WordPress 4.8.1 contains 29 maintenance fixes and enhancements to the 4.8 release series, chief among them are fixes to the rich Text widget and the introduction of the Custom HTML widget.
Administration
* #40982 - Permalink Settings: custom structure field keyboard trap
Build/Test Tools
* #41327 - Bump Akismet External - 4.9 Edition
Comments
* #40975 - 'Empty Spam' and 'Empty Trash' comment buttons not displayed on mobile
Customize
* #40978 - Customizer Panel Footer border missing
* #40981 - Customizer: Menus: it is far too easy to mistakenly delete a menu because the "Delete Menu" link and the "Add Items" button are too close together
* #41158 - Increase tinymce panel z-index
* #41410 - Set `'filter' => 'content'` on starter content "business info" widget
Embeds
* #41019 - oEmbed: Update VideoPress oEmbed URL
* #41048 - `WP_oEmbed_Controller::get_proxy_item()` should remove `_wpnonce` from cached `$args`
* #41299 - oEmbed proxy fails to forward maxwidth and maxheight params
General
* #41056 - WP-API JS Client: Settings is incorrectly registered as a collection
Media
* #41231 - media-views.js: Cannot read .length of undefined (this.controller.$uploaderToggler.length)
REST API
* #38964 - Add filter to allow modifying response *after* embedded data is added
* #40886 - REST API: PUT requests fail on Nginx servers when fancy permalinks aren't enabled
Taxonomy
* #41010 - wp_get_object_terms() returns duplicate terms if more than one taxonomy is given in args
TinyMCE
* #41408 - TinyMCE: Images with link and caption look "broken" when selected
Widgets
* #40907 - Introduce widget dedicated for HTML code
* #40935 - Facebook Video Works On Preview But Not On Theme
* #40951 - New Text Widget - Switching Between Visual/Text Editor Strips Out Code
* #40960 - Widgets: The Text widget should respect the “Disable the visual editor when writing” setting
* #40972 - TinyMCE editor in Text widget does not have RTL contents
* #40974 - Updated text widget do not save text (when using paste)
* #40977 - Widgets: Query param for `loop` added for non-hosted external videos
* #40986 - Widgets: text widget and media widgets cannot be edited in accessibility mode
* #41021 - Text widget does not show Title field or TinyMCE editor
* #41361 - Text widget can raise JS error if customize-base is enqueued on widgets admin screen
* #41386 - Text Widget - Wording - Legacy Mode 4.8.1 beta
* #41392 - Theme styles for Text widget do not apply to Custom HTML widget
* #41394 - Text widget: Rename legacy mode to visual mode and improve back-compat for widget_text filters
- CI improvements:
* Add basic working Circle CI v2 config
- Fix URI encoding bug introduced in 39
* Improve cheroot.test.helper.Controller to properly match unicode
v5.8.0
- CI improvements:
* Switch to native PyPy support in Travis CI
* Take into account PEP 257 compliant modules
* Build wheel in Appveyor and store it as an artifact
- Improve urllib support in ``_compat`` module
- 38 via 39: Improve URI parsing:
* Make it compliant with RFC 7230, RFC 7231 and RFC 2616
* Fix setting of ``environ['QUERY_STRING']`` in WSGI
* Introduce ``proxy_mode`` and ``strict_mode`` argument in ``server.HTTPRequest``
* Fix decoding of unicode URIs in WSGI 1.0 gateway
Fix error where transport.get_extra_info returned None
Remove uvloop requirement for gunicorn worker
Fix error where request.token() would fail if Authorization headers were not provided
Added an abort function to easily exit out of route handlers
Added a file_stream response handler
Add support for streaming large static files
Added streaming requests
Added websocket max_size and max_queue configuration
Fixed test client not working with HTTP2
Added match_info property to request class
Added support for recycling the gunicorn worker
Added an Unauthorized exception
Added a Forbidden exception
Added a graceful timeout when shutdown
Bugfixes:
Fixed a regression in 1.11.3 on Python 2 where non-ASCII format values for date/time widgets results in an empty value in the widget’s HTML.
Fixed QuerySet.union() and difference() when combining with a queryset raising EmptyResultSet.
Fixed a regression in pickling of LazyObject on Python 2 when the wrapped object doesn’t have __reduce__().
Fixed crash in runserver’s autoreload with Python 2 on Windows with non-str environment variables.
Corrected Field.has_changed() to return False for disabled form fields: BooleanField, MultipleChoiceField, MultiValueField, FileField, ModelChoiceField, and ModelMultipleChoiceField.
Fixed QuerySet.count() for union(), difference(), and intersection() queries..
Fixed ClearableFileInput rendering as a subwidget of MultiWidget. Custom clearable_file_input.html widget templates will need to adapt for the fact that context values checkbox_name, checkbox_id, is_initial, input_text, initial_text, and clear_checkbox_label are now attributes of widget rather than appearing in the top-level context.
Fixed queryset crash when using a GenericRelation to a proxy model
Version 0.15
~~~~~~~~~~~~
Released on 2017-06-27.
* Add ``Freezer.freeze_yield()`` method to make progress reporting easier.
(Thanks to Miro Hrončok.)
Version 0.14
~~~~~~~~~~~~
Released on 2017-03-22.
* Add the ``FREEZER_SKIP_EXISTING`` configuration to skip generation
of files already in the build directory. (Thanks to Antoine Goutenoir.)
* Add shared superclass ``FrozenFlaskWarning`` for all warnings.
(Thanks to Miro Hrončok.)
Remove insecure Js2Py library (code execution risk)
Please upgrade to 1.8.0 immediately.
Versions 1.6.6 to 1.7.1 are vulnerable to code execution. If you are running a vulnerable version, a malicious website owner could craft a page which executes arbitrary Python code on the machine that runs this script. This can only occur if the website that the user attempts to scrape has specifically prepared a page to exploit vulnerable versions of cfscrape.
Update DEPENDS
Minor cleanup
Upstream changes:
1.72 2017-07-25
- Convert the dist to Dist::Zilla for authoring.
- Remove recommendation of Business::ISBN as urn/isbn.pm is deprecated
- Use Test::Needs instead of raw eval in urn-isbn.t
Sorry, the upstream changelog has not been updated in 4 years and the git
log output mostly refers to pull request numbers.
Mostly bug fixes, including one that improves compatibility with Ruby 2.3.0
(getting rid of "Object#timeout is deprecated, use Timeout.timeout" prints)
*) Security: a specially crafted request might result in an integer
overflow and incorrect processing of ranges in the range filter,
potentially resulting in sensitive information leak (CVE-2017-7529).
Changes with nginx 1.13.2:
*) Change: nginx now returns 200 instead of 416 when a range starting
with 0 is requested from an empty file.
*) Feature: the "add_trailer" directive.
*) Bugfix: nginx could not be built on Cygwin and NetBSD; the bug had
appeared in 1.13.0.
*) Bugfix: nginx could not be built under MSYS2 / MinGW 64-bit.
*) Bugfix: a segmentation fault might occur in a worker process when
using SSI with many includes and proxy_pass with variables.
*) Bugfix: in the ngx_http_v2_module.
Changes with nginx 1.13.1:
*) Feature: now a hostname can be used as the "set_real_ip_from"
directive parameter.
*) Feature: vim syntax highlighting scripts improvements.
*) Feature: the "worker_cpu_affinity" directive now works on DragonFly
BSD.
*) Bugfix: SSL renegotiation on backend connections did not work when
using OpenSSL before 1.1.0.
*) Workaround: nginx could not be built with Oracle Developer Studio
12.5.
*) Workaround: now cache manager ignores long locked cache entries when
cleaning cache based on the "max_size" parameter.
*) Bugfix: client SSL connections were immediately closed if deferred
accept and the "proxy_protocol" parameter of the "listen" directive
were used.
*) Bugfix: in the "proxy_cache_background_update" directive.
*) Workaround: now the "tcp_nodelay" directive sets the TCP_NODELAY
option before an SSL handshake.
*) Security: a specially crafted request might result in an integer
overflow and incorrect processing of ranges in the range filter,
potentially resulting in sensitive information leak (CVE-2017-7529).
PkgSrc:
*) Updated external modules
*) Added RTMP module (Media Streaming Server)
go14 has no relro support AFAICT.
go-1.8.3 has if you use -buildmode=pie, but it claims it's not supported
on Linux.
Disable relro checking for go packages until bsiegert has time to
look at this.
Upstream changes:
RELEASE-NOTES-1.29
== MediaWiki 1.29 ==
=== Configuration changes in 1.29 ===
* Default cookie expiration time has been reduced to 30 days. Login cookie
expiration time is kept at 180 days.
* A new configuration variable has been added: $wgCookieSetOnAutoblock. This
determines whether to set a cookie when a user is autoblocked. Doing so means
that a blocked user, even after logging out and moving to a new IP address,
will still be blocked.
* The resetpassword right and associated password reset capture feature has
been removed.
* The $error parameter to the EmailUser hook should be set to a Status object
or boolean false. This should be compatible with at least MediaWiki 1.23 if
not earlier. Returning a raw HTML string is now deprecated.
* The $message parameter to the ApiCheckCanExecute hook should be set to an
ApiMessage. This is compatible with MediaWiki 1.27 and later. Returning a
code for ApiBase::parseMsg() will no longer work.
* ApiBase::$messageMap is no longer public. Code attempting to access it will
result in a PHP fatal error.
* $wgUserEmailUseReplyTo is now true by default to work around restrictive DMARC
policies.
* Subpages are now enabled by default in the Template namespace. Set
$wgNamespacesWithSubpages[NS_TEMPLATE] to false to keep the old behavior.
* $wgRunJobsAsync is now false by default (T142751). This change only affects
wikis with $wgJobRunRate > 0.
* (T158474) "Unknown user" has been added to $wgReservedUsernames.
* (T156983) $wgRateLimitsExcludedIPs now accepts CIDR ranges as well as single IPs.
* $wgDummyLanguageCodes is deprecated. Additional language code mappings may be
added to $wgExtraLanguageCodes instead.
* (T161453) LocalisationCache will no longer use the temporary directory in it's
fallback chain when trying to work out where to write the cache.
* The user right 'editusercssjs' (deprecated in 1.16) was removed. Use
'editusercss' and 'edituserjs' in $wgGroupPermissions and elsewhere instead.
=== New features in 1.29 ===
* (T5233) A cookie can now be set when a user is autoblocked, to track that user
if they move to a new IP address. This is disabled by default.
* Added ILocalizedException interface to standardize the use of localized
exceptions, largely so the API can handle them more sensibly.
* Blocks created automatically by MediaWiki, such as for configured proxies or
dnsbls, are now indicated as such and use a new i18n message when displayed.
* Added new $wgHTTPImportTimeout setting. Sets timeout for
downloading the XML dump during a transwiki import in seconds.
* Parser limit report is now available in machine-readable format to JavaScript
via mw.config.get('wgPageParseReport').
* Added $wgSoftBlockRanges, to allow for automatically blocking anonymous edits
from certain IP ranges (e.g. private IPs).
* (T59603) Added new magic word {{PAGELANGUAGE}} which returns the language code
of the page being parsed.
* HTML5 form validation attributes will no longer be suppressed. Originally
browsers had poor support for them, but modern browsers handle them fine.
This might affect some forms that used them and only worked because the
attributes were not actually being set.
* Expiry times can now be specified when users are added to user groups.
* Completely new user interface for the RecentChanges page, which
structures filters into user-friendly groups. This has corresponding
changes to how filters are registered by core and extensions.
* The edit form now uses pretty OOjs UI buttons, checkboxes and summary input.
Because this change can cause problems for extensions and on-wiki
scripts depending on the exact HTML, the old version is still available
and can be used by setting $wgOOUIEditPage = false; in LocalSettings.php.
This will be removed later and OOjs UI will become the only option.
To make testing easier, users can also force either mode by adding
&ooui=true or &ooui=false to the action=edit URL.
=== External library changes in 1.29 ===
==== Upgraded external libraries ====
* Updated QUnit from v1.22.0 to v1.23.1.
* Updated cssjanus from v1.1.2 to v1.2.0.
* Updated psr/log from v1.0.0 to v1.0.2.
* Update Moment.js from v2.8.4 to v2.15.0.
* Updated oyejorge/less.php from v1.7.0.10 to v1.7.0.14.
* Updated monolog from v1.18.2 to 1.22.1.
* Updated wikimedia/composer-merge-plugin from v1.3.1 to v1.4.0.
* Updated OOjs from v1.1.10 to v2.0.0.
==== New external libraries ====
* Added wikimedia/timestamp v1.0.0.
* Added wikimedia/remex-html v1.0.1.
==== Removed and replaced external libraries ====
=== Bug fixes in 1.29 ===
* (T62604) Core parser functions returning a number now format the number according
to the page content language, not wiki content language.
* (T27187) Search suggestions based on jquery.suggestions will now correctly only
highlight prefix matches in the results.
* (T157035) "new mw.Uri()" was ignoring options when using default URI.
* Special:Allpages can no longer be filtered by redirect in miser mode.
* (T160519) CACHE_ANYTHING will not be CACHE_ACCEL if no accelerator is installed.
* (T109140) (T122209) SECURITY: Special:UserLogin and Special:Search allow redirect
to interwiki links.
* (T144845) SECURITY: XSS in SearchHighlighter::highlightText() when
$wgAdvancedSearchHighlighting is true.
* (T125177) SECURITY: API parameters may now be marked as "sensitive" to keep
their values out of the logs.
* (T150044) SECURITY: "Mark all pages visited" on the watchlist now requires a CSRF
token.
* (T156184) SECURITY: Escape content model/format url parameter in message.
* (T151735) SECURITY: SVG filter evasion using default attribute values in DTD
declaration.
* (T161453) SECURITY: LocalisationCache will no longer use the temporary directory
in it's fallback chain when trying to work out where to write the cache.
* (T48143) SECURITY: Spam blacklist ineffective on encoded URLs inside file inclusion
syntax's link parameter.
* (T108138) SECURITY: Sysops can undelete pages, although the page is protected against
it.
=== Action API changes in 1.29 ===
* Submitting sensitive authentication request parameters to action=login,
action=clientlogin, action=createaccount, action=linkaccount, and
action=changeauthenticationdata in the query string is now an error. They
should be submitted in the POST body instead.
* The capture option for action=resetpassword has been removed
* action=clearhasmsg now requires a POST.
* (T47843) API errors and warnings may be requested in non-English languages
using the new 'errorformat', 'errorlang', and 'errorsuselocal' parameters.
* API error codes may have changed. Most notably, errors from modules using
parameter prefixes (e.g. all query submodules) will no longer be prefixed.
* ApiPageSet-using modules will report the 'invalidreason' using the specified
'errorformat'.
* action=emailuser may return a "Warnings" status, and now returns 'warnings' and
'errors' subelements (as applicable) instead of 'message'.
* action=imagerotate returns an 'errors' subelement rather than 'errormessage'.
* action=move now reports errors when moving the talk page as an array under
key 'talkmove-errors', rather than using 'talkmove-error-code' and
'talkmove-error-info'. The format for subpage move errors has also changed.
* action=revisiondelete no longer includes a "rendered" property on warnings
and errors for each item. Use errorformat=wikitext if you're wanting parsed
output.
* action=rollback no longer returns a "messageHtml" property. Use
errorformat=html if you're wanting HTML formatting of error messages.
* action=upload now reports optional stash failures as an array under key
'stasherrors' rather than a 'stashfailed' text string.
* action=watch reports 'errors' and 'warnings' instead of a single 'error', and
no longer returns a 'message' on success.
* Added action=validatepassword to validate passwords for the account creation
and password change forms.
* action=purge now requires a POST.
* There is a new `languagevariants` siprop for action=query&meta=siteinfo,
which returns a list of languages with active LanguageConverter instances.
* action=query&query=allpages will no longer filter redirects using a database
query in miser mode. This may result in less results being returned than were
requested.
=== Action API internal changes in 1.29 ===
* New methods were added to ApiBase to handle errors and warnings using i18n
keys. Methods for using hard-coded English messages were deprecated:
* ApiBase::dieUsage() was deprecated
* ApiBase::dieUsageMsg() was deprecated
* ApiBase::dieUsageMsgOrDebug() was deprecated
* ApiBase::getErrorFromStatus() was deprecated
* ApiBase::parseMsg() was deprecated
* ApiBase::setWarning() was deprecated
* ApiBase::$messageMap is no longer public. Code attempting to access it will
result in a PHP fatal error.
* The $message parameter to the ApiCheckCanExecute hook should be set to an
ApiMessage. This is compatible with MediaWiki 1.27 and later. Returning a
code for ApiBase::parseMsg() will no longer work.
* UsageException is deprecated in favor of ApiUsageException. For the time
being ApiUsageException is a subclass of UsageException to allow things that
catch only UsageException to still function properly.
* If, for some strange reason, code was using an ApiErrorFormatter instead of
ApiErrorFormatter_BackCompat, note that the result format has changed and
various methods now take a module path rather than a module name.
* ApiMessageTrait::getApiCode() now strips 'apierror-' and 'apiwarn-' prefixes
from the message key, and maps some message keys for backwards compatibility.
* API parameters may now be marked as "sensitive" to keep their values out of
the logs.
=== extension.json changes in 1.29 ===
* Extensions must set a value for "manifest_version" in their extension.json
or skin.json files. See
<https://www.mediawiki.org/wiki/Manual:Extension.json/Schema#manifest_version>
for details.
* Extensions can now specify dependencies upon other extensions by using the
"requires" key. See
<https://www.mediawiki.org/wiki/Manual:Extension.json/Schema#requires> for
more details.
* (T151136) Functions set as the "callback" now recieve that extension's credits
information as the first argument.
* (T149597) "PasswordPolicy" can be set in extension.json.
=== Languages updated in 1.29 ===
MediaWiki supports over 350 languages. Many localisations are updated
regularly. Below only new and removed languages are listed, as well as
changes to languages because of Phabricator reports.
* Based as always on linguistic studies on intelligibility and language
knowledge by geography, language fallbacks have been expanded. When a
translation is missing in the user's preferred interface language, the
corresponding translation for the fallback language will be used instead.
English will only be used as last resort when there are no translations.
Some configurations (such as date formats and gender namespaces) have also
been updated when using the fallback language's configuration was inadequate.
The new or reinstated language fallbacks are (after cs ↔ sk in 1.28):
ca ↔ oc; hsb ↔ dsb; io → eo; mdf → ru; pnt → el; roa-tara → it; rup → ro;
sh → bs, sr-el, hr.
* (T137376) New language support: Atikamekw (atj).
* (T163600) New language support: Dinka (din).
* (T155957) Talk Namespaces for Javanese language (jv) have been updated.
==== No fallback for Ukrainian ====
* (T39314) The fallback from Ukrainian to Russian was removed. The Ukrainian
language will now use the default fallback language: English. When a translation
to Ukrainian is not available, an English string will be shown.
=== Other changes in 1.29 ===
* Database::getSearchEngine() (deprecated in 1.28) was removed. Use
SearchEngineFactory::getSearchEngineClass() instead.
* $wgSessionsInMemcached (deprecated in 1.20) was removed. No replacement is
required as all sessions are stored in Object Cache now.
* MWHttpRequest::execute() should be considered to return a StatusValue; the
Status return type is deprecated.
* User::edits() (deprecated in 1.21) was removed.
* Xml::escapeJsString() (deprecated in 1.21) was removed.
* Article::getText() and Article::prepareTextForEdit() (deprecated in 1.21)
were removed.
* Article::getAutosummary() and WikiPage::getAutosummary() (deprecated in 1.21)
were removed.
* Hook ArticleViewCustom (deprecated in 1.21) was removed. Use ArticleContentViewCustom
instead.
* Hooks EditPageGetDiffText and ShowRawCssJs (deprecated in 1.21) were removed.
* Class RevisiondeleteAction (deprecated in 1.25) was removed.
* WikiPage::prepareTextForEdit() (deprecated in 1.21) was removed.
* WikiPage::getText() (deprecated in 1.21) was removed.
* Article::fetchContent() (deprecated in 1.21) was removed.
* User::getPassword() (deprecated in 1.27) was removed.
* User::getTemporaryPassword() (deprecated in 1.27) was removed.
* User::isPasswordReminderThrottled() (deprecated in 1.27) was removed.
* Class FSRepo (deprecated in 1.19) was removed.
* WebRequest::checkSessionCookie() (deprecated in 1.27) was removed. Use
\MediaWiki\Session\SessionManager::singleton()->getPersistedSessionId() instead.
* Class ImageGallery (deprecated in 1.22) was removed.
Use ImageGalleryBase::factory instead.
* Title::moveNoAuth() (deprecated in 1.25) was removed. Use MovePage class instead.
* Hook UnknownAction (deprecated in 1.19) was actually deprecated (it will now
emit warnings). Create a subclass of Action and add it to $wgActions instead.
* WikiRevision::getText() (deprecated since 1.21) is no longer marked deprecated.
* Linker::getInterwikiLinkAttributes() (deprecated since 1.25) was removed.
* Linker::getInternalLinkAttributes() (deprecated since 1.25) was removed.
* Linker::getInternalLinkAttributesObj() (deprecated since 1.25) was removed.
* Linker::getLinkAttributesInternal() (deprecated since 1.25) was removed.
* RedisConnectionPool::handleException (deprecated since 1.23) was removed.
* The static properties mw.Api.errors and mw.Api.warnings, containing incomplete
and outdated lists of errors/warnings returned by the API, are now deprecated.
* wiki.phtml entry point was removed. Refer to index.php instead. If you want "wiki.phtml"
URLs to continue to work, set up redirects. In Apache, this can be done by enabling
mod_rewrite and adding the following rules to your configuration:
RewriteEngine On
RewriteBase /
RewriteRule ^/w/wiki\.phtml$ /w/index.php [R=301,L]
* Hook ArticleAfterFetchContent (deprecated in 1.21) was removed.
Use ArticleAfterFetchContentObject instead.
* Hook ArticleInsertComplete (deprecated in 1.21) was removed.
Use PageContentInsertComplete instead.
* Hook ArticleSave (deprecated in 1.21) was removed.
Use PageContentSave instead.
* Hook ArticleSaveComplete (deprecated in 1.21) was removed.
Use PageContentSaveComplete instead.
* Hook EditFilterMerged (deprecated in 1.21) was removed.
Use EditFilterMergedContent instead.
* Hook EditPageGetPreviewText (deprecated in 1.21) was removed.
Use EditPageGetPreviewContent instead.
* Hook TitleIsCssOrJsPage (deprecated in 1.21) was removed.
Use ContentHandlerDefaultModelFor instead.
* Hook TitleIsWikitextPage (deprecated in 1.21) was removed.
Use ContentHandlerDefaultModelFor instead.
* Article::getContent() (deprecated in 1.21) was removed.
* Revision::getText() (deprecated in 1.21) was removed.
* Article::doEdit() and WikiPage::doEdit() (deprecated in 1.21) were removed.
* Parser::replaceUnusualEscapes() (deprecated in 1.24) was removed.
* Article::doEditContent() was marked as deprecated, to be removed in 1.30
or later.
* ContentHandler::runLegacyHooks() was removed.
* refreshLinks.php now can be limited to a particular category with --category=...
or a tracking category with --tracking-category=...
* User-like objects that are passed to SpecialUserRights and its subclasses are
now required to have a getGroupMemberships() method. See UserRightsProxy for
an example.
* User::$mGroups (instance variable) was marked private. Use User::getGroups()
instead.
* User::getGroupName(), User::getGroupMember(), User:getGroupPage(),
User::makeGroupLinkHTML(), and User::makeGroupLinkWiki() were deprecated.
Use equivalent methods on the UserGroupMembership class.
* Maintenance scripts and tests that call User::addGroup() must now ensure that
User objects have been added to the database prior to calling addGroup().
* Protected function UsersPager::getGroups() was removed, and protected function
UsersPager::buildGroupLink() was changed from a static to an instance method.
* The third parameter ($cache) to the UsersPagerDoBatchLookups hook was changed;
see docs/hooks.txt.
* User::crypt() (deprecated in 1.24) was removed.
* User::comparePasswords() (deprecated in 1.24) was removed.
* ArchivedFile::getUserText() (deprecated in 1.23) was removed.
* HTMLFileCache::newFromTitle() (deprecated in 1.24) was removed.
* BREAKING CHANGE: Internal signature changes to ChangesListSpecialPage
and subclasses. It should only break if you call buildMainQueryConds
(changed to buildQuery with new signature) or doMainQuery (new
signature). Subclasses are likely to call at least doMainQuery
(possibly both), but other classes might too, because they were
public.
Also, some related hooks were deprecated, but this is not yet a
breaking change.
* Removed 'jquery.arrowSteps' module. (deprecated since 1.28)
* The 'jquery.autoEllipsis' ResourceLoader module is now deprecated.
* WikiRevision::$fileIsTemp was deprecated.
* WikiRevision::$importer was deprecated.
* WikiRevision::$user was deprecated.
* Article::getLastPurgeTimestamp(), WikiPage::getLastPurgeTimestamp(), and the
WikiPage::PURGE_* constants are deprecated, and the functions will always
return false. They were a hack for an issue that has since been fixed.
* Hook 'EditPageBeforeEditChecks' is now deprecated. Instead use the new hook
'EditPageGetCheckboxesDefinition', or 'EditPage::showStandardInputs:options'
if you don't actually care about checkboxes and just want to add some HTML
to the page.
* Selflinks are now rendered as href-less <a> tags with the class mw-selflink
rather than <strong> tags. The old class name, "selflink", was deprecated
and will be removed in a future release. (T160480)
* (T156184) $wgRawHtml will no longer apply to internationalization messages.
* Browser support for non-ES5 JavaScript browsers, including Android 2,
Opera <12.10, and Internet Explorer 9, was lowered from Grade A to Grade C.
* Removed wikibits global methods deprecated since MediaWiki 1.17 (T122755):
is_gecko, is_chrome_mac, is_chrome, webkit_version, is_safari_win, is_safari,
webkit_match, is_ff2, ff2_bugs, is_ff2_win, is_ff2_x11, opera95_bugs,
opera7_bugs, opera6_bugs, is_opera_95, is_opera_preseven, is_opera,
ie6_bugs, clientPC, changeText, killEvt, addHandler, hookEvent,
addClickHandler, removeHandler, getElementsByClassName, getInnerText,
setupCheckboxShiftClick, addCheckboxClickHandlers, mwEditButtons,
mwCustomEditButtons, injectSpinner, removeSpinner, escapeQuotes,
escapeQuotesHTML, jsMsg, addPortletLink, appendCSS, tooltipAccessKeyPrefix,
tooltipAccessKeyRegexp, updateTooltipAccessKeys.
* The ID of the <li> element containing the login link has changed from
'pt-login' to 'pt-login-private' in private wikis.
* The old, neglected "bulletin board style toolbar" in the edit form is now
deprecated (T30856). This old code dates from 2006, and was replaced in the
MediaWiki release tarball and in Wikimedia production by the WikiEditor
extension in 2010. It is only shown to users if no other editor was
installed, and leads to confusion.
* (T92459) Loading ResourceLoader modules containing JavaScript through
addModuleStyles() is deprecated and will log a warning server-side.
== Compatibility ==
MediaWiki 1.29 requires PHP 5.5.9 or later. There is experimental support for
HHVM 3.6.5 or later.
MySQL/MariaDB is the recommended DBMS. PostgreSQL or SQLite can also be used,
but support for them is somewhat less mature. There is experimental support for
Oracle and Microsoft SQL Server.
The supported versions are:
* MySQL 5.0.3 or later
* PostgreSQL 8.3 or later
* SQLite 3.3.7 or later
* Oracle 9.0.1 or later
* Microsoft SQL Server 2005 (9.00.1399)
== Upgrading ==
1.29 has several database changes since 1.28, and will not work without schema
updates. Note that due to changes to some very large tables like the revision
table, the schema update may take quite long (minutes on a medium sized site,
many hours on a large site).
Don't forget to always back up your database before upgrading!
See the file UPGRADE for more detailed upgrade instructions, including
important information when upgrading from versions prior to 1.11.
For notes on 1.28.x and older releases, see HISTORY.
Re-release of 0.14.2 due to a release engineering mistake.
No changes other than the version number.
Nevow 0.14.1:
Nevow will now correctly map the MIME type of SVG files even if the
platform registry does not have such a mapping.
Athena no longer logs widget instantiation on initial page load.
Nevow's test suite is now compatible with Twisted 16.3.
Athena will no longer cause spurious errors resulting from page
disconnection.
Athena will now ignore responses to already-responded remote calls
during page shutdown.
From the projects's announcement:
You'll find below the changes of this bugfixes version:
- various security fixes (#2475, #2476, #2492),
- fix regressions on self service portal:
- self-service users should not be auto assigned as tech (#2472)
- type and category fields was not selectable anymore (#2473)
The full changelog is available here for more details: https://github.com/glpi-project/glpi/milestone/20?closed=1
Fixed missing brackets in HTTP CONNECT when connecting to IPv6 address via IPv6 proxy.
Made the connection pool retry on SSLError. The original SSLError is available on MaxRetryError.reason.
Drain and release connection before recursing on retry/redirect. Fixes deadlocks with a blocking connectionpool.
Fixed compatibility for cookiejar.
pyopenssl: Use vendored version of six
Fixed a couple major decoding issues and simplified the URL API.
* limit types accepted by URL.from_text() to just text (str on py3, unicode on py2)
* fix percent decoding issues surrounding multiple calls to URL.to_iri()
* remove the socket-inspired family argument from URL's APIs. It was never consistently implemented and leaked slightly more problems than it solved.
* Improve authority parsing
* include LICENSE, README, docs, and other resources in the package
v5.7.0
======
- CI improvements:
* Don't run tests during deploy stage
* Use VM based build job env only for pyenv envs
* Opt-in for beta trusty image @ Travis CI
* Be verbose when running tests (show test names)
* Show xfail/skip details during test run
- #34: Fix ``_handle_no_ssl`` error handler calls
- #21: Fix ``test_conn`` tests:
* Improve setup_server def in HTTP connection tests
* Fix HTTP streaming tests
* Fix HTTP/1.1 pipelining test under Python 3
* Fix ``test_readall_or_close`` test
* Fix ``test_No_Message_Body``
* Clarify ``test_598`` fail reason
- #36: Add GitHub templates for PR, issue && contributing
- #27: Default HTTP Server header to Cheroot version str
- Cleanup _compat functions from server module
v5.6.0
======
- Fix all PEP 257 related errors in all non-test modules.
``cheroot/test/*`` folder is only one left allowed to fail with this linter.
- #30: Optimize chunked body reader loop by returning empty data is the size is 0.
Ref: cherrypy/cherrypy#1602
- Reset buffer if the body size is unknown
Ref: cherrypy/cherrypy#1486
- Add missing size hint to SizeCheckWrapper
Ref: cherrypy/cherrypy#1131
v5.5.2
======
- #32: Ignore "unknown error" and "https proxy request" SSL errors.
Ref: sabnzbd/sabnzbd#820
Ref: sabnzbd/sabnzbd#860
v5.5.1
======
- Make Appveyor list separate tests in corresponding tab.
- #29: Configure Travis CI build stages.
Prioritize tests by stages.
Move deploy stage to be run very last after all other stages finish.
- #31: Ignore "Protocol wrong type for socket" (EPROTOTYPE) @ OSX for non-blocking sockets.
This was originally fixed for regular sockets in cherrypy/cherrypy#1392.
Ref: https://forums.sabnzbd.org/viewtopic.php?f=2&t=22728&p=112251
v5.5.0
======
- #17 via #25: Instead of a read_headers function, cheroot now
supplies a HeaderReader class to perform the same function.
Any HTTPRequest object may override the header_reader attribute
to customize the handling of incoming headers.
The server module also presents a provisional implementation of
a DropUnderscoreHeaderReader that will exclude any headers
containing an underscore. It remains an exercise for the
implementer to demonstrate how this functionality might be
employed in a server such as CherryPy.
- #26: Configured TravisCI to run tests under OS X.
2.3.21 (2017-06-01)
-------------------
Enhancements
- [core] improved event invitation for all day events (#4145)
- [core] now possible to {un}subscribe to folders using sogo-tool
- [eas] added photo support for GAL search operations
- [web] added custom fields support from Thunderbird's address book
- [web] updated CKEditor to version 4.7.0
- [web] added Latvian (lv) translation - thanks to Juris Balandis
Bug fixes
- [core] fixed calendar component move across collections (#4116)
- [core] handle properly mails using windows-1255 charset (#4124)
- [core] properly honor the "include in freebusy" setting (#3354)
- [core] make sure to use crypt scheme when encoding md5/sha256/sha512 (#4137)
- [core] newly subscribed calendars are excluded from freebusy (#3354)
- [core] strip cr during LDIF import process (#4172)
- [web] fixed mail delegation of pristine user accounts (#4160)
- [web] respect SOGoLanguage and SOGoSupportedLanguages (#4169)
- [eas] fixed opacity in EAS freebusy (#4033)
- [eas] set reply/forwarded flags when ReplaceMime is set (#4133)
- [eas] remove alarms over EAS if we don't want them (#4059)
- [eas] correctly set RSVP on event invitations
- [eas] avoid sending IMIP request/update messages for all EAS clients (#4022)
additional Administration Interface. You can use it to build up a
database with an inventory for your company (computers, software,
printers, etc).
Its enhanced functionality makes daily life for administrators easier.
Besides an inventory, it provides a trouble-ticket system, job
tracking with mail notification, and methods to build a database with
basic information about your network-topology.
<http://glpi-project.org/>
Features:
* Supports both Client and HTTP Server.
* Supports both Server WebSockets and Client WebSockets out-of-the-box.
* Web-server has Middlewares, Signals and pluggable routing.
