 from drop body response #1398 by Shota Iguchi
* Ignore empty captures from params #1390 by Shota Iguchi
* Improve development support and documentation and source code by Zp Yuan,
Andreas Finger, Olle Jonsson, Shota Iguchi, Nikita Bulai and Joshua O'Brien
## 1.2.8
- restore support for Ruby 2.0+
## 1.2.7
- fix bug in previous version for Ruby 2.3
## 1.2.6
- duplicate variables passed in initializers to avoid changing them
5.4.1 (2018-07-23)
This release quiets some warnings for Ruby 2.6 preview releases
and enables tests to pass under Ruby 1.9.3. Otherwise, nothing
interesting for Ruby 2.0..2.5 users.
3.14.0 (2018-08-03)
===================
Ruby:
* Allow to customize default duration of movement of pointer actions using
Driver#action#default_move_duration= (thanks @prakharrr)
* Fixed an accidentally removed Selenium::WebDriver::Error::TimeoutError (thanks @twalpole)
Server:
* Fixed an issue when Server.latest couldn't parse the version
Remote:
* Added support for uploading multiple files by passing them as a string
separated by \n to Element#send_keys. Please, note that not all the drivers
have multiple file upload implemented (tested to work in ChromeDriver).
3.13.1 (2018-07-20)
===================
Chrome:
* Fixed an issue when empty Chrome options would cause DevToolsActivePort issue (thanks @artplan1)
Remote:
* Support detecting local files (thanks @mskvn)
3.13.0 (2018-06-25)
===================
Ruby:
* Address warnings for redefined methods and uninitialized instance variables
Chrome:
* Chrome options capabilities updated to use goog:chromeOptions.
Note that Selenium now requires ChromeDriver v2.31 at minimum.
* Added ability to tell headless Chrome to save files using Driver#download_path= (thanks @pelly)
3.12.0 (2018-05-08)
===================
Ruby:
* Added User-Agent header to requests from Selenium to give remote
ends more visibility into distribution of clients (thanks @sah)
* Added Selenium::WebDriver::VERSION constant (thanks @sah)
* Added changelog link to RubyGems page
* Fixed a bug when requests were sent with empty Content-Type,
which should instead be application/json (issue #5615 and #5659)
* Fixed a bug when failed connection attempt was retried without
grace period for remote to resolve its problem (thanks @amckinley42)
* Fixed a bug with accidentally removed HasNetworkConnection driver extension
Chrome:
* Fixed a bug when deprecation message for using Chrome extensions
was incorrectly shown (thanks @treby)
Safari:
* Added support getting permissions via Driver#permissions
* Added support setting permissions via Driver#permissions=
* Added support enabling web inspector via Driver#attach_debugger
3.2.1: (2018/08/16)
https://github.com/jneen/rouge/compare/v3.2.0...v3.2.1
* Perl Lexer
o Allow any non-whitespace character to delimit regexes (#974 by dblessing)
- Details: In specific cases where a previously unsupported regex
delimiter was used, a later rule could cause a backtrack in the regex
system. This resulted in Rouge hanging for an unspecified amount of
time.
3.2.0: (2018/08/02)
https://github.com/jneen/rouge/compare/v3.1.1...v3.2.0
* General
o Load pastie theme (#809 by rramsden)
o Fix build failures (#892 by olleolleolle)
o Update CLI style help text (#923 by nixpulvis)
o Fix HTMLLinewise formatter documentation in README.md (#910 by rohitpaulk)
* Terraform Lexer (NEW - #917 by lowjoel)
* Crystal Lexer (NEW - #441 by splattael)
* Scheme Lexer
o Allow square brackets (#849 by EFanZh)
* Haskell Lexer
o Support for Quasiquotations (#868 by enolan)
* Java Lexer
o Support for Java 10 var keyword (#888 by lc-soft)
* VHDL Lexer
o Fix time_vector keyword typo (#911 by ttobsen)
* Perl Lexer
o Recognize .t as valid file extension (#918 by miparnisari)
* Nix Lexer
o Improved escaping sequences for indented strings (#926 by veprbl)
* Fortran Lexer
o Recognize .f as valid file extension (#931 by veprbl)
* Igor Pro Lexer
o Update functions and operations for Igor Pro 8 (#921 by t-b)
* Julia Lexer
o Various improvements and fixes (#912 by ararslan)
* Kotlin Lexer
o Recognize .kts as valid file extension (#908 by mkobit)
* CSS Lexer
o Minor fixes (#916 by miparnisari)
* HTML Lexer
o Minor fixes (#916 by miparnisari)
* Javascript Lexer
o Minor fixes (#916 by miparnisari)
* Markdown Lexer
o Images may not have alt text (#904 by Himura2la)
* ERB Lexer
Fix greedy comment matching (#902 by ananace)
## 3.12.0 / 2018-07-13
* 5 features:
* You can now specify which SSL ciphers the server should support, default is unchanged (#1478)
* The setting for Puma's `max_threads` is now in `Puma.stats` (#1604)
* Pool capacity is now in `Puma.stats` (#1579)
* Installs restricted to Ruby 2.2+ (#1506)
* `--control` is now deprecated in favor of `--control-url` (#1487)
* 2 bugfixes:
* Workers will no longer accept more web requests than they have capacity to process. This prevents an issue where one worker would accept lots of requests while starving other workers (#1563)
* In a test env puma now emits the stack on an exception (#1557)
Mustermann 1.0.3 (2018-08-17)
* Handle with_look_ahead on SafeRenderer. Fixes sinatra/sinatra#1409
@namusyaka
* Fix EqualityMap#fetch to be compatible with the fallback Hash#fetch. Fixes
#89 @eregon
* Improve code base and documentation. @sonots, @iguchi1124
=== 2.7.6
* New Features
* Mechanize#set_proxy accepts an HTTP URL/URI. (#513)
* Bug fix
* Fix element(s)_with(search: selector) methods not working for forms, form fields and frames. (#444)
* Improve the filename parser for the `Content-Disposition` header. (#496, #517)
* Accept `Content-Encoding: identity`. (#515)
* Mechanize::Page#title no longer picks a title in an embeded SVG/RDF element. (#503)
* Make Mechanize::Form#has_field? boolean. (#501)
# Version 3.8.0
Release date: 2018-09-20
### Added
* Workaround gecodriver 0.22 issue with undefined pause durations
* :element selector ignores XML namespaces
### Fixed
* Added Errno::ECONNRESET to the errors which will allows https server detection
# Version 3.7.2
Release date: 2018-09-12
### Fixed
* Fix MatchQuery based matchers when used on a root element found using any type of parent/ancestor query - Issue #2097
* Fix Chrome/FF HTML5 drag simulation for elements (a, img) which default to draggable - Issue #2098
# Version 3.7.1
Release date: 2018-09-05
### Fixed
* Restored ability to pass symbol as the CSS selector when calling `has_css?`/`have_css`/etc - Issue #2093
# Version 3.7.0
Release date: 2018-09-02
### Added
* `Capybara.disable_animation` can be set to a CSS selector to identify which elements will have animation disabled [Michael Glass]
* `Capybara.default_normalize_ws` option which sets whether or not text predicates and matchers (`has_text?`, `has_content?`, `assert_text`, etc) use `normalize_ws` option by default. Defaults to false. [Stegalin Ivan]
* Selector based predicates, matchers, and finders now support the `:normalize_ws` option for the `:text`/`:exact_text` filters. Defaults to the `Capybara.default_normalize_ws`setting above.
* Element `choose`/`check`/`uncheck`/`attach_file`/`fill_in` can now operate on the element they're called on or a descendant if no locator is passed.
### Fixed
* All CSS styles applied by the `Element#attach_file` `:make_visible` option will now have `!important` priority set to ensure they override any other specified style.
* Firefox file inputs are only manually cleared when necessary.
# Version 3.6.0
Release date: 2018-08-14
### Added
* Workaround geckodriver/firefox send_keys issues as much as possible using the Selenium actions API
* Workaround lack of HTML5 native drag and drop events when using Selenium driver with Chrome and FF >= 62
* `Capybara.predicates_wait` option which sets whether or not Capybaras matcher predicate methods (`has_css?`, `has_selector?`, `has_text?`, etc.) default to using waiting/retrying behavior (defaults to true)
# Version 3.5.1
Release date: 2018-08-03
### Fixed
* Fixed misspelled method name `refute_matches_elector` => `refute_matches_selector`
# Version 3.5.0
Release date: 2018-08-01
### Added
* text predicates and matchers (`has_text?`, `has_content?`, `assert_text`, etc) now support a `normalize_ws` option
### Fixed
* `attach_file` with Selenium and local Firefox 62+ now correctly generates only one change event when attaching multiple files
# Version 3.4.2
Release date: 2018-07-24
### Fixed
* `match_xxx` selectors and `matches_xxx?` predicates work correctly with elements found using a sibling selector - Issue #2073
# Version 3.4.1
Release date: 2018-07-20
### Fixed
* `Session#evaluate_script` now strips the script in `Session` rather than only in the Selenium driver
# Version 3.4.0
Release date: 2018-07-19
### Fixed
* Make selenium driver :backspace clear stategy work even if caret location is in middle of field content [Champier Cyril]
* Selenium issue with fieldset nested in disabled fieldset not being considered disabled
* `Session#evaluate_script` and `Element#evaluate_script` now strip leading/trailing whitespace from scripts [Ian Lesperance]
### Added
* Work around Selenium lack of support for `file_detector` with remote geckodriver
* `#within_frame` locator is optional when only one frame exists
* `Capybara.test_id` option that allows for matching the Capybara provided selector types on an arbitrary attribute
(defaults to nil), set to your test id attribute ('data-test-id, etc) if using test id attributes in your project
# Version 3.3.1
Release date: 2018-06-27
### Fixed
* `selenium-webdriver` version check [ahorek]
* Selenium driver correctly responds to `disabled?` for fieldset elements - Issue #2059 [Thomas Walpole]
# Version 3.3.0
Release date: 2018-06-25
### Added
* RackTest driver now handles 307/308 redirects
* `execute_async_script` can now be called on elements to run the JS in the context of the element
* `:download` filter option on `:link' selector
* `Window#fullscreen`
* `Element#style` and associated matchers
### Changed
* Minimum "supported" `selenium-webdriver` is raised to 3.5.0 (but you really should be using newer than that)
### Fixes
* Selenium driver with Firefox workaround for clicking on table row - https://github.com/mozilla/geckodriver/issues/1228
* :class and :id filters applied to CSS based selectors now correctly handle the CSS comma
* Selenium driver handles namespaces when generating an elements `#path` - Issue #2048
# Version 3.2.1
Release date: 2018-06-04
### Fixes
* Only split CSS selectors when :class or :id options are given. Restores 3.1.1 functionality for now but the underlying issue
will require a larger fix, hopefully coming soon. - Issue #2044 [Thomas Walpole]
# Version 3.2.0
Release date: 2018-06-01
### Changed
* Ruby 2.3.0+ is now required
* `ElementNotFound` errors raised in selector filters are interpreted as non-matches
### Added
* New global configuration `default_set_options` used in `Capybara::Node::Element#set` as default `options` hash [Champier Cyril]
* `execute_script` and `evaluate_script` can now be called on elements to run the JS in the context of the element [Thomas Walpole]
* Filters in custom selectors now support a `matcher` Regexp to handle multiple filter options [Thomas Walpole]
* `:element` selector type which will match on any attribute (other than the reserved names) passed as a filter option [Thomas Walpole]
* `:class` filter option now supports preceding class names with `!` to indicate not having that class [Thomas Walpole]
* `:class` and `:id` filter options now accept `XPath::Expression` objects to allow for more flexibility in matching [Thomas Walpole]
* `Capybara.disable_animation` setting which triggers loading of a middleware that attempts to disable animations in pages.
This is very much a beta feature and may change/disappear in the future. [Thomas Walpole]
# Version 3.1.1
Release date: 2018-05-25
### Fixes
* Ensure keystrokes are sent when setting time/date fields to a string with the Selenium driver [Thomas Walpole]
# Version 3.1.0
Release date: 2018-05-10
### Added
* Support for using `select` with text inputs associated with a datalist element
* `type` filter on `:button` selector
* Support for server operating in https mode
* Selenium driver now uses JS to fill_in/set date and time fields when passed date or time objects [Aleksei Gusev, Thomas Walpole]
Emergency fix for a major bug that messes up the cluster view page.
Fixed upstream in the next release, but there is another regression
in the latest release that still needs to be identified before upgrading.
Remove www/contao45 package since Contao 4.5 were not distributed as
release tar files since version 4.5.11. And it is EOL by release of
Contao 4.6 after 28th Aug 2018.
And Contao 4.6 is also only available via Contao Manager. Please refer
<https://contao.org/download.html> in detail.
Remove www/contao44 package since Contao 4.4 were not distributed as
release tar files since version 4.4.21.
Instead, Contao 4.4 is available via Contao Manager. Please refer
<https://contao.org/download.html> in detail.
Version 3.5.36 (2018-09-18)
---------------------------
### Fixed
Prevent arbitrary code execution through .phar files (see CVE-2018-17057).
### Fixed
Correctly reset the autologin data upon logout (#8868).
### Fixed
Remove support for deprecated user password hashes (see #8889).
Tornado 5.1.1:
Bug fixes
Fixed an case in which the Future returned by RequestHandler.finish could fail to resolve.
The TwitterMixin.authenticate_redirect method works again.
Improved error handling in the tornado.auth module, fixing hanging requests when a network or other error occurs.
Upstream changes:
Moodle 3.5.2 release notes
Releases > Moodle 3.5.2 release notes
Release date: 10 September 2018
Here is the full list of fixed issues in 3.5.2.
Contents
1 Highlights
2 Fixes and improvements
3 Security issues
4 See also
Highlights
MDL-61652 - Configuration as to who can download SAR data
MDL-62026 - Privacy officer can mark general enquiries as complete
MDL-62660 - Option to set a data request expiry time
MDL-57741 - Launch URL for Publish as LTI tool
MDL-57977 - Global search allows searching for users by alternate name
Fixes and improvements
MDL-60826 - Memory exhaustion error when trying to add/edit calendar event as admin
MDL-60874 - Clearer search results in user enrolment
MDL-62782 - Users with the capability mod/assign:viewgrades can also view uploaded feedback files
MDL-62849 - Filemanager: cannot manage files when there are folders
MDL-62534 - Empty course sections deleted when upgrading
MDL-62600 - Admin is misinformed that there are no data requests
MDL-61351 - Shibboleth logout does not handle file sessions correctly
MDL-62996 - Missing upgrade.php file on tool_dataprivacy may cause errors when upgrading from 3.3 or 3.4
MDL-62643 - Online text assignment submissions generate a blank HTML document for grading when no text is entered
MDL-61515 - The current core php-css-parser prefixing library does not support sass syntax "@supports"
MDL-61424 - When token is rejected from moodle.net provide option to unregister
MDL-59847 - Behaviour when city/country are hiddenfields and identityfields at the same time
MDL-62965 - User profile fields missing on signup page
MDL-62889 - Multiple fixes when redirecting to a URL after clicking on a notification
MDL-62989 - Data requests are listed by date requested for users
MDL-62896 - Some non-core plugins are missing their Additional label on the Plugin data registry page
MDL-62993 - External tool Message in Membership Service not in an Array
MDL-62969 - External tool LtiLinkMemberships URL is invalid
MDL-62581 - Boost Course restore screen styling improvements
MDL-62769 - "Statistics for question positions" graph shows last shown variant, not stats for overall question
MDL-62341 - 'Go back to previous page' link on All policies page
MDL-62746 - Boost core_tag modals content layout improvements
MDL-45389 - Forum index page alignment improvements
MDL-61707 - Pre-signup (minor check) session is not deleted upon signup
MDL-62852 - All policies page lists policy type and audience
Security issues
A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
Changelog:
#CVE-2018-12377: Use-after-free in refresh driver timers
#CVE-2018-12378: Use-after-free in IndexedDB
#CVE-2018-12379: Out-of-bounds write with malicious MAR file
#CVE-2017-16541: Proxy bypass using automount and autofs
#CVE-2018-12381: Dragging and dropping Outlook email message results in page navigation
#CVE-2018-12376: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2
Git 2.19 Release Notes
Updates since v2.18
-------------------
UI, Workflows & Features
* "git diff" compares the index and the working tree. For paths
added with intent-to-add bit, the command shows the full contents
of them as added, but the paths themselves were not marked as new
files. They are now shown as new by default.
"git apply" learned the "--intent-to-add" option so that an
otherwise working-tree-only application of a patch will add new
paths to the index marked with the "intent-to-add" bit.
* "git grep" learned the "--column" option that gives not just the
line number but the column number of the hit.
* The "-l" option in "git branch -l" is an unfortunate short-hand for
"--create-reflog", but many users, both old and new, somehow expect
it to be something else, perhaps "--list". This step warns when "-l"
is used as a short-hand for "--create-reflog" and warns about the
future repurposing of the it when it is used.
* The userdiff pattern for .php has been updated.
* The content-transfer-encoding of the message "git send-email" sends
out by default was 8bit, which can cause trouble when there is an
overlong line to bust RFC 5322/2822 limit. A new option 'auto' to
automatically switch to quoted-printable when there is such a line
in the payload has been introduced and is made the default.
* "git checkout" and "git worktree add" learned to honor
checkout.defaultRemote when auto-vivifying a local branch out of a
remote tracking branch in a repository with multiple remotes that
have tracking branches that share the same names.
(merge 8d7b558bae ab/checkout-default-remote later to maint).
* "git grep" learned the "--only-matching" option.
* "git rebase --rebase-merges" mode now handles octopus merges as
well.
* Add a server-side knob to skip commits in exponential/fibbonacci
stride in an attempt to cover wider swath of history with a smaller
number of iterations, potentially accepting a larger packfile
transfer, instead of going back one commit a time during common
ancestor discovery during the "git fetch" transaction.
(merge 42cc7485a2 jt/fetch-negotiator-skipping later to maint).
* A new configuration variable core.usereplacerefs has been added,
primarily to help server installations that want to ignore the
replace mechanism altogether.
* Teach "git tag -s" etc. a few configuration variables (gpg.format
that can be set to "openpgp" or "x509", and gpg.<format>.program
that is used to specify what program to use to deal with the format)
to allow x.509 certs with CMS via "gpgsm" to be used instead of
openpgp via "gnupg".
* Many more strings are prepared for l10n.
* "git p4 submit" learns to ask its own pre-submit hook if it should
continue with submitting.
* The test performed at the receiving end of "git push" to prevent
bad objects from entering repository can be customized via
receive.fsck.* configuration variables; we now have gained a
counterpart to do the same on the "git fetch" side, with
fetch.fsck.* configuration variables.
* "git pull --rebase=interactive" learned "i" as a short-hand for
"interactive".
* "git instaweb" has been adjusted to run better with newer Apache on
RedHat based distros.
* "git range-diff" is a reimplementation of "git tbdiff" that lets us
compare individual patches in two iterations of a topic.
* The sideband code learned to optionally paint selected keywords at
the beginning of incoming lines on the receiving end.
* "git branch --list" learned to take the default sort order from the
'branch.sort' configuration variable, just like "git tag --list"
pays attention to 'tag.sort'.
* "git worktree" command learned "--quiet" option to make it less
verbose.
Performance, Internal Implementation, Development Support etc.
* The bulk of "git submodule foreach" has been rewritten in C.
* The in-core "commit" object had an all-purpose "void *util" field,
which was tricky to use especially in library-ish part of the
code. All of the existing uses of the field has been migrated to a
more dedicated "commit-slab" mechanism and the field is eliminated.
* A less often used command "git show-index" has been modernized.
(merge fb3010c31f jk/show-index later to maint).
* The conversion to pass "the_repository" and then "a_repository"
throughout the object access API continues.
* Continuing with the idea to programatically enumerate various
pieces of data required for command line completion, teach the
codebase to report the list of configuration variables
subcommands care about to help complete them.
* Separate "rebase -p" codepath out of "rebase -i" implementation to
slim down the latter and make it easier to manage.
* Make refspec parsing codepath more robust.
* Some flaky tests have been fixed.
* Continuing with the idea to programmatically enumerate various
pieces of data required for command line completion, the codebase
has been taught to enumerate options prefixed with "--no-" to
negate them.
* Build and test procedure for netrc credential helper (in contrib/)
has been updated.
* Remove unused function definitions and declarations from ewah
bitmap subsystem.
* Code preparation to make "git p4" closer to be usable with Python 3.
* Tighten the API to make it harder to misuse in-tree .gitmodules
file, even though it shares the same syntax with configuration
files, to read random configuration items from it.
* "git fast-import" has been updated to avoid attempting to create
delta against a zero-byte-long string, which is pointless.
* The codebase has been updated to compile cleanly with -pedantic
option.
(merge 2b647a05d7 bb/pedantic later to maint).
* The character display width table has been updated to match the
latest Unicode standard.
(merge 570951eea2 bb/unicode-11-width later to maint).
* test-lint now looks for broken use of "VAR=VAL shell_func" in test
scripts.
* Conversion from uchar[40] to struct object_id continues.
* Recent "security fix" to pay attention to contents of ".gitmodules"
while accepting "git push" was a bit overly strict than necessary,
which has been adjusted.
* "git fsck" learns to make sure the optional commit-graph file is in
a sane state.
* "git diff --color-moved" feature has further been tweaked.
* Code restructuring and a small fix to transport protocol v2 during
fetching.
* Parsing of -L[<N>][,[<M>]] parameters "git blame" and "git log"
take has been tweaked.
* lookup_commit_reference() and friends have been updated to find
in-core object for a specific in-core repository instance.
* Various glitches in the heuristics of merge-recursive strategy have
been documented in new tests.
* "git fetch" learned a new option "--negotiation-tip" to limit the
set of commits it tells the other end as "have", to reduce wasted
bandwidth and cycles, which would be helpful when the receiving
repository has a lot of refs that have little to do with the
history at the remote it is fetching from.
* For a large tree, the index needs to hold many cache entries
allocated on heap. These cache entries are now allocated out of a
dedicated memory pool to amortize malloc(3) overhead.
* Tests to cover various conflicting cases have been added for
merge-recursive.
* Tests to cover conflict cases that involve submodules have been
added for merge-recursive.
* Look for broken "&&" chains that are hidden in subshell, many of
which have been found and corrected.
* The singleton commit-graph in-core instance is made per in-core
repository instance.
* "make DEVELOPER=1 DEVOPTS=pedantic" allows developers to compile
with -pedantic option, which may catch more problematic program
constructs and potential bugs.
* Preparatory code to later add json output for telemetry data has
been added.
* Update the way we use Coccinelle to find out-of-style code that
need to be modernised.
* It is too easy to misuse system API functions such as strcat();
these selected functions are now forbidden in this codebase and
will cause a compilation failure.
* Add a script (in contrib/) to help users of VSCode work better with
our codebase.
* The Travis CI scripts were taught to ship back the test data from
failed tests.
(merge aea8879a6a sg/travis-retrieve-trash-upon-failure later to maint).
* The parse-options machinery learned to refrain from enclosing
placeholder string inside a "<bra" and "ket>" pair automatically
without PARSE_OPT_LITERAL_ARGHELP. Existing help text for option
arguments that are not formatted correctly have been identified and
fixed.
(merge 5f0df44cd7 rs/parse-opt-lithelp later to maint).
* Noiseword "extern" has been removed from function decls in the
header files.
* A few atoms like %(objecttype) and %(objectsize) in the format
specifier of "for-each-ref --format=<format>" can be filled without
getting the full contents of the object, but just with the object
header. These cases have been optimized by calling
oid_object_info() API (instead of reading and inspecting the data).
* The end result of documentation update has been made to be
inspected more easily to help developers.
* The API to iterate over all objects learned to optionally list
objects in the order they appear in packfiles, which helps locality
of access if the caller accesses these objects while as objects are
enumerated.
* Improve built-in facility to catch broken &&-chain in the tests.
* The more library-ish parts of the codebase learned to work on the
in-core index-state instance that is passed in by their callers,
instead of always working on the singleton "the_index" instance.
* A test prerequisite defined by various test scripts with slightly
different semantics has been consolidated into a single copy and
made into a lazily defined one.
(merge 6ec633059a wc/make-funnynames-shared-lazy-prereq later to maint).
* After a partial clone, repeated fetches from promisor remote would
have accumulated many packfiles marked with .promisor bit without
getting them coalesced into fewer packfiles, hurting performance.
"git repack" now learned to repack them.
* Partially revert the support for multiple hash functions to regain
hash comparison performance; we'd think of a way to do this better
in the next cycle.
* "git help --config" (which is used in command line completion)
missed the configuration variables not described in the main
config.txt file but are described in another file that is included
by it, which has been corrected.
* The test linter code has learned that the end of here-doc mark
"EOF" can be quoted in a double-quote pair, not just in a
single-quote pair.
6.0:
Warning
Version 6.0 introduces the :class:~http.Headers class for managing HTTP headers and changes several public APIs:
:meth:~server.WebSocketServerProtocol.process_request now receives a :class:~http.Headers instead of a :class:~http.client.HTTPMessage in the request_headers argument.
The :attr:~protocol.WebSocketCommonProtocol.request_headers and :attr:~protocol.WebSocketCommonProtocol.response_headers attributes of :class:~protocol.WebSocketCommonProtocol are :class:~http.Headers instead of :class:~http.client.HTTPMessage.
The :attr:~protocol.WebSocketCommonProtocol.raw_request_headers and :attr:~protocol.WebSocketCommonProtocol.raw_response_headers attributes of :class:~protocol.WebSocketCommonProtocol are removed. Use :meth:~http.Headers.raw_items instead.
Functions defined in the :mod:~handshake module now receive :class:~http.Headers in argument instead of get_header or set_header functions. This affects libraries that rely on low-level APIs.
Functions defined in the :mod:~http module now return HTTP headers as :class:~http.Headers instead of lists of (name, value) pairs.
Note that :class:~http.Headers and :class:~http.client.HTTPMessage provide similar APIs.
Also:
Added compatibility with Python 3.7.
3.4.4:
Fix installation from sources when compiling toolkit is not available
3.4.3:
Add app.pre_frozen state to properly handle startup signals in sub-applications.
6.9.0:
[Core] Switched from culprit to transaction for automatic transaction reporting.
[CI] Removed py3.3 from build
[Django] resolved an issue where the log integration would override the user.
v6.5.2
- Fix import of :py:mod:cheroot.ssl.pyopenssl by refactoring and separating
:py:mod:cheroot.makefile's stream wrappers.
- Add initial tests for SSL layer with use of :py:mod:trustme
Changelog:
New
Firefox Home (the default New Tab) now allows users to display up to
4 rows of top sites, Pocket stories, and highlights
"Reopen in Container" tab menu option appears for users with Containers
that lets them choose to reopen a tab in a different container
In advance of removing all trust for Symantec-issued certificates in
Firefox 63, a preference was added that allows users to distrust
certificates issued by Symantec. To use this preference, go to
about:config in the address bar and set the preference
"security.pki.distrust_ca_policy" to 2.
Added FreeBSD support for WebAuthn
Improved graphics rendering for Windows users without accelerated hardware
using Parallel-Off-Main-Thread Painting
Support for CSS Shapes, allowing for richer web page layouts. This goes
hand in hand with a brand new Shape Path Editor in the CSS inspector.
CSS Variable Fonts (OpenType Font Variations) support, which makes it
possible to create beautiful typography with a single font file
Updates for enterprise environments:
AutoConfig is sandboxed to the documented API by default. You
can disable the sandbox by setting the preference
general.config.sandbox_enabled to false. Our long term plan is to
remove the ability to turn off the sandboxing. If you need to
continue to use more complex AutoConfig scripts, you will need to use
Firefox Extended Support Release (ESR).
Added Canadian English (en-CA) locale
Changed
Removed the description field for bookmarks. Users who have stored
descriptions using the field may wish to export these descriptions
as html or json files, as they will be removed in a future release.
Dark theme is automatically enabled in macOS 10.14 dark mode
Changed the default setting to Enforce (3) for the
security.pki.name_matching_mode preference
Adobe Flash applets now run in a more secure mode using process
sandboxing on macOS. Learn how this may affect features here.
Users disconnecting from Sync are now offered the option to wipe
their Firefox profile data (including bookmarks, passwords, history,
cookies, and site data) from their desktop computer
Changed how WebRTC handles screen sharing: When screen-sharing a window,
the window will be brought to front
Developer
Three-pane Inspector in Developer Tools separates the rules into its own
panel
This release includes the following bugfixes:
o security advisory (CVE-2018-14618): NTLM password overflow via integer overflow [73]
o CURLINFO_SIZE_UPLOAD: fix missing counter update [46]
o CURLOPT_ACCEPT_ENCODING.3: list them comma-separated
o CURLOPT_SSL_CTX_FUNCTION.3: might cause accidental connection reuse [72]
o Curl_getoff_all_pipelines: improved for multiplexed [3]
o DEPRECATE: remove release date from 7.62.0
o HTTP: Don't attempt to needlessly decompress redirect body [30]
o INTERNALS: require GnuTLS >= 2.11.3 [62]
o README.md: add LGTM.com code quality grade for C/C++ [42]
o SSLCERTS: improve the openssl command line
o Silence GCC 8 cast-function-type warnings [47]
o ares: check for NULL in completed-callback [3]
o asyn-thread: Remove unused macro [40]
o auth: only pick CURLAUTH_BEARER if we *have* a Bearer token [15]
o auth: pick Bearer authentication whenever a token is available [15]
o cmake: CMake config files are defining CURL_STATICLIB for static builds [54]
o cmake: Respect BUILD_SHARED_LIBS [35]
o cmake: Update scripts to use consistent style [9]
o cmake: bumped minimum version to 3.4 [34]
o cmake: link curl to the OpenSSL targets instead of lib absolute paths [34]
o configure: conditionally enable pedantic-errors [64]
o configure: fix for -lpthread detection with OpenSSL and pkg-config [38]
o conn: remove the boolean 'inuse' field [3]
o content_encoding: accept up to 4 unknown trailer bytes after raw deflate data [5]
o cookie tests: treat files as text
o cookies: support creation-time attribute for cookies [75]
o curl: Fix segfault when -H @headerfile is empty [23]
o curl: add http code 408 to transient list for --retry [78]
o curl: fix time-of-check, time-of-use race in dir creation [71]
o curl: use Content-Disposition before the "URL end" for -OJ [29]
o curl: warn the user if a given file name looks like an option [56]
o curl_threads: silence bad-function-cast warning [69]
o darwinssl: add support for ALPN negotiation [7]
o docs/CURLOPT_URL: fix indentation [20]
o docs/CURLOPT_WRITEFUNCTION: size is always 1 [19]
o docs/SECURITY-PROCESS: mention bounty, drop pre-notify
o docs/examples: add hiperfifo example using linux epoll/timerfd [21]
o docs: add disallow-username-in-url.d and haproxy-protocol.d to dist [50]
o docs: clarify NO_PROXY env variable functionality [70]
o docs: improved the manual pages of some callbacks [48]
o docs: mention NULL is fine input to several functions [43]
o formdata: Remove unused macro HTTPPOST_CONTENTTYPE_DEFAULT [40]
o gopher: Do not translate `?' to `%09' [67]
o header output: switch off all styles, not just unbold [8]
o hostip: fix unused variable warning
o http2: Use correct format identifier for stream_id [77]
o http2: abort the send_callback if not setup yet [63]
o http2: avoid set_stream_user_data() before stream is assigned [61]
o http2: check nghttp2_session_set_stream_user_data return code [55]
o http2: clear the drain counter in Curl_http2_done [27]
o http2: make sure to send after RST_STREAM [58]
o http2: separate easy handle from connections better [12]
o http: fix for tiny "HTTP/0.9" response [51]
o http_proxy: Remove unused macro SELECT_TIMEOUT [40]
o lib/Makefile: only do symbol hiding if told to [32]
o lib1502: fix memory leak in torture test [44]
o lib1522: fix curl_easy_setopt argument type
o libcurl-thread.3: expand somewhat on the NO_SIGNAL motivation [66]
o mime: check Curl_rand_hex's return code [22]
o multi: always do the COMPLETED procedure/state [3]
o openssl: assume engine support in 1.0.0 or later [2]
o openssl: fix debug messages [39]
o projects: Improve Windows perl detection in batch scripts [49]
o retry: return error if rewind was necessary but didn't happen [28]
o reuse_conn(): memory leak - free old_conn->options [17]
o schannel: client certificate store opening fix [68]
o schannel: enable CALG_TLS1PRF for w32api >= 5.1
o schannel: fix MinGW compile break [1]
o sftp: don't send post-qoute sequence when retrying a connection [79]
o smb: fix memory leak on early failure [26]
o smb: fix memory-leak in URL parse error path [4]
o smb_getsock: always wait for write socket too [11]
o ssh-libssh: fix infinite connect loop on invalid private key [53]
o ssh-libssh: reduce excessive verbose output about pubkey auth [53]
o ssh-libssh: use FALLTHROUGH to silence gcc8 [76]
o ssl: set engine implicitly when a PKCS#11 URI is provided [36]
o sws: handle EINTR when calling select() [24]
o system_win32: fix version checking [16]
o telnet: Remove unused macros TELOPTS and TELCMDS [40]
o test1143: disable MSYS2's POSIX path conversion [10]
o test1148: disable if decimal separator is not point [65]
o test1307: (fnmatch testing) disabled [31]
o test1422: add required file feature [6]
o test1531: Add timeout [41]
o test1540: Remove unused macro TEST_HANG_TIMEOUT [40]
o test214: disable MSYS2's POSIX path conversion for URL
o test320: treat curl320.out file as binary [14]
o tests/http_pipe.py: Use /usr/bin/env to find python
o tests: Don't use Windows path %PWD for SSH tests [74]
o tests: fixes for Windows line endlings [13]
o tool_operate: Fix setting proxy TLS 1.3 ciphers
o travis: build darwinssl on macos 10.12 to fix linker errors [33]
o travis: execute "set -eo pipefail" for coverage build [45]
o travis: run a 'make checksrc' too [25]
o travis: update to GCC-8 [52]
o travis: verify that man pages can be regenerated [50]
o upload: allocate upload buffer on-demand [60]
o upload: change default UPLOAD_BUFSIZE to 64KB [60]
o urldata: remove unused pipe_broke struct field [57]
o vtls: reinstantiate engine on duplicated handles [59]
o windows: implement send buffer tuning [37]
o wolfSSL/CyaSSL: Fix memory leak in Curl_cyassl_random [18]
From the changelog:
10.0.9 - 2018-07-17
Added
Added account module middleware to be able to plug in logic after authentication - #31883#31933
occ user:list now takes a list of attributes to display - #31115
Added Symfony events for user preference changes - #31266
Added Symfony events for public links shared by email - #31632
Added Symfony events for accept and reject for local shares - #31702
Added support for Imprint and Privacy Policy URLs in web UI and email footers - #31666#31699#31730#31766
Added HTML template for lost password email - #31144
Received local shares can now trigger a notification to accept or reject them, also visible in "Shared with you" section - #31613#31886
Rejected shares can now be accepted again in the "Shared with you" section - #31613
Provide original exception via logging events - #31623
Share autocomplete now displays useful tooltip when typing less characters - #31729
Added public Webdav API for versions using a new "meta" DAV endpoint - #31729#29637#31805#31801
Added support for retrieving file previews using Webdav endpoint - #29319#30192#31748#31788#31862#31865
Added versioning support for primary object store - #29607#31285#31595
Changed
Updated ca-bundle.crt - #31734
Bump symfony to 3.4.8 and other pending minor bumps - #31221
Bump karma from 2.0.0 to 2.0.2 in /build - #31253
Bump karma-jasmine from 1.1.1 to 1.1.2 in /build - #31378
Bump karma-coverage from 1.1.1 to 1.1.2 in /build - #31380
Bump zendframework/zend-inputfilter from 2.8.1 to 2.8.2 - #31431
Bump icewind/smb from 1.1.0 to 3.0.0 in /apps/files_external/3rdparty - #31521
Bump symfony 3.4.9 to 3.4.11 - #31571
Update jsdoc requirement to ~3.5.5 - #30036
Removed example theme which now lives in the theme-example repository - #31447
A user who is a member of multiple groups is now excluded from sharing if at least one of their group is configured for exclusion - #31737#31822
Changed back default minimum search characters to 2 for share autocomplete due to confusion - #31729
Files app UI now uses new versions API through the "meta" DAV endpoint - #29607
Removed
Removed old private ajax API for previews, deprecated by DAV endpoint support - #30254
Bookmarks certificate was removed - #31878
Fixed
Adjustments for the notifications messages of the sharing apps - #31947
Disable jquery globalEval - #31972
Work around Edge browser memory leak in web UI chunked upload - #31884
Don't fail if ISqlMigration doesn't return anything - #31779
Fixed restoring of versions for single file shares - #31681
Group admins are not able to create groups any more using provisioning API - #31738
Fix Oracle for queries using ILIKE operator - #31466
Improve user-sync command help description - #31691
Fix deletion and restoration of files in trashbin in some partial selection scenarios - #31700
Do not load the code of disabled theme apps - #31478
Fix encrypt-all and decrypt-all commands to keep shares when encrypting - #31600#31590
Proceed with encrypt-all command by enabling user-keys if no mode is selected by user - #31612
Validate maximum length of a username - #31664
Save timezone as given during login - #31493
Fix checksum computation to not apply on read-write streams to avoid potential mismatch results - #31619
Exclude uploads directory from read-only cache mask, fixes guest app chunked uploads - #31596
Properly normalize paths for event, no &$magic needed - #31689
Use the correct user id in login related Symfony events - #31605
Fix public link dialog issue when collaborative tags app is disabled - #31581
Fix updating public link share in transfer ownership command - #31176#31953
Do not set the password again if it hasn't changed - #31370
Use correct l10n to translate 'password was changed' email - #31553
Improve text in settings/personal App Password - #31539
Fix default language code example - #31448
Fix double slash in versioning file copy events - #31452
Split public password enforced capabilities based on a config - #31499
Fix bogus exceptions related to missing DAV nodes after deletion - #31479
Fix enabling of users by group admins in the web UI - #31489
Fix AccountMapper to return an object or throw an exception - #31445
Proper handling of exceptions in UserManager - #31446
Properly cache non-existing user in UserManager - #31446
Update verify checksums console output to flow more naturally - #31449
Subadmin shouldn't be able to add users to their groups via API - #31337
Catch duplicate inserts in token table - #31460#31794#32041
Fix overflowing public share names in the share panel - #31369
Fix occ user:sync to sync quota from preferences after upgrade if backend provided no quota - #31360
Fix for Redis dev editions - #31282
Fix mail debug message recipient field - #31227
Prevent infinite loop in case of error in "log" event handler - #31247
Fix HTTP status code when uploading virus-infected files - #31260
Add back robots.txt in the release - #31248
- lib: Tweak nghttp2_session_set_stream_user_data
- lib: Fix handling of SETTINGS_MAX_CONCURRENT_STREAMS.
- lib: Implement ORIGIN frame
- asio: support definition of local endpoint for cleartext client
session
- integration: Remove remaining SPDY code from the integration tests.
- nghttpx: Fix worker process crash with neverbleed write error
- nghttpx: Support per-backend mruby script
- nghttpx: Fix stream reset if data from client is arrived before dconn
is attached
2.1.1:
Bugfixes
Fixed a race condition in QuerySet.update_or_create() that could result in data loss
Fixed a regression where QueryDict.urlencode() crashed if the dictionary contains a non-string value
Fixed a regression in Django 2.0 where using manage.py test --keepdb fails on PostgreSQL if the database exists and the user doesn’t have permission to create databases
Fixed a regression in Django 2.0 where combining Q objects with __in lookups and lists crashed
Fixed translation failure of DurationField’s “overflow” error message
Fixed a regression where the admin change form crashed if the user doesn’t have the ‘add’ permission to a model that uses TabularInline
Fixed a regression where a related_query_name reverse accessor wasn’t set up when a GenericRelation is declared on an abstract base model
Fixed the test client’s JSON serialization of a request data dictionary for structured content type suffixes
Made the admin change view redirect to the changelist view after a POST if the user has the ‘view’ permission
Fixed admin change view crash for view-only users if the form has an extra form field
Fixed a regression in Django 2.0.5 where QuerySet.values() or values_list() after combining querysets with extra() with union(), difference(), or intersection() crashed due to mismatching columns
Fixed crash if InlineModelAdmin.has_add_permission() doesn’t accept the obj argument
v18.0.0
* Drop support for Python 2.7. CherryPy 17 will
remain an LTS release for bug and security fixes.
* Drop support for Python 3.4.
v17.4.0
* When setting Response Body, reject Unicode
values, making behavior on Python 2 same as on Python 3.
* Other inconsequential refactorings.
v6.5.1:
Improve UNIX socket fs access mode in :py:meth:cheroot.server.HTTPServer.prepare on a file socket when starting to listen to it.
v6.5.0
Add support for validating client certificates.
7.94 2018-08-27
- Added EXPERIMENTAL content_type and file_type methods to Mojolicious::Types.
- Fixed a bug where the reply->file helper would not try to set a Content-Type
header.
- Fixed a bug where the render method in Mojolicious::Controller would not
always use Mojolicious::Types to find the correct Content-Type value.
2.24 Thu Aug 30 03:23:03 CEST 2018
- bring cookie management more in line with RFC 6265; implement idn
matching for cookie domains.
- update cookie_jar version to 2, invalidate existing cookie jars.
- preserve original cookie domain attribute.
- also expire old cookie jars in cookie parser, just in case.
- further improve relative redirection code.
- comment out code that tried to detect possible bugs with persistent
connection caching, but since it never triggered, it's probably
working fine :)
- do not call on_body callback on a response that AE::HTTP will recurse
on internally (reported by Антон Онуфриев and Ruslan Zakirov).
Changes:
3.8
---
NetSurf 3.8 features some page layout improvements, stability and
security improvements, and some minor additional features. We
recommend all users upgrade to NetSurf 3.8.
What's new in Tornado 5.1
Deprecation notice
- Tornado 6.0 will drop support for Python 2.7 and 3.4. The minimum
supported Python version will be 3.5.2.
- The tornado.stack_context module is deprecated and will be removed
in Tornado 6.0. The reason for this is that it is not feasible to
provide this module's semantics in the presence of async def
native coroutines. .ExceptionStackContext is mainly obsolete
thanks to coroutines. .StackContext lacks a direct replacement
although the new contextvars package (in the Python standard
library beginning in Python 3.7) may be an alternative.
- Callback-oriented code often relies on .ExceptionStackContext to
handle errors and prevent leaked connections. In order to avoid the
risk of silently introducing subtle leaks (and to consolidate all of
Tornado's interfaces behind the coroutine pattern), callback
arguments throughout the package are deprecated and will be removed
in version 6.0. All functions that had a callback argument
removed now return a .Future which should be used instead.
- Where possible, deprecation warnings are emitted when any of these
deprecated interfaces is used. However, Python does not display
deprecation warnings by default. To prepare your application for
Tornado 6.0, run Python with the -Wd argument or set the
environment variable PYTHONWARNINGS to d. If your
application runs on Python 3 without deprecation warnings, it should
be able to move to Tornado 6.0 without disruption.
tornado.auth
- .OAuthMixin._oauth_get_user_future may now be a native coroutine.
- All callback arguments in this package are deprecated and will
be removed in 6.0. Use the coroutine interfaces instead.
- The OAuthMixin._oauth_get_user method is deprecated and will be removed in
6.0. Override ~.OAuthMixin._oauth_get_user_future instead.
tornado.autoreload
- The command-line autoreload wrapper is now preserved if an internal
autoreload fires.
- The command-line wrapper no longer starts duplicated processes on windows
when combined with internal autoreload.
tornado.concurrent
- .run_on_executor now returns .Future objects that are compatible
with await.
- The callback argument to .run_on_executor is deprecated and will
be removed in 6.0.
- .return_future is deprecated and will be removed in 6.0.
tornado.gen
- Some older portions of this module are deprecated and will be removed
in 6.0. This includes .engine, .YieldPoint, .Callback,
.Wait, .WaitAll, .MultiYieldPoint, and .Task.
- Functions decorated with @gen.coroutine will no longer accept
callback arguments in 6.0.
tornado.httpclient
- The behavior of raise_error=False is changing in 6.0. Currently
it suppresses all errors; in 6.0 it will only suppress the errors
raised due to completed responses with non-200 status codes.
- The callback argument to .AsyncHTTPClient.fetch is deprecated
and will be removed in 6.0.
- tornado.httpclient.HTTPError has been renamed to
.HTTPClientError to avoid ambiguity in code that also has to deal
with tornado.web.HTTPError. The old name remains as an alias.
- tornado.curl_httpclient now supports non-ASCII characters in
username and password arguments.
- .HTTPResponse.request_time now behaves consistently across
simple_httpclient and curl_httpclient, excluding time spent
in the max_clients queue in both cases (previously this time was
included in simple_httpclient but excluded in
curl_httpclient). In both cases the time is now computed using
a monotonic clock where available.
- .HTTPResponse now has a start_time attribute recording a
wall-clock (time.time) timestamp at which the request started
(after leaving the max_clients queue if applicable).
tornado.httputil
- .parse_multipart_form_data now recognizes non-ASCII filenames in
RFC 2231/5987 (filename*=) format.
- .HTTPServerRequest.write is deprecated and will be removed in 6.0. Use
the methods of request.connection instead.
- Malformed HTTP headers are now logged less noisily.
tornado.ioloop
- .PeriodicCallback now supports a jitter argument to randomly
vary the timeout.
- .IOLoop.set_blocking_signal_threshold,
~.IOLoop.set_blocking_log_threshold, ~.IOLoop.log_stack,
and .IOLoop.handle_callback_exception are deprecated and will
be removed in 6.0.
- Fixed a KeyError in .IOLoop.close when .IOLoop objects are
being opened and closed in multiple threads.
tornado.iostream
- All callback arguments in this module are deprecated except for
.BaseIOStream.set_close_callback. They will be removed in 6.0.
- streaming_callback arguments to .BaseIOStream.read_bytes and
.BaseIOStream.read_until_close are deprecated and will be removed
in 6.0.
tornado.netutil
- Improved compatibility with GNU Hurd.
tornado.options
- tornado.options.parse_config_file now allows setting options to
strings (which will be parsed the same way as
tornado.options.parse_command_line) in addition to the specified
type for the option.
tornado.platform.twisted
- .TornadoReactor and .TwistedIOLoop are deprecated and will be
removed in 6.0. Instead, Tornado will always use the asyncio event loop
and twisted can be configured to do so as well.
tornado.stack_context
- The tornado.stack_context module is deprecated and will be removed
in 6.0.
tornado.testing
- .AsyncHTTPTestCase.fetch now takes a raise_error argument.
This argument has the same semantics as .AsyncHTTPClient.fetch,
but defaults to false because tests often need to deal with non-200
responses (and for backwards-compatibility).
- The .AsyncTestCase.stop and .AsyncTestCase.wait methods are
deprecated.
tornado.web
- New method .RequestHandler.detach can be used from methods
that are not decorated with @asynchronous (the decorator
was required to use self.request.connection.detach().
- .RequestHandler.finish and .RequestHandler.render now return
Futures that can be used to wait for the last part of the
response to be sent to the client.
- .FallbackHandler now calls on_finish for the benefit of
subclasses that may have overridden it.
- The .asynchronous decorator is deprecated and will be removed in 6.0.
- The callback argument to .RequestHandler.flush is deprecated
and will be removed in 6.0.
tornado.websocket
- When compression is enabled, memory limits now apply to the
post-decompression size of the data, protecting against DoS attacks.
- .websocket_connect now supports subprotocols.
- .WebSocketHandler and .WebSocketClientConnection now have
selected_subprotocol attributes to see the subprotocol in use.
- The .WebSocketHandler.select_subprotocol method is now called with
an empty list instead of a list containing an empty string if no
subprotocols were requested by the client.
- .WebSocketHandler.open may now be a coroutine.
- The data argument to .WebSocketHandler.ping is now optional.
- Client-side websocket connections no longer buffer more than one
message in memory at a time.
- Exception logging now uses .RequestHandler.log_exception.
tornado.wsgi
- .WSGIApplication and .WSGIAdapter are deprecated and will be removed
in Tornado 6.0.
Version 2.5.2
Fix tornado 4.5+ not closing connection
Add ignore dirs
Fix bugs
Version 2.5.1
Fix Content-Type detection
Ensure current version of pyinotify is installed before using
Version 2.5.0
wait parameter can be float via Todd Wolfson
Option to disable liveCSS via Yunchi Luo
Django management command via Marc-Stefan Cassola
Changes with nginx 1.15.3:
*) Feature: now TLSv1.3 can be used with BoringSSL.
*) Feature: the "ssl_early_data" directive, currently available with
BoringSSL.
*) Feature: the "keepalive_timeout" and "keepalive_requests" directives
in the "upstream" block.
*) Bugfix: the ngx_http_dav_module did not truncate destination file
when copying a file over an existing one with the COPY method.
*) Bugfix: the ngx_http_dav_module used zero access rights on the
destination file and did not preserve file modification time when
moving a file between different file systems with the MOVE method.
*) Bugfix: the ngx_http_dav_module used default access rights when
copying a file with the COPY method.
*) Workaround: some clients might not work when using HTTP/2; the bug
had appeared in 1.13.5.
*) Bugfix: nginx could not be built with LibreSSL 2.8.0.
3.4.2:
Bugfixes
- Changed dependency for pathlib to pathlib2.
- Fixed code for inserting the project to sys.path with pathlib to use an absolute path, regression in 3.4.0
Nghttp2 v1.32.1:
nghttp2_session_set_stream_user_data now works for a stream which is not created yet, but the request which creates the stream is queued.
2.1.2
Changes:
Fix: AutoSlugField, fix check on list or tuple type
2.1.1
Removed support for Django versions before 1.11
Changes:
Fix: foreignkey_searchinput, remove unnecessary img tag
Fix: sqldiff, fix deprecated get_indexes call
Fix: AutoSlugField, check that any non-callable value passed to populate_from is a string type
Fix: tests, fix ChangingDirectoryTests: cd back in tearDown
Fix: show_template_tags, should handle AppConfig class in INSTALLED applications
Improvement: runserver_plus, reduce reraise pollution in traceback page
Improvement: dumpscript, prevent many2many field with custom intermediate models to be added directly on the parent model
Docs: fix typos
3.4.0:
Features
Add type hints
Add raise_for_status request parameter
Add type hints to HTTP client
Minor server optimizations
Preserve the cause when HTTPException is raised from another exception.
Add close_boundary option in MultipartWriter.write method. Support streaming
Added a remove_slash option to the normalize_path_middleware factory.
The class AbstractRouteDef is importable from aiohttp.web.
Bugfixes
Prevent double closing when client connection is released before the last data_received() callback.
Make redirect with normalize_path_middleware work when using url encoded paths.
Postpone web task creation to connection establishment.
Fix sock_read timeout.
When using a server-request body as the data= argument of a client request, iterate over the content with readany instead of readline to avoid Line too long errors.
fix UrlDispatcher has no attribute add_options, add web.options
correct filename in content-disposition with multipart body
Many HTTP proxies has buggy keepalive support. Let's not reuse connection but close it after processing every response.
raise 413 "Payload Too Large" rather than raising ValueError in request.post() Add helpful debug message to 413 responses
Fix StreamResponse equality, now that they are MutableMapping objects.
Fix server request objects comparison
Do not hang on 206 Partial Content response with Content-Encoding: gzip
Fix timeout precondition checkers
Improved Documentation
Add a new FAQ entry that clarifies that you should not reuse response objects in middleware functions.
Add FAQ section "Why is creating a ClientSession outside of an event loop dangerous?"
Fix link to Rambler
Fix TCPSite documentation on the Server Reference page.
Fix documentation build configuration file for Windows.
Remove no longer existing lingering_timeout parameter of Application.make_handler from documentation.
Mention that app.make_handler is deprecated, recommend to use runners API instead.
Deprecations and Removals
Drop loop.current_task() from helpers.current_task()
Drop reader parameter from request.multipart().
Enhancements:
- removed DynScale flag and support
- removed support for multi-line headers (both input and output)
Bug fixes:
- fixed potential request smuggling via fudged headers
The update from 1.2.37 works around an Apache cstratup crash on NetBSD 8.0
This has first been committed to pkgsrc-2018Q2 by mistake. Here is it on
HEAD now after a pkgsrc-2018Q2 change rollback;
Complete Changelog
1.2.43
61733: LB: Propagate load factor changes applied by the status worker to a load balancer sub worker correctly to all processes. Based on a patch provided by Jonathan Oddy. (rjung)
fix ISAPI: Align the make files for 32-bit and 64-bit builds. (markt)
update Update config.guess and config.sub from http://git.savannah.gnu.org/cgit/config.git. (rjung)
update Update PCRE bundled with the ISAPI redirector to 8.41. (rjung)
fix Update the ISAPI redirector installation documentation to reflect the currently supported versions of Windows. (markt)
fix Align the normalization performed by the ISAPI redirector with that implemented by Tomcat. (markt)
1.2.42
fix Status: Fix displayed number of bytes read from and written to the backend when an AJP worker is used without a load balancer worker. (rjung)
fix Apache: Don't try to read remaining request body parts during clean up if reading the request body from the client already failed during earlier processing phases. (rjung)
fix 57485: Apache: Propagate errors reading the request body from the client to mod_jk so Tomcat sees an error rather than a truncated body. (markt)
fix 57836: ISAPI: Empty REMOTE_USER should not be translated to "". (rjung)
fix 58249: Add a note the the documentation that max_packet_size will be aligned to the next multiple of 1024 if a value is specified that is not a multiple of 1024. (markt)
update 58309: ISAPI: Update bundled pcre from version 5.0 to 8.38. (rjung)
fix 58286: Fix crash in mod_jk and in the ISAPI Redirector. The crash only happens on Windows when retrieving the jk-status for the HTML format (which is the default format). This regression was
introduced by the fix to 54177. (rjung)
fix 58285: Don't use GCC atomics on platforms, for which GCC doesn't provide an atomics implementation. This regression was introduced by the fix to 44454 and 56703. (rjung)
fix 58425: Fix regression in 1.4.41 that prevented AJP 1.2 workers from initialising. Note that the AJP 1.2 protocol is deprecated. Patch provided by yagisita. (markt)
fix 58504: If a background thread is used to perform worker maintenance, ensure that maintenance runs are not skipped. Patch provided by Hiroto Shimizu. (markt)
fix 58608: ISAPI: Add a new registry option "flush_packets" that allows the flushing behaviour of IIS7+ to be controlled. The default is not to flush. Setting the option to "true" with cause IIS
to write data to the client as each AJP packet is received. (markt)
fix 58813: ISAPI: Correctly release a mutex allowing the plugin to complete initialization. Prior to this fix, the incomplete initialization was causing a hang on shutdown. Patch provided by
Matthew Reiter. (markt)
fix 58895: Correct an off-by-one error in the log messages for the number of attempts made to communicate with the backend server. Patch provided by Hiroto Shimizu. (markt)
fix 59164: Fix crash on first connection if a host name is specified for the worker that cannot be resolved to an IP address. (markt)
fix 59184: HTTPD: Avoid segmentation fault if mod_jk is configured with an invalid value for JkShmFile. This causes the server startup to fail. (markt)
fix Minor code clean-up and optimization. (markt)
1.2.40
fix AJP, LB: Reduce lock contention during maintenance function. This was observable when using a big number of AJP13 and LB workers, especially in combination with the Apache httpd prefork MPM.
(rjung)
fix 57060: Allow building from outside of source tree. Patch contributed by Petr Sumbera. (rjung)
fix 56703: Status: Fix inflated counter for current number of backend connections especially when a connection timeout occurred on the backend. (rjung)
fix 56661: Fix Servlet API getLocalAddr(). Works for Tomcat 6.0.42, 7.0.55 and 8.0.11 and Apache and ISAPI plugins. (rjung)
update Status: Log old and new values when changing worker attributes. (rjung)
fix 56667: Status: Fix log message when changing activation state of all members. (rjung)
fix 56565: Fix IPV6 address resolve on non-dual network stacks. (mturk)
fix 50511: Reduce log level for "OPTIONS *" requests from warning to debug. (rjung)
fix Apache: Copy log notes instead of using references to prevent access to memory from closed pool. (rjung)
add Add option to control handling of multiple adjacent slashes in mount and unmount. New default is collapsing the slashes only in unmount. Configuration is done via new JkOption for Apache
("CollapseSlashesAll", "CollapseSlashesNone" or "CollapseSlashesUnmount") and via property "collapse_slashes" for IIS (values "all", "none", "unmount"). This is the fix for CVE-2014-8111. (rjung)
add Add more checks for shared memory allocation. (rjung)
add 56869: Status: Add maximum number of open backend connections to status worker. Patch contributed by Martin Knoblauch. (rjung)
add 56770: AJP: Add worker name to all log messages. Patch contributed by Martin Knoblauch. (rjung)
fix 50186: Docs: Clarify relation between "connection_pool_timeout" and "keepAliveTimeout" or "connectionTimeout" in the Tomcat AJP connector configuration. (rjung)
fix 52334: LB: Calculate worker recovery time based on last recovery attempt time instead of original error time after the first recovery attempt. (rjung)
fix 54596 part 1: IIS: Fix missing last character when parsing relative file names with no ".." directory components from configuration. (rjung)
fix 54596 part 2: IIS: Fix using relative file names in config with ".." path segments that go up the directory hierarchy higher than the starting point of the relative file name. (rjung)
fix Status: Add logging if status worker output was dropped due to insufficient buffer size. (rjung)
fix Reduce log buffer from 8KB to 1KB. Add logging in case of failed logging and add trailing "..." to lines which were likely truncated. (rjung)
update Replace fixed allocation of 32 entries for fail_on_status by dynamic allocation. (rjung)
add Enforce implementation restriction on maximal length "60" of worker attributes "name", "host", "route", "domain", "redirect", "session_cookie", "session_path" and "set_session_cookie". Checks
were added to configuration file processing and configuration updates via the status worker. (rjung)
add 52483: Apache: Add debug logging for result of JkOptions configuration processing. (rjung)
fix 54177: Status: Use numeric time stamps instead of textual ones to avoid non-well-formed XML output. Textual timestamps are formatted according to locale settings and reencoding them to UTF-8
would be cumbersome. (rjung)
fix 56618: Status: Use percent decoding when reading query string parameters. For example this fixes editing IPv6 addresses via the status worker if the client encodes ":" as "%3A". Patch
contributed by Christopher Schultz. (rjung)
fix 56452: Fix crash in debug logging for IPv6 adresses. Patch contributed by Christopher Schultz. (rjung)
fix 34526: Apache: Improve compatibility with mod_deflate request body inflation. An automatic detection of mod_deflate inflation is not implemented. Use the new Apache environment variable
JK_IGNORE_CL instead, to let mod_jk ignore an existing Content-Length request header. (rjung)
update 44454: LB: Add warning to docs about problems with "busyness" load balancing method. (rjung)
fix 44454: Improve busy counter by using atomics. (rjung)
fix 56703: Status: Improve connected counter. Use atomics and for mod_jk (Apache) currectly count down connections closed by child processes that are stopped. (rjung)
fix 44571: Ensure that we return with status 503 if we can not get and endpoint for a worker. (rjung)
fix Apache: Improve log handling during graceful or normal restart. (rjung)
fix Don't update last access time of worker connections during optional checking of idle connections using CPing. Updating the time stamp breaks closing idle connections. (rjung)
fix Adjust linger parameters used during connection shutdown. (rjung)
fix Fix annoying redefine warnings for the autoconf PACKAGE defines during configure based builds. (rjung)
fix Status: Use multi-line table headers and fix invalid xml output. (rjung)
fix 44571: Implement an optional limit on concurrent requests allowed for a worker (attribute "busy_limit"). Original patch contributed by zealot0630 at gmail dot com. (rjung)
fix Correct log message "all endpoints are disconnected" to "no usable connection found, will create a new one". Tone done from info log level to debug for the common case. (rjung)
add 57536: AJP: Allow to configure connection source address. This should only be used on multi-homed hosts. The feature is experimental. (rjung)
add 57540: AJP: Forward name of SSL protocol used for handling the request (SSLv3, TLSv1, TLSv1.1, TLSv1.2). (rjung)
1.2.39
Fix forwarding of chunked requests, which is broken in version 1.2.39. (rjung)
fix 56352: Fix regression in memory release. (mturk)
fix Fix status worker display of worker IP address after name or port was changed. (rjung)
update 56297: Improve key hash function. Copied from APR. (rjung)
fix 55683: Remove quotes from quoted session cookies. (rjung)
fix 53542: ISAPI: Fix grammar in 503 error page. (rjung)
fix 55696: Crash on Mac OS X 10.9 during config parsing. (rjung)
1.2.38
update Deprecate nt_service from Apache Tomcat Connectors. (mturk)
fix 56133: Fix possible crash when a request fails during request body transfer to the back end and reply_timeout was set. Patch contributed by Hiroto Shimizu. (rjung)
fix Fix status worker not updating parameters for all members. (mturk)
fix 55853: HTTPD: Use the correct API for setting Content-Length. Patch contributed by areese yahoo-inc.com. (rjung)
add Add IPV6 support for connection to webserver. New directive prefer_ipv6 has been added to control the hostname resolution and preserve backward compatibility. (mturk)
add Add --disable-sock-cloexec to configure to disable use of SOCK_CLOEXEC (using FD_CLOEXEC + fnctl instead) so built modules will work with Linux kernels prior to 2.6.27. (timw)
update Clean up config file parsing. Worker names are now restricted to 60 bytes. (rjung)
update Allow to set a stickyness cookie in case a web framework breaks Tomcat's adding of the routing ID to the end of the JSESSIONID cookie. (rjung)
update Use max_packet_size also for request body forwarding. (rjung)
update Apache 2.4: By default forward logical client address as provided by mod_remoteip. When setting JkOptions ForwardPhysicalAddress mod_jk will instead forward the physical peer address. (rjung)
update Minor documentation improvements. (rjung)
Version 2.0.1:
Enable testing with Django 2.1
Add test for Model.objects.get_or_create().
Add test for objects.exclude().
Fix Instance of 'Model' has no 'id' member (no-member), fix Class 'UserCreationForm' has no 'declared_fields' member.
Fix for Instance of 'ManyToManyField' has no 'add' member.
Add test & fix for unused arguments on class based views
Changes with nginx 1.15.2:
*) Feature: the $ssl_preread_protocol variable in the
ngx_stream_ssl_preread_module.
*) Feature: now when using the "reset_timedout_connection" directive
nginx will reset connections being closed with the 444 code.
*) Change: a logging level of the "http request", "https proxy request",
"unsupported protocol", and "version too low" SSL errors has been
lowered from "crit" to "info".
*) Bugfix: DNS requests were not resent if initial sending of a request
failed.
*) Bugfix: the "reuseport" parameter of the "listen" directive was
ignored if the number of worker processes was specified after the
"listen" directive.
*) Bugfix: when using OpenSSL 1.1.0 or newer it was not possible to
switch off "ssl_prefer_server_ciphers" in a virtual server if it was
switched on in the default server.
*) Bugfix: SSL session reuse with upstream servers did not work with the
TLS 1.3 protocol.
Changes with nginx 1.15.1:
*) Feature: the "random" directive inside the "upstream" block.
*) Feature: improved performance when using the "hash" and "ip_hash"
directives with the "zone" directive.
*) Feature: the "reuseport" parameter of the "listen" directive now uses
SO_REUSEPORT_LB on FreeBSD 12.
*) Bugfix: HTTP/2 server push did not work if SSL was terminated by a
proxy server in front of nginx.
*) Bugfix: the "tcp_nopush" directive was always used on backend
connections.
*) Bugfix: sending a disk-buffered request body to a gRPC backend might
fail.
Changes with nginx 1.15.0:
*) Change: the "ssl" directive is deprecated; the "ssl" parameter of the
"listen" directive should be used instead.
*) Change: now nginx detects missing SSL certificates during
configuration testing when using the "ssl" parameter of the "listen"
directive.
*) Feature: now the stream module can handle multiple incoming UDP
datagrams from a client within a single session.
*) Bugfix: it was possible to specify an incorrect response code in the
"proxy_cache_valid" directive.
*) Bugfix: nginx could not be built by gcc 8.1.
*) Bugfix: logging to syslog stopped on local IP address changes.
*) Bugfix: nginx could not be built by clang with CUDA SDK installed;
the bug had appeared in 1.13.8.
*) Bugfix: "getsockopt(TCP_FASTOPEN) ... failed" messages might appear
in logs during binary upgrade when using unix domain listen sockets
on FreeBSD.
*) Bugfix: nginx could not be built on Fedora 28 Linux.
*) Bugfix: request processing rate might exceed configured rate when
using the "limit_req" directive.
*) Bugfix: in handling of client addresses when using unix domain listen
sockets to work with datagrams on Linux.
*) Bugfix: in memory allocation error handling.
7.93 2018-08-11
- Improved Test::Mojo to accept Mojo::File objects pointing to application
scripts and to override configurations more consistently.
7.92 2018-08-09
- This release reverts the addition of stream classes (added in 7.83), which
have unfortunately resulted in many Mojolicious applications becoming
unstable. While there are no known exploits yet, we've chosen to err on the
side of cautiousness and will classify this as a security issue.
7.91 2018-08-09
- Fixed a bug in Mojo::IOLoop::Stream where is_readable could not be called
after a timeout event.
7.90 2018-08-08
- Deprecated expect_close attribute in Mojo::Content.
- Removed deprecated delay helper from Mojolicious::Plugin::DefaultHelpers.
- Changed error message for destroyed transactions from
"Connection already closed" to "Transaction already destroyed".
- Fixed a race condition in Mojo::UserAgent where closing connections could
sometimes end up being reused.
- Fixed an RFC 7230 compliance problem where HTTP/1.1 responses were sometimes
incomplete.
7.89 2018-08-06
- Mojolicious has a new logo!
7.88 2018-07-11
- Added EXPERIMENTAL bytes_read, bytes_written and transition methods to
Mojo::IOLoop::Stream.
- Added transition event to Mojo::IOLoop::Stream.
- Improved default request ids generated by Mojo::Message::Request to be a
little more unique.
- Fixed a bug where prefork tests would fail if a prefork server was already
running.
7.87 2018-07-04
- Added optional support for Cpanel::JSON::XS to Mojo::JSON for much better
JSON encoding and decoding performance. That also means Mojo::JSON can no
longer encode the two Unicode whitespace characters u2028 and u2029, since
this is unsupported by Cpanel::JSON::XS.
- Improved Mojo::JSON to encode unknown reference types to "null",
consistently with Cpanel::JSON::XS.
7.86 2018-07-02
- Added template attribute to Mojolicious::Command.
- Added spawn event to Mojo::IOLoop::Subprocess.
- Improved Mojo::IOLoop::Subprocess to only fork new processes after the event
loop has been started.
Use TEST_DEPENDS.
0.000039 2018-08-01 19:40:39Z
- (temporarily?) skip XML parsing test under newer versions of Data::Printer
0.000038 2018-07-28 02:39:17Z
- Add support for HTTP::CookieJar
Use TEST_DEPENDS.
0.076 2018-08-05 21:07:38-04:00 America/New_York
- No changes from 0.075-TRIAL.
0.075 2018-08-01 07:03:36-04:00 America/New_York (TRIAL RELEASE)
[CHANGED]
- The 'peer' option now also can take a code reference
0.074 2018-07-30 15:35:44-04:00 America/New_York
- No changes from 0.073-TRIAL.
0.073 2018-07-24 11:33:53-04:00 America/New_York (TRIAL RELEASE)
0.071 never made it to CPAN; skipping to 0.073
[DOCS]
- Documented 'protocol' field in response hash.
0.071 2018-04-22 14:45:43+02:00 Europe/Oslo (TRIAL RELEASE)
[DOCS]
- Documented that method argument to request() is case-sensitive.
[INTERNAL]
- Minor regex cleanup
- Updated .travis.yml for recent Perls
4.40 2018-08-15
[ FIX / TESTING ]
- support perls < 5.10.1 in Makefile.PL by being more dynamic
(GH #229, GH #230, thanks to Aristotle)
4.39 2018-08-13
[ FIX / TESTING ]
- specify CONFIGURE_REQUIRES in Makefile.PL so can use TEST_REQUIRES
to build with older perls (GH #228)
==================
WebKitGTK+ 2.20.5
==================
What's new in WebKitGTK+ 2.20.5?
- Fix rendering artifacts in some web sites due to a bug introduced in 2.20.4.
2.1.3:
* An ALLOWED_ORIGINS value of "*" will now also allow requests without a Host
header at all (especially important for tests)
* The request.path value is now correct in cases when a server has SCRIPT_NAME
set
* Errors that happen inside channel listeners inside a runworker or Worker
class are now raised rather than suppressed
2.2.2:
* X-Forwarded-Proto support is now present and enabled if you turn on the
--proxy-headers flag
* ASGI applications are no longer instantiated in a thread (the ASGI spec
was finalised to say all constructors must be non-blocking on the main thread)
2.2.1:
* Python 3.7 compatability is flagged and ensured by using Twisted 18.7 and
above as a dependency.
* The send() awaitable in applications no longer blocks if the connection is
closed.
* Fixed a race condition where applications would be cleaned up before they
had even started.
18.8.1:
fix: Python 3.7 compatibility
fix: remove Python 2.6 support leftovers
new: getting started docker-based examples in matching with docs
18.7.1:
new: Python 3.7 supported and integrated into CI
new: WAMP-SCRAM examples
fix: glitches in WAMP-SCRAM
v17.3.0
* Rely on zc.lockfile for session concurrency support.
v17.2.0
* Prevent orphaned Event object in cached 304 response.
v17.1.0
* Add support for accepting uploaded files with non-ascii filenames per RFC 5987.
3.4.1:
Unknown changes
3.4.0:
Features
Added new fixture django_assert_max_num_queries.
Added support for connection and returning the wrapped context manager with django_assert_num_queries.
Added support for resetting sequences via django_db_reset_sequences.
Bugfixes
Made sure to not call django.setup() multiple times.
Compatibility
Removed py dependency, use pathlib instead
Version 1.10.2:
User-visible changes:
- Client-side bugfixes:
* Correctly claim to offer Gnome Keyring support with libsecret
* Fix segfault using Gnome Keyring with libsecret
* Fix JavaHL local refs capacity warning when unparsing externals
* Since on Windows Subversion does not handle symlinks, never check for reparse points
* Prune externals after 'update --set-depth=exclude'
* Fix issue 4740, "conflict resolver searches too far back ..."
- Server-side bugfixes:
* Fix regression issue 4741: authz group refers to multiple groups
Developer-visible changes:
- General:
* Regression test and FSFS checksum test, part of issue 4722
* Explicit error on configure --without-lz4 or --without-utf8proc
* configure.ac: Fix regression relating to path to 'rdoc'
* Ensure consistent use of $PYTHON during build and test
* Fix libsvn_auth_gnome_keyring.pc when built using libsecret
- Bindings:
* Fix regression in use of pre-generated Swig bindings in release builds
Version 1.10.0:
User-visible changes:
- Major new features:
* Better interactive conflict resolution for tree conflicts
* Wilcards and improved performance in path-based authorization
* New experimental 'svn shelve' command
- Minor new features and improvements:
* svnbench: Show time taken & bytes transferred
* New 'svnadmin dump' options to include/exclude paths
* New '--normalize-props' option for 'svnadmin dump'
* New 'svnadmin 'load-revprops', 'dump-revprops' subcommands
* New '--no-flush-to-disk' option for 'svnadmin load'
* New '--file' option for several svnadmin subcommands
* New '--max-request-size', '--max-response-size' options for svnserve
* New '-rN' option for 'svnadmin lstxns'
* New '--search' option for fast 'svn ls' searches
* Add '--search' option support to 'svnbench null-list'
* New '-M' option for 'svnlook tree'
* New '--skip-unchanged' option for 'svnsync copy-revprops'
* 'svn log --search' now ignores case and diacriticals
* Improved performance of server-side log processing
* diff3: Reduce processing time and memory usage
* ra_serf: Adjustments for serf versions with HTTP/2 support
* ra_serf: Send svndiff1 deltas during commit
* ra_serf: Stream svndiff deltas w/o creating temporary files
* ra_serf: Don't necessarily request full MERGE reponses
* 'svn patch': Parse binary diffs in git-style patches
* 'svnadmin info' now reports latest revision in the repository
* ra_svn: Various performance-related tweaks
* Optimize svndiff parser
* 'svn status' without -v: Stop showing uninteresting deletions
* Save a few cycles in svn_stringbuf_set()
* windows: Use the Unicode Windows API
* windows: Distinguish out-of-memory error from abort()
* windows: Explicitly release file locks
* windows: Correctly check result from LoadLibrary() call
* Remove Windows-specific slowdown during pristine cleanup
* FSFS: Optionally cache node properties without full-text cache
* FSFS: Open transaction's proto revision in write-only mode
* FSFS: Avoid checksum calculations if logical addressing is used
* FSFS: Do not read very long change lists in block read mode
* FSFS: Avoid double DAG lookup
* FSFS: Avoid double cache lookups
* FSFS: Increase default revprop pack size from 4k to 16k
* FSFS: Speed up revprop access
* FSFS: Disable representation sharing for directories
* FSFS: Speed up transaction processing for large directories
* FSFS: Tune format 7 pack ordering heuristics
* FSFS: Reduce I/O overhead during history traversal
* FSFS: Use native Windows API to guarantee data is flushed
* FSFS: Warn if a possible rep-cache SHA1 collision is detected
* FSFS: Optimize revprop cache filling strategy under high load
* FSFS: New "verify-before-commit" fsfs.conf option
* FSFS: New format 8 with various performance improvements
* FSFS/FSX: Chunked read support for changed paths lists
* FSFS/FSX: Improvements to cache implementation
* FSX: Add checksums to packed revprop manifests and files
* FSX: Significantly reduce size of packed revprop manifest data
* FSX: Improved on-disk representation of property lists
* FSX: New in-repository representation of directories
* FSX: Make 'svnadmin recover' discard all transactions
* FSX: Reduce number of fsync operations
* mod_dav_svn: Improve performance and memory usage of PROPFIND
* mod_dav_svn: Show process-id on Windows in /svn-status page
* mod_dav_svn: Advertise svndiff1 support to clients
* mod_dav_svn: Remove disk I/O to TMPDIR during first commit
* svnsync: Fix assertion failure with up-to-date repositories
* ra_serf: Parallel requests for text and property changes
* svnserve: Remove disk I/O to TMPDIR during first commit
* Triple performance of URI escaping
* 'svn blame': Optimize a bit on the server side
* 'svn cleanup': Add --vacuum-pristines option
* 'svn diff --git': Show diffs of symlinks like git and hg
* 'svn patch': Capable of handling git-like symlink changes
* 'svn patch': Improve detection of additions and deletions
* 'svn patch': Handle zero-byte files vs deleted files
* 'svn diff --git': Produce 'rename from/to' headers
* 'svn diff --git': Produce proper mode headers
* 'svn lock', 'svn unlock': Take the -q option
* 'svn help': improved wording and consistency
* 'svn': Add a new '--accept recommended' option.
* 'svn': --non-interactive uses recommended tree conflict resolution
* Evaluate 'old mode' and 'new mode' lines from git-syle diffs
* svnrdump, svndumpfilter: Enable buffered stdin
* ra_serf: Receive svndiff1 and gzip compressed deltas
* svnadmin: 'lock', 'unlock', 'rmlocks': Take the -q option
* New svndiff2 binary delta format using lz4 compression
* gpg-agent: Support gpg ≥2.1.13 and unset GPG_AGENT_INFO
* Add 'http-compression=auto' client config option as default
* Speed up processing of mergeinfo
* Check for invalid 'xt' fields in x509 certs
* New '--password-from-stdin' option for 'svn'
- Client-side bugfixes:
* svnbench: Honour the '--with-no-revprops' option
* ra_serf: Fix segfault when running over HTTP v1
* ra_serf: Keep small svndiffs in memory during commit
* ra_serf: Improve error messages related to lock operations
* ra_serf: Work around a bug in serf bucket handling
* ra_serf: Fix lock token handling for file-path commits
* Raise a malfunction instead of segfaulting with corrupt wc.db
* Fix check for unversioned obstructions blocking file externals
* 'svn patch' bugfixes:
+ Fix behaviour if a reject file can't be created
+ Describe adds and removes in reject file headers
+ Detect recorded moves that are already applied
+ Detect already applied patches in edge cases
+ Fix handling of missing trailing context
+ Fix interaction of moves and property changes
+ Fix output for reordered hunks
+ Prevent from overwriting existing reject files
+ Improve handling of added properties
+ Improve handling of rejected file deletions
+ Fix --dry-run with replaced files
+ Fix applying prop changes which should conflict
+ Fix duplicate notifications when adding directories
+ Fix duplicate notifications when patching svn:executable prop
+ Fix notifications when adding/removing properties
+ Make handle already applied property patches
+ Change some notifications to 'U' instead of 'G'
+ Don't create file if git-style patch indicates modification
+ Parse any properties following svn:mergeinfo
+ Fix potential unbounded memory usage in parser
+ Fix problems with --git diffs applied in reverse
+ Fix removal of EOL if final patch context line has no EOL
* 'svn diff --git': Fix file permission modes to match git and hg
* 'svn diff --git': added/deleted filenames are never /dev/null
* Fix a problem with relocating some externals
* Fix 'svn diff URL@REV WC' wrongly looks up URL@HEAD
* Fix 'svn diff --no-diff-added' shows properties as added
* Properly raise text merge conflicts with file externals (r1680245)
* Fix 'svn diff' with local directories marked incomplete
* ra_svn/ra_serf: Make negative log limits work as documented
* ra_svn: Eliminate unnecessary URL reparenting
* ra_svn: Use svndiff2 deltas when supported on both ends
* Handle invalid revision numbers consistently across RA layers
* Handle commits to revs > HEAD consistently across RA layers
* Eliminate one client/server roundtrip from checkouts of HEAD
* Expose some error messages generated by github's SVN server
* 'svnfsfs stats': Show average lengths of delta chains
* svnmucc: Fix crash during application teardown
* Fix assertion when exporting a working copy containing relative externals
- Server-side bugfixes:
* Fix checksum validation error due to data eviction from cache
* FSFS pack: Use unbuffered file streams in a couple of places
* FSFS: Reduce excessive amount of read and seek syscalls
* FSFS: Reduce memory footprint of cached directories
* FSFS: Add various checks for integer overflows
* FSFS: Detect a very unlikely case of item index corruption
* FSFS: Make handling of revprop size information more resilient
* FSFS: Don't re-parse a directory which just got committed
* FSFS: Handle some known quirks in committed node revisions
* FSFS format 7: Verify item types more thoroughly
* FSFS: Fix false positive "Not a directory" error involving file moved and
replaced by dir
* FSFS: Fix crash accessing revprops with --memory-cache-size=0
* FSFS: Fix issue 4623 for FSFS.
* mod_dav_svn: Omit Cache-Control HTTP header for HEAD URLs
* mod_dav_svn: Reduced memory consumption for DAV merge responses
* mod_dav_svn: Don't set a Last-Modified header in GET responses
* mod_dav_svn: Actually use FSFS transaction directory cache
* mod_dav_svn: Do not insert newlines in base64 encoded responses
* Fix insertion of very large items into the membuffer cache
* Fix capacity check of the membuffer cache's prefix pool
* Prevent paths containing newlines from being committed
* Fix for properties: Null updates break last-changed-revision
* 'svnfsfs stats': Fix false positive checksum errors reading old revisions
* 'svnfsfs stats': Fix support for pre-v4 FSFS repositories.
* svnadmin, svnfsfs: Detect invalid arguments to -M
* svnlook, svnserve: Detect invalid arguments to -M
* svnadmin: Output locked paths in canonical form
* svnadmin: Output locked paths correctly encoded
* svn: propdel, propset: Transcode property names on output
* svnserve: Make use-sasl=true a fatal error in SASL-less builds.
- Client-side and server-side bugfixes:
* Fix integer overflow check with >= 1G mergeinfo ranges per path
* Fix integer overflow checks on WoW64 platforms
* Fix bug with canonicalizing Window-specific drive-relative URL
* In file:// URLs, allow '\' directly after Windows drive letter
* Fix segfault with recursive configuration value definitions
* FSFS: Improve error messages when DAG lookup fails
* Transcode command-line arguments to UTF-8
* Fix segfault on x509 certificate with empty name
* Fix segfault with invalid URLs in svn:externals
* Windows: Failure to write files might remain undetected
- Other tool improvements and bugfixes:
* New svn-mergeinfo-normalizer tool
* Allow configuring mailer.py to use SMTP SSL
* svnmucc can now delete directories with deleted children
* svn-vendor.py: Minor enhancements, mostly in treating symlinks
* bash_completion: Better URL completion
* bash_completion: Complete arguments to 'svn info --show-item'
* fsfs-stats: New 1.8-compatible wrapper for 'svnfsfs stats'
* Drop support for upgrading working copies created with Subversion 1.7
We need to avoid the JIT javascript code, due to missing support,
and also the YARR_JIT code. Remove special-casing of NetBSD/sparc*,
it should still build (untested).
Bump PKGREVISION.
Upstream changes:
Drupal 8.5.6 Release notes
Maintenance and security release of the Drupal 8 series.
This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement:
Drupal Core - 3rd-party libraries -SA-CORE-2018-005
No other fixes are included.
0.6.21:
Unknown changes.
0.6.20:
Fix SortableAdminMixin to work in combination with other mixins like that from django-import-export.
Added jQuery compatibility layer for Django-2.1.
4.6.3:
* Exactly the same as 4.6.2. Re-released to make the README file
render properly on PyPI.
4.6.2:
* Fix an exception when a custom formatter was asked to format a void
element
Scrapy 1.5.1:
This is a maintenance release with important bug fixes, but no new features:
* O(N^2) gzip decompression issue which affected Python 3 and PyPy
is fixed
* skipping of TLS validation errors is improved
* Ctrl-C handling is fixed in Python 3.5+
* testing fixes
* documentation improvements
Changelog:
New
Adds support for automatically restoring your Firefox session
after Windows restarts. Currently, this feature is not enabled
by default for most users, but will be gradually enabled over
the coming weeks.
Fixed
Improved website rendering with the Retained Display List
feature enabled (Bug 1474402)
Fixed broken DevTools panels with certain extensions installed
(Bug 1474379)
Fixed a crash for users with some accessibility tools enabled
(Bug 1474007)
Changes 2.0.17.1:
Fixed memory leak in HTTPS_CLIENT_CERTIFICATE
TLSv1 is now disabled by default (you can re-enable it with ssl-enable-tlsv1 at your own risk)
Improved daemons throttle system
Add “secs” log formatting variable
Improved snprintf() usage to be OpenBSD-friendly
Improved glibc crypt/crypt_r management
Fixed websocket pong timeout check
Add the “License” classifier to setup.py
Add support for php user.ini
Official support for Python 3.7
HTTP::Tinyish is a wrapper module for HTTP client modules LWP,
HTTP::Tiny and HTTP client software curl and wget.
It provides an API compatible to HTTP::Tiny, and the implementation has
been extracted out of App::cpanminus. This module can be useful in a
restrictive environment where you need to be able to download CPAN
modules without an HTTPS support in built-in HTTP library.
v17.0.0
CherryPy now allows namespace packages for its dependencies. Environments that cannot handle namespace packgaes like py2exe will need to add such support or pin to older CherryPy versions.
v6.4.0:
Factor out parts of :py:meth:cheroot.server.HTTPServer.start into :py:meth:prepare() <cheroot.server.HTTPServer.prepare> and :py:meth:serve() <cheroot.server.HTTPServer.serve>
3.3.3:
Bug fixes
Fixed registration of ignore_template_errors() marker, which is required with pytest --strict
Fixed another regression with unittest
Docs
Use sphinx_rtf_theme
Minor fixes.
Version 2.0:
Requires pylint >= 2.0 which doesn’t support Python 2 anymore!
Add modelform-uses-unicode check to flag dangerous use of the exclude attribute in ModelForm.Meta
2.1:
Model “view” permission
django.contrib.admin
ModelAdmin.search_fields now accepts any lookup such as field__exact.
jQuery is upgraded from version 2.2.3 to 3.3.1.
The new ModelAdmin.delete_queryset() method allows customizing the deletion process of the “delete selected objects” action.
You can now override the default admin site.
The new ModelAdmin.sortable_by attribute and ModelAdmin.get_sortable_by() method allow limiting the columns that can be sorted in the change list page.
The admin_order_field attribute for elements in ModelAdmin.list_display may now be a query expression.
The new ModelAdmin.get_deleted_objects() method allows customizing the deletion process of the delete view and the “delete selected” action.
The actions.html, change_list_results.html, date_hierarchy.html, pagination.html, prepopulated_fields_js.html, search_form.html, and submit_line.html templates can now be overridden per app or per model (besides overridden globally).
The admin change list and change form object tools can now be overridden per app, per model, or globally with change_list_object_tools.html and change_form_object_tools.html templates.
InlineModelAdmin.has_add_permission() is now passed the parent object as the second positional argument, obj.
Admin actions may now specify permissions to limit their availability to certain users.
django.contrib.auth
createsuperuser now gives a prompt to allow bypassing the AUTH_PASSWORD_VALIDATORS checks.
UserCreationForm and UserChangeForm no longer need to be rewritten for a custom user model.
django.contrib.gis
The new GEOSGeometry.buffer_with_style() method is a version of buffer() that allows customizing the style of the buffer.
OpenLayersWidget is now based on OpenLayers 4.6.5 (previously 3.20.1).
django.contrib.sessions
Added the SESSION_COOKIE_SAMESITE setting to set the SameSite cookie flag on session cookies.
Cache
The local-memory cache backend now uses a least-recently-used (LRU) culling strategy rather than a pseudo-random one.
The new touch() method of the low-level cache API updates the timeout of cache keys.
CSRF
Added the CSRF_COOKIE_SAMESITE setting to set the SameSite cookie flag on CSRF cookies.
Forms
The widget for ImageField now renders with the HTML attribute accept="image/*".
Internationalization
Added the get_supported_language_variant() function.
Untranslated strings for territorial language variants now use the translations of the generic language. For example, untranslated pt_BR strings use pt translations.
Management Commands
The new inspectdb --include-views option allows creating models for database views.
The BaseCommand class now uses a custom help formatter so that the standard options like --verbosity or --settings appear last in the help output, giving a more prominent position to subclassed command’s options.
Migrations
Added support for serialization of functools.partialmethod objects.
To support frozen environments, migrations may be loaded from .pyc files.
Models
Models can now use __init_subclass__() from PEP 487.
A BinaryField may now be set to editable=True if you wish to include it in model forms.
A number of new text database functions are added: Chr, Left, LPad, LTrim, Ord, Repeat, Replace, Right, RPad, RTrim, and Trim.
The new TruncWeek function truncates DateField and DateTimeField to the Monday of a week.
Query expressions can now be negated using a minus sign.
QuerySet.order_by() and distinct(*fields) now support using field transforms.
BooleanField can now be null=True. This is encouraged instead of NullBooleanField, which will likely be deprecated in the future.
The new QuerySet.explain() method displays the database’s execution plan of a queryset’s query.
QuerySet.raw() now supports prefetch_related().
Requests and Responses
Added HttpRequest.get_full_path_info().
Added the samesite argument to HttpResponse.set_cookie() to allow setting the SameSite cookie flag.
The new as_attachment argument for FileResponse sets the Content-Disposition header to make the browser ask if the user wants to download the file. FileResponse also tries to set the Content-Type and Content-Length headers where appropriate.
Templates
The new json_script filter safely outputs a Python object as JSON, wrapped in a <script> tag, ready for use with JavaScript.
Version 0.10
Main changes:
Added StatefulBrowser.refresh() to reload the current page with the same request.
StatefulBrowser.follow_link, StatefulBrowser.submit_selected() and the new StatefulBrowser.download_link now sets the Referer: HTTP header to the page from which the link is followed.
Added method StatefulBrowser.download_link, which will download the contents of a link to a file without changing the state of the browser.
The selector argument of Browser.select_form can now be a bs4.element.Tag in addition to a CSS selector.
Browser.submit and StatefulBrowser.submit_selected accept a larger number of keyword arguments. Arguments are forwarded to requests.Session.request.
Internal changes:
StatefulBrowser.choose_submit will now ignore input elements that are missing a name-attribute instead of raising a KeyError.
Private methods Browser._build_request and Browser._prepare_request have been replaced by a single method Browser._request.
4.6.1:
* Stop data loss when encountering an empty numeric entity, and
possibly in other cases.
* Preserve XML namespaces introduced inside an XML document, not just
the ones introduced at the top level.
* Added a new formatter, "html5", which represents void elements
as "<element>" rather than "<element/>".
* Fixed a problem where the html.parser tree builder interpreted
a string like "&foo " as the character entity "&foo;"
* Correctly handle invalid HTML numeric character entities
which reference code points that are not Unicode code points. Note
that this is only fixed when Beautiful Soup is used with the
html.parser parser -- html5lib already worked and I couldn't fix it
with lxml.
* Improved the warning given when no parser is specified.
* When markup contains duplicate elements, a select() call that
includes multiple match clauses will match all relevant
elements.
* Fixed code that was causing deprecation warnings in recent Python 3
versions.
* Fixed a Windows crash in diagnose() when checking whether a long
markup string is a filename.
* Stopped HTMLParser from raising an exception in very rare cases of
bad markup.
* Fixed a bug where find_all() was not working when asked to find a
tag with a namespaced name in an XML document that was parsed as
HTML.
* You can get finer control over formatting by subclassing
bs4.element.Formatter and passing a Formatter instance into (e.g.)
encode().
* You can pass a dictionary of `attrs` into
BeautifulSoup.new_tag. This makes it possible to create a tag with
an attribute like 'name' that would otherwise be masked by another
argument of new_tag.
* Clarified the deprecation warning when accessing tag.fooTag, to cover
the possibility that you might really have been looking for a tag
called 'fooTag'.
1.11.5:
Fix CVE-2018-14574: Open redirect possibility in CommonMiddleware
If the CommonMiddleware and the APPEND_SLASH setting are both enabled, and if the project has a URL pattern that accepts any path ending in a slash (many content management systems have such a pattern), then a request to a maliciously crafted URL of that site could lead to a redirect to another site, enabling phishing and other attacks.
CommonMiddleware now escapes leading slashes to prevent redirects to other domains.
Additionally, this fixes the build.
Mark paxctl +m, I probably needed this because I locally
enabled qt-webkit's JIT.
0.9.99.1:
added importer for OPML files;
added support for abp: protocol for adding new content filtering profiles;
added ability to open selection as link if it macthes URL format;
various fixes and minor improvements for Feeds reader.
0.9.99:
initial version of Feeds Reader:
Atom and RSS 2.0 parsers;
support for categories;
ability to preview feeds before subscribing using view-feed: protocol;
added action to take page screenshot;
some minor optimizations.
0.9.98:
several enhancements in experimental backend for QtWebEngine (Blink):
initial work on global history support;
added support for alternative stylesheets;
added support for fetching lists of search engines, feeds and links;
initial work on Feeds Reader;
several bug fixes and some minor optimizations.
0.9.97:
added initial version of Tab History panel;
some minor optimizations.
0.9.96:
added initial version of Tab History panel;
some minor optimizations
0.9.95:
added initial version of toolbar widget for viewing downloads from current session;
added some new keyboard shortcuts;
some minor fixes.
0.9.94:
added new default style for Start Page by Kamil Nęcek;
added interface allowing to manage list of hosts using customized website overrides;
several bug fixes and some optimizations.
0.9.93:
added Page Information panel;
added support for external icons for User Scripts;
some minor fixes and optimizations.
0.9.92:
improved support for styling tab bar text;
added support for deleting User Scripts in Addons Manager;
restored inline URLs completion;
added action for peeking tab contents;
multiple bug fixes and stability improvements.
0.9.91:
reworked toolbars:
added support for visibility toggle button (collapsing contents);
fixed unified toolbar and titlebar style under macOS;
toolbar visibility and location is now stored per main window;
improved sidebar(s):
added ability to add new sidebars;
allow to change their location by drag and drop;
vastly improved error pages:
special error pages are now used instead of SSL warning dialogs;
blocked content triggers dedicated error pages;
improved User Agents configuration;
added support for managing multiple proxy configurations and setting them per page or host;
reworked internal actions handling system allows to specify parameters for actions trigerred by keyboard shortcuts and mouse gestures;
vastly decreased import time for large bookmark files;
added module for listing opened windows and tabs;
improved styling under Windows, Unity and macOS;
added new default icon theme by Kamil Nęcek;
item views can now allocate extra space to predefined column other than last one;
added action to set, reset or toggle an option;
global editing actions now apply to focused single and multi line text edit widgets too;
added ability to drop URLs onto bookmark bars;
spell checking is now available in other multi line text edit widgets;
added action to control multimedia playback rate;
keyboard shortcuts are now validated while editing;
added support for customizing F12 menu;
implemented "Validate Using" menu;
added support for configurable Fast Forward rules;
0.9.12:
greatly improved tab bar:
allow to detach tabs by dragging them away;
allow to drop URLs and tabs from other windows;
added option to show embedded tab thumbnails;
improved handling of visibility of close button;
tabs demanding attention are drawn using bold font;
improved RTL support;
decreased default tab padding;
tab text is no longer centered horizontally;
fixed status tip messages while rearranging tabs;
improved KDE5 and Unity integration:
added support for progress information;
added support for desktop actions;
several MacOS X specific fixes and improvements:
improved rendering of platform style;
added dock icon menu;
added support for listing applications associated with given MIME type;
added support for Windows jump list;
added fullscreen support for QtWebKit backend;
open file path is saved;
improved RTL support in address and search fields;
many other fixes and improvements.
0.9.11:
added initial support for storing passwords:
support for multiple credential sets per host;
basic passwords management;
disabled by default (no encryption yet);
added crash reporter;
added support for muting tab media;
F12 menu now exposes all modes for Images visibility (including new option to show cached images only) and Plugins;
QtWebEngine backend is now capable of saving pages in MIME HTML format and as complete set of files;
added new toolbar visibility settings for full screen mode;
added new widget for showing content blocking details;
added ability to customize progress bar;
added ability to add loading progress information widgets to any toolbar;
various improvements in handling of content blocking profiles:
added new definitions and updated existing;
added option to add custom blocking rules;
profiles are now grouped by type;
various minor fixes and improvements.
