* t/git-cgi.t: Wait 1 second before doing a revert that should work.
This hopefully fixes a race condition in which the test failed
around 6% of the time. (Closes: 862494)
* Guard against set-but-empty REMOTE_USER CGI variable on
misconfigured nginx servers, and in general treat sessions with
a set-but-empty name as if they were not signed in.
* When the CGI fails, print the error to stderr, not "Died"
* mdwn: Don't mangle <style> into <elyts> under some circumstances
* mdwn: Enable footnotes by default when using the default Discount
implementation. A new mdwn_footnotes option can be used to disable
footnotes in MultiMarkdown and Discount.
* mdwn: Don't enable alphabetically labelled ordered lists by
default when using the default Discount implementation. A new
mdwn_alpha_list option can be used to restore the old
interpretation.
* osm: Convert savestate hook into a changes hook. savestate is not
the right place to write wiki content, and in particular this
breaks websetup if osm's dependencies are not installed, even
if the osm plugin is not actually enabled. (Closes: #719913)
* toc: if the heading is of the form <h1 id="...">, use that for
the link in the table of contents (but continue to generate
<a name="index42"></a> in case someone was relying on it)
* color: Do not leak markup into contexts that take only the plain
text, such as toc
* meta: Document [[!meta name="foo" content="bar"]]
Python. It implements RFC 6455 with a focus on correctness and simplicity.
It passes the Autobahn Testsuite.
Built on top of Python's asynchronous I/O support introduced in PEP 3156,
it provides an API based on coroutines, making it easy to write highly
concurrent applications.
HTTP, task offloading and other asynchrony support to your code, using familiar
Django design patterns and a flexible underlying framework that lets you not
only customize behaviours but also write support for your own protocols and
needs.
to power Django Channels.
It supports automatic negotiation of protocols; there's no need for URL
prefixing to determine WebSocket endpoints versus HTTP endpoints.
new: allow components to pass WebSocket/RawSocket options
fix: register/subscribe decorators support different URI syntax from what session.register and session.subscribe support
new: allow for standard Crossbar a.c..d style pattern URIs to be used with Pattern
new: dynamic authorizer example
new: configurable log level in ApplicationRunner.run for asyncio
fix: forward reason of hard dropping WebSocket connection in wasNotCleanReason
Changes are too many to write here, please refer
<https://github.com/jekyll/jekyll/releases> in detail.
* Upgrade to Liquid v4.
* Add support for TSV (Tab-Separated Values data) files.
* Add a template for custom 404 page.
* Documentation improvements.
## 4.0.0
### Changed
* Render an opaque internal error by default for non-Liquid::Error (#835) [Dylan Thacker-Smith]
* Ruby 2.0 support dropped (#832) [Dylan Thacker-Smith]
* Add to_number Drop method to allow custom drops to work with number filters (#731)
* Add strict_variables and strict_filters options to detect undefined references (#691)
* Improve loop performance (#681) [Florian Weingarten]
* Rename Drop method `before_method` to `liquid_method_missing` (#661) [Thierry Joyal]
* Add url_decode filter to invert url_encode (#645) [Larry Archer]
* Add global_filter to apply a filter to all output (#610) [Loren Hale]
* Add compact filter (#600) [Carson Reinke]
* Rename deprecated "has_key?" and "has_interrupt?" methods (#593) [Florian Weingarten]
* Include template name with line numbers in render errors (574) [Dylan Thacker-Smith]
* Add sort_natural filter (#554) [Martin Hanzel]
* Add forloop.parentloop as a reference to the parent loop (#520) [Justin Li]
* Block parsing moved to BlockBody class (#458) [Dylan Thacker-Smith]
* Add concat filter to concatenate arrays (#429) [Diogo Beato]
* Ruby 1.9 support dropped (#491) [Justin Li]
* Liquid::Template.file_system's read_template_file method is no longer passed the context. (#441) [James Reid-Smith]
* Remove support for `liquid_methods`
* Liquid::Template.register_filter raises when the module overrides registered public methods as private or protected (#705) [Gaurav Chande]
### Fixed
* Fix map filter when value is a Proc (#672) [Guillaume Malette]
* Fix truncate filter when value is not a string (#672) [Guillaume Malette]
* Fix behaviour of escape filter when input is nil (#665) [Tanel Jakobsoo]
* Fix sort filter behaviour with empty array input (#652) [Marcel Cary]
* Fix test failure under certain timezones (#631) [Dylan Thacker-Smith]
* Fix bug in uniq filter (#595) [Florian Weingarten]
* Fix bug when "blank" and "empty" are used as variable names (#592) [Florian Weingarten]
* Fix condition parse order in strict mode (#569) [Justin Li]
* Fix naming of the "context variable" when dynamically including a template (#559) [Justin Li]
* Gracefully accept empty strings in the date filter (#555) [Loren Hale]
* Fix capturing into variables with a hyphen in the name (#505) [Florian Weingarten]
* Fix case sensitivity regression in date standard filter (#499) [Kelley Reynolds]
* Disallow filters with no variable in strict mode (#475) [Justin Li]
* Disallow variable names in the strict parser that are not valid in the lax parser (#463) [Justin Li]
* Fix BlockBody#warnings taking exponential time to compute (#486) [Justin Li]
Bugfixes
- CONTINUATION frames sent on closed streams previously caused stream errors
of type STREAM_CLOSED. RFC 7540 § 6.10 requires that these be connection
errors of type PROTOCOL_ERROR, and so this release changes to match that
behaviour.
- Remote peers incrementing their inbound connection window beyond the maximum
allowed value now cause stream-level errors, rather than connection-level
errors, allowing connections to stay up longer.
- h2 now rejects receiving and sending request header blocks that are missing
any of the mandatory pseudo-header fields (:path, :scheme, and :method).
- h2 now rejects receiving and sending request header blocks that have an empty
:path pseudo-header value.
- h2 now rejects receiving and sending request header blocks that contain
response-only pseudo-headers, and vice versa.
- h2 now correct respects user-initiated changes to the HEADER_TABLE_SIZE
local setting, and ensures that if users shrink or increase the header
table size it is policed appropriately.
6.13 2017-06-20 01:07:03Z
- Non-TRIAL release of changes found in 6.12
6.12 2017-06-15 18:03:50Z (TRIAL RELEASE)
- If an object is passed to HTTP::Request, it must provide a canonical()
method (Olaf Alders)
- Make sure status messages don't die by checking the status exists before
checking the value range (Kent Fredric, GH #39)
- Add a .mailmap file to clean up the contributors list
- Avoid inconsistent setting of content to undef (Jerome Eteve)
- Simplify the way some methods are created (Tom Hukins)
- Remove some indirect object notation (Chase Whitener)
- Fix example in Pod (Tobias Leich)
- Add support for HTTP PATCH method (Mickey Nasriachi)
*) HTTP/2 support no longer tagged as "experimental" but is instead considered
fully production ready.
*) mod_http2: Fix for possible CPU busy loop introduced in v1.10.3 where a stream may keep
the session in continuous check for state changes that never happen.
*) mod_mime: Fix error checking for quoted pairs.
*) mod_proxy_wstunnel: Add "upgrade" parameter to allow upgrade to other
protocols.
*) MPMs unix: Place signals handlers and helpers out of DSOs to avoid
a possible crash if a signal is caught during (graceful) restart.
*) core: Deprecate ap_get_basic_auth_pw() and add
ap_get_basic_auth_components().
*) mod_rewrite: When a substitution is a fully qualified URL, and the
scheme/host/port matches the current virtual host, stop interpreting the
path component as a local path just because the first component of the
path exists in the filesystem. Adds RewriteOption "LegacyPrefixDocRoot"
to revert to previous behavior.
*) core: ap_parse_form_data() URL-decoding doesn't work on EBCDIC
platforms.
*) ab: enable option processing for setting a custom HTTP method also for
non-SSL builds.
*) core: EBCDIC fixes for interim responses with additional headers.
*) mod_ssl: Consistently pass the expected bio_filter_in_ctx_t
to ssl_io_filter_error().
*) mod_env: when processing a 'SetEnv' directive, warn if the environment
variable name includes a '='. It is likely a configuration error.
*) Evaluate nested If/ElseIf/Else configuration blocks.
*) mod_rewrite: Add 'BNP' (backreferences-no-plus) flag to RewriteRule to
allow spaces in backreferences to be encoded as %20 instead of '+'.
*) mod_rewrite: Add the possibility to limit the escaping to specific
characters in backreferences by listing them in the B flag.
*) mod_substitute: Fix spurious AH01328 (Line too long) errors on EBCDIC
systems.
*) mod_http2: fail requests without ERROR log in case we need to read interim
responses and see only garbage. This can happen if proxied servers send
data where none should be, e.g. a body for a HEAD request.
more...
Contao 4.4 is fourth minor release of Contao 4 and it is LTS (Long Term
Support) release until June 2021.
Additionally, these new features from 4.3.
* Improved backend theme
* Improved element preview
* Detect version conflicts
* Improved handling of image meta data
* Details view contains path addition to their UUIDs
* Honeypot anti-spam
* Allowed member groups
* Import options for some form fields
* DCA picker
* Filter pages and articles
* Search files
* Contao Manager support
* Fixed a bug in which cancelling the publishing dialog wasn't respected.
* Fixed a bug causing post-login redirection to an incorrect URL on single-language sites.
* Changed the signature for internal ``cms.plugin_base.CMSPluginBase`` methods ``get_child_classes``
and ``get_parent_classes`` to take an optional ``instance`` parameter.
* Fixed an error when retrieving placeholder label from configuration.
* Fixed a bug which caused certain translations to display double-escaped text in the page
list admin view.
* Adjusted the toolbar JavaScript template to escape values coming from the request.
* Added Dropdown class to toolbar items
* Replaced all custom markup on the ``admin/cms/page/includes/fieldset.html`` template
with an ``{% include %}`` call to Django's built-in ``fieldset.html`` template.
* Fixed a bug which prevented a page from being marked as dirty when a placeholder was cleared.
* Fixed an IntegrityError raised when publishing a page with no public version and whose publisher
state was pending.
* Fixed an issue with JavaScript not being able to determine correct path to the async bundle
* Fixed a ``DoesNotExist`` database error raised when moving a page marked as published, but whose public
translation did not exist.
* Fixed a bug in which the menu rendered nodes using the site session variable (set in the admin),
instead of the current request site.
* Fixed a race condition bug in which the database cache keys were deleted without syncing with the
cache server, and as a result old menu items would continue to be displayed.
* Fixed a 404 raised when using the ``Delete`` button for a Page or Title extension on Django >= 1.9
* Added "How to serve multiple languages" section to documentation
* Fixed a performance issue with nested pages when using the ``inherit`` flag on the ``{% placeholder %}`` tag.
* Removed the internal ``reset_to_public`` page method in favour of the ``revert_to_live`` method.
* Fixed a bug in which the placeholder cache was not consistently cleared when a page was published.
* Enhanced the plugin menu to not show plugins the user does not have permission to add.
* Fixed a regression which prevented users from setting a redirect to the homepage.
Add a CountryFieldMixin Django Rest Framework serializer mixin that automatically picks the right field type for a CountryField (both single and multi-choice).
Validation for Django Rest Framework field (thanks Simon Meers).
Allow case-insensitive .by_name() matching (thanks again, Simon).
Ensure a multiple-choice CountryField.max_length is enough to hold all countries.
Fix inefficient pickling of countries (thanks Craig de Stigter for the report and tests).
Stop adding a blank choice when dealing with a multi-choice CountryField.
Tests now cover multiple Django Rest Framework versions (back to 3.3).
Version 4.6.1
Fix invalid reStructuredText in CHANGES.
Add test targets, all tests pass for me.
Sun May 28 23:26:00 MSK 2017
Releasing GNU libmicrohttpd 0.9.55. -EG
Sun May 21 18:48:00 MSK 2017
Fixed build with disabled "UPGRADE".
Fixed possible null-dereference in HTTPS test.
Fixed compiler warning in process_request_body(), minor optimizations.
Do not allow suspend of "upgraded" connections.
Fixed returned value for MHD_CONNECTION_INFO_CONNECTION_SUSPENDED.
Fixed removal from timeout lists of non-existing connections in
cleanup_connection().
Fixed double locking of mutex. -EG
Sun May 14 15:05:00 MSK 2017
Fixed resuming connections and closing upgraded connections in select()
mode with thread-per-connection. -EG
Sun May 14 14:49:00 MSK 2017
Removed extra call to resume connections in MHD_run().
Handle resumed connection without delay in epoll mode.
Update states of resumed connection after resume in thread-per-connection
mode.
Fixed resuming connections and closing upgraded connections in poll()
mode with thread-per-connection. -EG
Thu May 11 22:37:00 MSK 2017
Faster start really processing data in resumed connections. -EG
Thu May 11 14:24:00 MSK 2017
Do not add any "Connection" headers for "upgrade" connections. -EG
Wed May 10 23:09:00 MSK 2017
Resume resuming connection before other processing in external polling
mode. -EG
Tue May 9 23:16:00 MSK 2017
Fixed: Do not add "Connection: Keep-Alive" header for "upgrade"
connections. -EG
Tue May 9 21:01:00 MSK 2017
Fixed: check all "Connection" headers of request for "Close" and "Upgrade"
tokens instead of using only first "Connection" header with full string
match. -EG
Tue May 9 12:28:00 MSK 2017
Revert: continue match footers in MHD_get_response_header() for backward
compatibility. -EG
Mon May 8 19:30:00 MSK 2017
Fixed: use case-insensitive matching for header name in
MHD_get_response_header(), match only headers (not footers). -EG
Fri May 5 20:57:00 MSK 2017
Fixed null dereference when connection has "Upgrade" request and
connection is not upgraded. -JB/EG
Better handle Keep-Alive/Close. -EG
7.33 2017-06-05
- Added EXPERIMENTAL support for :matches pseudo-class and :not pseudo-class
with compount selectors to Mojo::DOM::CSS.
- Fixed a few form element value extraction bugs in Mojo::DOM.
- Fixed version command to use the new MetaCPAN API, since the old one got
shut down.
7.32 2017-05-28
- Added -f option to get command.
- Improved get command with support for passing request data by redirecting
STDIN.
- Fixed memory leak in Mojo::IOLoop::Client that sometimes prevented the
connect timeout from working correctly for TLS handshakes.
* If your 54.0 is unstable, please disable e10s with
browser.tabs.remote.autostart.2=false (this works at least for me)
Changelog:
New
Simplified the download button and download status panel
Added support for multiple content processes (e10s-multi)
Added Burmese (my) locale
Fixed
Various security fixes
Changed
Moved the mobile bookmarks folder to the main bookmarks menu for easier access
Security fixes:
#CVE-2017-5472: Use-after-free using destroyed node when regenerating trees
#CVE-2017-7749: Use-after-free during docshell reloading
#CVE-2017-7750: Use-after-free with track elements
#CVE-2017-7751: Use-after-free with content viewer listeners
#CVE-2017-7752: Use-after-free with IME input
#CVE-2017-7754: Out-of-bounds read in WebGL with ImageInfo object
#CVE-2017-7755: Privilege escalation through Firefox Installer with same directory DLL files
#CVE-2017-7756: Use-after-free and use-after-scope logging XHR header errors
#CVE-2017-7757: Use-after-free in IndexedDB
#CVE-2017-7778: Vulnerabilities in the Graphite 2 library
#CVE-2017-7758: Out-of-bounds read in Opus encoder
#CVE-2017-7759: Android intent URLs can cause navigation to local file system
#CVE-2017-7760: File manipulation and privilege escalation via callback parameter in Mozilla Windows Updater and Maintenance Service
#CVE-2017-7761: File deletion and privilege escalation through Mozilla Maintenance Service helper.exe application
#CVE-2017-7762: Addressbar spoofing in Reader mode
#CVE-2017-7763: Mac fonts render some unicode characters as spaces
#CVE-2017-7764: Domain spoofing with combination of Canadian Syllabics and other unicode blocks
#CVE-2017-7765: Mark of the Web bypass when saving executable files
#CVE-2017-7766: File execution and privilege escalation through updater.ini, Mozilla Windows Updater, and Mozilla Maintenance Service
#CVE-2017-7767: Privilege escalation and arbitrary file overwrites through Mozilla Windows Updater and Mozilla Maintenance Service
#CVE-2017-7768: 32 byte arbitrary file read through Mozilla Maintenance Service
#CVE-2017-7770: Addressbar spoofing with JavaScript events and fullscreen mode
#CVE-2017-5471: Memory safety bugs fixed in Firefox 54
#CVE-2017-5470: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2
curl: show the libcurl release date in --version output
Bugfixes:
CVE-2017-9502: default protocol drive letter buffer overflow
openssl: fix memory leak in servercert
tests: remove the html and PDF versions from the tarball
mbedtls: enable NTLM (& SMB) even if MD4 support is unavailable
typecheck-gcc: handle function pointers properly
llist: no longer uses malloc
gnutls: removed some code when --disable-verbose is configured
lib: fix maybe-uninitialized warnings
multi: clarify condition in curl_multi_wait
schannel: Don't treat encrypted partial record as pending data
configure: fix the -ldl check for openssl, add -lpthread check
configure: accept -Og and -Ofast GCC flags
Makefile: avoid use of GNU-specific form of $<
if2ip: fix -Wcast-align warning
configure: stop prepending to LDFLAGS, CPPFLAGS
curl: set a 100K buffer size by default
typecheck-gcc: fix _curl_is_slist_info
nss: do not leak PKCS 11 slot while loading a key
nss: load libnssckbi.so if no other trust is specified
examples: ftpuploadfrommem.c
url: declare get_protocol_family() static
examples/cookie_interface.c: changed to example.com
test1443: test --remote-time
curl: use utimes instead of obsolescent utime when available
url: fixed a memory leak on OOM while setting CURLOPT_BUFFERSIZE
curl_rtmp: fix missing-variable-declarations warnings
tests: fixed OOM handling of unit tests to abort test
curl_setup: Ensure no more than one IDN lib is enabled
tool: Fix missing prototype warnings for CURL_DOES_CONVERSIONS
CURLOPT_BUFFERSIZE: 1024 bytes is now the minimum size
curl: non-boolean command line args reject --no- prefixes
telnet: Write full buffer instead of byte-by-byte
typecheck-gcc: add missing string options
typecheck-gcc: add support for CURLINFO_SOCKET
opt man pages: they all have examples now
curl_setup_once: use SEND_QUAL_ARG2 for swrite
test557: set a known good numeric locale
schannel: return a more specific error code for SEC_E_UNTRUSTED_ROOT
tests/server: make string literals const
runtests: use -R for random order
unit1305: fix compiler warning
curl_slist_append.3: clarify a NULL input creates a new list
tests/server: run checksrc by default in debug-builds
tests: fix -Wcast-qual warnings
runtests.pl: simplify the datacheck read section
curl: remove --environment and tool_writeenv.c
buildconf: fix hang on IRIX
tftp: silence bad-function-cast warning
asyn-thread: fix unused macro warnings
tool_parsecfg: fix -Wcast-qual warning
sendrecv: fix MinGW-w64 warning
test537: use correct variable type
rand: treat fake entropy the same regardless of endianness
curl: generate the --help output
tests: removed redundant --trace-ascii arguments
multi: assign IDs to all timers and make each timer singleton
multi: use a fixed array of timers instead of malloc
mbedtls: Support server renegotiation request
pipeline: fix mistakenly trying to pipeline POSTs
lib510: don't write past the end of the buffer if it's too small
CURLOPT_HTTPPROXYTUNNEL.3: clarify, add example
SecureTransport/DarwinSSL: Implement public key pinning
curl.1: clarify --config
curl_sasl: fix build error with CURL_DISABLE_CRYPTO_AUTH + USE_NTLM
darwinssl: Fix exception when processing a client-side certificate
curl.1: mention --oauth2-bearer's argument
mkhelp.pl: do not add current time into curl binary
asiohiper.cpp / evhiperfifo.c: deal with negative timerfunction input
ssh: fix memory leak in disconnect due to timeout
tests: stabilize test 1034
cmake: auto detection of CURL_CA_BUNDLE/CURL_CA_PATH
assert: avoid, use DEBUGASSERT instead
LDAP: using ldap_bind_s on Windows with methods
redirect: store the "would redirect to" URL when max redirs is reached
winbuild: fix the nghttp2 build
examples: fix -Wimplicit-fallthrough warnings
time: fix type conversions and compiler warnings
mbedtls: fix variable shadow warning
test557: fix ubsan runtime error due to int left shift
transfer: init the infilesize from the postfields
docs: clarify NO_PROXY further
build-wolfssl: Sync config with wolfSSL 3.11
curl-compilers.m4: enable -Wshift-sign-overflow for clang
example/externalsocket.c: make it use CLOSESOCKETFUNCTION too
lib574.c: use correct callback proto
lib583: fix compiler warning
curl-compilers.m4: fix compiler_num for clang
typecheck-gcc.h: separate getinfo slist checks from other pointers
typecheck-gcc.h: check CURLINFO_TLS_SSL_PTR and CURLINFO_TLS_SESSION
typecheck-gcc.h: check CURLINFO_CERTINFO
build: provide easy code coverage measuring
test1537: dedicated tests of the URL (un)escape API calls
curl_endian: remove unused functions
test1538: verify the libcurl strerror API calls
MD(4|5): silence cast-align clang warning
dedotdot: fixed output for ".." and "." only input
cyassl: define build macros before including ssl.h
updatemanpages.pl: error out on too old git version
curl_sasl: fix unused-variable warning
x509asn1: fix implicit-fallthrough warning with GCC 7
libtest: fix implicit-fallthrough warnings with GCC 7
BINDINGS: add Ring binding
curl_ntlm_core: pass unsigned char to toupper
test1262: verify ftp download with -z for "if older than this"
test1521: test all curl_easy_setopt options
typecheck-gcc: allow CURLOPT_STDERR to be NULL too
metalink: remove unused printf() argument
file: make speedcheck use current time for checks
configure: fix link with librtmp when specifying path
examples/multi-uv.c: fix deprecated symbol
cmake: Fix inconsistency regarding mbed TLS include directory
setopt: check CURLOPT_ADDRESS_SCOPE option range
gitignore: ignore all vim swap files
urlglob: fix division by zero
libressl: OCSP and intermediate certs workaround no longer needed
Features
- Implement trailing commas in parameters and arguments
- Implement unary slash expressions
Fixes
- Fix Attribute Selector equal compare operator
- Fix segfault for varargs with non-string keys
- Fix Element Selector compare operators
- Fix compiler issue with spec regression on NetBSD 6.1
- Fix some segfaults caused by the parser being too forgiving
- Fix segfault with invalid map keys
- Fix null pointer dereference in css_error
- Fix bug when parsing selector schemas
- Fix null pointer dereference in parse_selector_schema
- Fix segfault when extending pseudo selectors failed
- Fix parser for urls looking like ruleset selectors
- Error for trailing rulesets comma
- Improve selector and binominal look ahead
- Improve hex escape handling in interpolation
- Fix wrong parsing of calc functions as number units
- Skip comment evaluation for compressed output
- Improve parent selector handling in selector schema
- Improve parameter vararg and keyword handling
- Hotfix to avoid invalid nested :not selectors
- Fix a few minor memory leaks
Released on May 16 2017
- Fix a bug in `safe_join` on Windows.
Version 0.12.1
Bugfix release, released on March 31st 2017
- Prevent `flask run` from showing a NoAppException when an ImportError occurs
within the imported application module.
- Fix encoding behavior of ``app.config.from_pyfile`` for Python 3.
- Call `ctx.auto_pop` with the exception object instead of `None`, in the
event that a `BaseException` such as `KeyboardInterrupt` is raised in a
request handler.
3.2.9 (2017-05-09)
------------------
New features
- [core] email alarms now have pretty formatting (#805)
Enhancements
- [core] improved event invitation for all day events (#4145)
- [web] improved interface refresh time with external IMAP accounts
- [eas] added photo support for GAL search operations
Bug fixes
- [web] fixed attachment path when inside multiple body parts
- [web] fixed email reminder with attendees (#4115)
- [web] prevented form to be marked dirty when changing password (#4138)
- [web] restored support for SOGoLDAPContactInfoAttribute
- [web] avoid duplicated email addresses in LDAP-based addressbook (#4129)
- [web] fixed mail delegation of pristine user accounts (#4160)
- [core] cherry-picked comma escaping fix from v2 (#3296)
- [core] fix sogo-tool restore potentially crashing on corrupted data (#4048)
- [core] handle properly mails using windows-1255 charset (#4124)
- [core] fixed email reminders sent multiple times (#4100)
- [core] fixed LDIF to vCard conversion for non-handled multi-value attributes (#4086)
- [core] properly honor the "include in freebusy" setting (#3354)
- [core] make sure to use crypt scheme when encoding md5/sha256/sha512 (#4137)
- [eas] set reply/forwarded flags when ReplaceMime is set (#4133)
- [eas] remove alarms over EAS if we don't want them (#4059)
- [eas] correctly set RSVP on event invitations
- [eas] avoid sending IMIP request/update messages for all EAS clients (#4022)
3.2.8 (2017-03-24)
------------------
New features
- [core] new sogo-tool manage-acl command to manage calendar/address book ACLs
Enhancements
- [web] constrain event/task reminder to a positive number
- [web] display year in day and week views
- [web] split string on comma and semicolon when pasting multiple addresses (#4097)
- [web] restrict Draft/Sent/Trash/Junk mailboxes to the top level
- [web] animations are automatically disabled under IE11
- [web] updated Angular Material to version 1.1.3
Bug fixes
- [core] handle broken CalDAV clients sending bogus SENT-BY (#3992)
- [core] fixed handling of exdates and proper intersection for fbinfo (#4051)
- [core] remove attendees that have the same identity as the organizer (#3905)
- [web] fixed ACL editor in admin module for Safari (#4036)
- [web] fixed function call when removing contact category (#4039)
- [web] localized mailbox names everywhere (#4040, #4041)
- [web] hide fab button when printing (#4038)
- [web] SOGoCalendarWeekdays must now be defined before saving preferences
- [web] fixed CAS session timeout handling during XHR requests (#1456)
- [web] exposed default value of SOGoMailAutoSave (#4053)
- [web] exposed default value of SOGoMailAddOutgoingAddresses (#4064)
- [web] fixed handling of contact organizations (#4028)
- [web] fixed handling of attachments in mail editor (#4058, #4063)
- [web] fixed saving draft outside Mail module (#4071)
- [web] fixed SCAYT automatic language selection in HTML editor
- [web] fixed task sorting on multiple categories
- [web] fixed sanitisation of flags in Sieve filters (#4087)
- [web] fixed missing CC or BCC when specified before sending message (#3944)
- [web] enabled Save button after deleting attributes from a card (#4095)
- [web] don't show Copy To and Move To menu options when user has a single address book
- [web] fixed display of category colors in events and tasks lists
- [eas] fixed opacity in EAS freebusy (#4033)
3.2.7 (2017-02-14)
------------------
New features
- [core] new sogo-tool checkup command to make sure user's data is sane
Enhancements
- [web] added Hebrew (he) translation - thanks to Raz Aidlitz
Bug fixes
- [core] generalized the bcc handling code
- [web] saving the preferences was not possible when Mail module is disabled
- [web] ignore mouse events in scrollbars of Month view (#3990)
- [web] fixed public URL with special characters (#3993)
- [web] keep the fab button visible when the center list is hidden
- [web] localized mail, phone, url and address types (#4030)
- [eas] improved EAS parameters parsing (#4003)
- [eas] properly handle canceled appointments
3.2.6a (2017-01-26)
-------------------
Bug fixes
- [core] fixed "include in freebusy" (reverts #3354)
- [web] improved ACLs handling of inactive users
3.2.6 (2017-01-23)
------------------
Enhancements
- [web] show locale codes beside language names in Preferences module
- [web] fixed visual glitches in Month view with Firefox
- [web] mail editor can now be expanded horizontally and automatically expands vertically
- [web] compose a new message inline or in a popup window
- [web] allow to select multiple files when uploading attachments (#3999)
- [web] use "date" extension of Sieve to enable/disable vacation auto-reply (#1530, #1949)
- [web] updated Angular to version 1.6.1
- [web] updated CKEditor to version 4.6.2
Bug fixes
- [core] remove all alarms before sending IMIP replies (#3925)
- [web] fixed rendering of forwared HTML message with inline images (#3981)
- [web] fixed pasting images in CKEditor using Chrome (#3986)
- [eas] make sure we trigger a download of service-side changed events
- [eas] now strip attendees with no email during MeetingResponse calls
Changes to GoAccess 1.2 - Tuesday, March 07, 2017
- Added a Dockerfile.
- Added Amazon S3 bucket name as a VirtualHost (server block).
- Added a replacement for GNU getline() to dynamically expand line buffer
while maintaining real-time output.
- Added --daemonize command line option to run GoAccess as daemon.
- Added several improvements to the HTML report on small-screen devices.
- Added option to the HTML report to auto-hide tables on small-screen
devices.
- Added --process-and-exit command line option to parse log and exit.
- Added several feed readers to the list of browsers.
- Added "-" single dash per convention to read from the standard input.
- Added support for MaxMind GeoIP2.
- Added the ability to read and follow from a pipe such as
"tail -f access.log | goaccess -"
- Added the ability to specify multiple logs as input sources, e.g.:
"goaccess access.log access.log.1" while maintaining real-time output.
- Added time unit (seconds) to the processed time label in the HTML/terminal
output.
- Added visitors' percent column to the terminal dashboard.
- Changed D3 charts to dim Y-axis on mouseover.
- Changed D3 charts to reflect HTML column sort.
- Changed D3 charts to render only if within the viewport. This improves the
overall real-time HTML performance.
- Changed HTML report tables to render only if within the viewport.
- Changed percentage calculation to be based on the total within each panel.
- Ensure start/end dates are updated real-time in the HTML output.
- Ensure "window.location.hostname" is used as the default WS server host.
In most cases, this should avoid the need for specifying "--ws-url=host".
Simply using "--real-time-html" should suffice.
- Fixed issue on HTML report to avoid outputting scientific notation for all
byte sizes.
- Fixed integer overflow when calculating bar graph length on terminal
output.
- Fixed issue where global config file would override command line arguments.
- Fixed issue where it wouldn't allow loading from disk without specifying a
file when executed from the cron.
- Fixed issue where parser couldn't read some X-Forwarded-For (XFF) formats.
Note that this breaks compatibility with the original implementation of
parsing XFF, but at the same time it gives much more flexibility on different
formats.
- Fixed issue where specifying fifo-in/out wouldn't allow HTML real-time
output.
- Fixed issue where the wrong number of parsed lines upon erroring out was
displayed.
- Fixed issue where the WebSocket server prevented to establish a connection
with a client due to invalid UTF-8 sequences.
- Fixed percent issue when calculating visitors field.
- Updated the list of crawlers.
* pkgsrc chagnge: depends on ruby-rack14 instead of ruby-rack16.
# Version 2.14.2
Release date: 2017-06-09
### Fixed
* Workaround for system modals when using headless Chrome now works if the
page changes
# Version 2.14.1
Release date: 2017-06-07
### Fixed
* Catch correct error when unexpected system modals are discovered in latest
selenium [Thomas Walpole]
* Update default `puma` server registration to encourage it to run in single
mode [Thomas Walpole]
* Suppress invalid element errors raised while lazily evaluating the results
of `all` [Thomas Walpole]
* Added missing `with_selected` option to the :select selector to match
`options`/`with_options` options - Issue #1865 [Bartosz Nowak]
* Workaround broken system modals when using selenium with headless Chrome
pkgsrc changes:
- remove a pkgsrc patch for ruby-gnome2-gtk that seems fixed in upstream
- ignore native-package-installer dependency checks
in ruby-gnome2-clutter-gstreamer and ruby-gnome2-webkit-gtk
Upstream changes:
(from https://github.com/ruby-gnome2/ruby-gnome2/blob/3.1.6/NEWS)
== Ruby-GNOME2 3.1.6: 2017-06-03
=== Changes
This is a bug fix release for Windows packages.
==== All
* Fixes
* Added a missing path existence check on Windows.
== Ruby-GNOME2 3.1.5: 2017-06-03
=== Changes
This is a bug fix release for Windows packages.
==== All
* Improvements
* Supported RubyInstaller2.
==== Ruby/Pango
* Improvements
* Add backward compatibility APIs:
* (({Pango::FontDescription::WEIGHT_*}))
* (({Pango::FontDescription::STYLE_*}))
== Ruby-GNOME2 3.1.4: 2017-05-30
=== Changes
This is a release that supports Ruby 2.4 on Windows.
==== All
* Improvements
* Supported MSYS2.
==== Ruby/GLib2
* Improvements
* Added (({GLib::Object#floating?})) for debugging.
==== Ruby/GIO2
* Improvements
* Added (({Gio::File.open})). The followings are deprecated.
* (({Gio::File.commandline_arg}))
* (({Gio::File.path}))
* (({Gio::File.uri}))
==== Ruby/GObjectIntrospection
* Improvements
* Relaxed expected test result for 32bit environment.
[GitHub#1026][Reported by Mamoru TASAKA]
* Added tests for (({GObjectIntrospection::ConstantInfo})).
[GitHub#1027][Patch by cedlemo]
* Supported floating "transfer full" GObject.
==== Ruby/GDK3
* Improvements
* Supported (({Cairo::Surface#to_pixbuf(options={})})).
(({Cairo::Surface#to_pixbuf(src_x, src_y, width, height)})) is
deprecated.
==== Ruby/Rsvg2
* Improvements
* Migrated to GObject Introspection bindings.
* Renamed to (({Rsvg})) from (({RSVG})). (({RSVG})) is still
usable but it's deprecated.
[GitHub#1030][Patch by cedlemo]
* Supported (({Cairo::Context#render_rsvg_handle(handle, :id =>
...)})).
==== Ruby/WebKit2GTK
* Improvements
* (({WebKit3Gtk::WebView#initialize})): Supported (({Hash}))
options.
[GitHub#1028][Patch by Matijs van Zuijlen]
=== Thanks
* Mamoru TASAKA
* cedlemo
* Matijs van Zuijlen
== Ruby-GNOME2 3.1.3: 2017-04-27
=== Changes
This is a release that improve backward compatibility for Ruby/Pango.
==== Ruby/Pango
* Improvements
* Defined constants under (({Pango})) again for backward compatibility.
[GitHub#1022][Reported by Andy Meneely]
* Defined constants under (({Pango::Layout})) again for backward
compatibility.
[GitHub#1022][Reported by Andy Meneely]
* (({Pango.pixels})): Added again.
* (({Pango::AttrShape#data})): Supported again.
* Fixes
* (({Pango::Layout#text=})): Fixed a bug that wrong bytesize is
used for multibyte string.
* (({Pango::Layout#markup=})): Fixed a bug that wrong bytesize
is used for multibyte string.
=== Thanks
* Andy Meneely
== Ruby-GNOME2 3.1.2: 2017-04-26
There is an incompatible change. (({GBytes})) to (({String}))
conversion is changed to (({GBytes})) to (({GLib::Bytes}))
conversion. You can get (({String})) by (({GLib::Bytes#to_s})).
Other incompatible changes are bugs. Please report them to us.
=== Changes
==== All
* Improvements
* Supported auto depended package install for GObject
Introspection based bindings.
==== Ruby/GLib2
* Improvements
* Supported overriding (({alloc_func})) in super class.
* Extracted native package installer code as
native-package-installer gem.
* (({GLib::Bytes})): Added.
* Supported pkg-config 1.1.9 or later.
* Fixes
* Fixed a build error on CentOS 6 and Ubuntu 12.04. They use
GLib < 2.34.
[GitHub#1012][Reported by Scot]
* Fixed a bug that (({GLib::TypePlugin})) can't be included.
[GitHub#1019][Patch by Matijs van Zuijlen]
==== Ruby/GIO2
* Fixes
* Fixed a path in test. [GitHub#990][Reported by Mamoru TASAKA]
==== Ruby/GObjectIntrospection
* Improvements
* Supported getting interface, union and boxed type as a field value.
* Supported setting an interface as a field.
* Supported more struct types.
* Supported cairo-gobject types.
* Supported outputting an array of interfaces.
[GitHub#1006][Reported by cedlemo]
* Supported Rubyish method name conversion for (({list_XXX}))
methods that return an array.
* Supported customizing field reader method name.
* Supported auto (({int})) to boolean conversion for field value.
* (({GObjectIntrospection::Repository.default})): Added a GC guard.
* Supported inputting (({unichar})).
* Supported inputting (({gint64})) C array.
* Supported inputting (({gint8})) C array.
* Added tests for (({GObjectIntrospection::UnionInfo})).
[GitHub#1016][Patch by cedlemo]
* Stopped auto (({GBytes})) to (({String}))
conversion. (({GBytes})) is converted to (({GLib::Bytes})). It's
for efficient byte sequence handling in Ruby. It's
an incompatible change. You can use (({GLib::Bytes#to_s})) to
get (({String})).
* Fixes
* (({GObjectIntrospection::RepositoryError})): Fixed parent class.
* Fixed a typo. [GitHub#1002][Reported by cedlemo]
==== Ruby/ATK
* Improvements
* Migrated to GObject Introspection bindings.
[GitHub#998][Patch by cedlemo]
==== Ruby/CairoGObject
* Fixes
* Fixed a double free bug.
==== Ruby/Pango
* Improvements
* Migrated to GObject Introspection bindings.
[GitHub#1007][GitHub#1008][GitHub#1009][GitHub#1010]
[GitHub#1011][Patch by cedlemo]
[GitHub#1013][GitHub#1014][Patch by Detlef Wagner]
==== Ruby/GdkPixbuf2
* Improvements
* Supported GdkPixbuf 2.31.6 on CentOS 7 again.
==== Ruby/GDK3
* Improvements
* (({Gdk::Event})) and subclasses: Supported again.
* Supported old GDK 3 again.
* Supported X11 related features.
[GitHub#999][Reported by johnlane]
==== Ruby/GTK3
* Improvements
* (({Gtk::Widget#click})): Added.
* (({Gtk::Widget#send_key})): Added.
* (({Gtk::Widget#wait_for_draw})): Added.
* (({Gtk::WiAccelGroup.activate})): Added.
* Updated samples.
[GitHub#1002][GitHub#1003]
[Patch by cedlemo]
* (({Gtk::IconTheme#choose_icon})): Changed the default flags to
(({0})) from (({:generic_fallback})).
* (({Gtk::IconTheme#lookup_icon})): Changed the default flags to
(({0})) from (({:generic_fallback})).
* Supported GTK+ < 3.20 again.
* Fixes
* Updated signal name in document.
[GitHub#995][Patch by Arnaud Meuret]
==== Ruby/ClutterGdk
* Fixes
* Ensured initializing GDK.
[GitHub#1000][Reported by cedlemo]
==== Ruby/GOffice
* Improvements
* (({GOffice::Version})): Added.
=== Thanks
* Mamoru TASAKA
* Arnaud Meuret
* cedlemo
* johnlane
* Scot
* Detlef Wagner
* Matijs van Zuijlen
Port to, and require, SpiderMonkey 38.
Fix "NetworkManager plugin not being built"
Fix "networkmanager plugin not working
Fix "Invalid read after free"
Fix intermittent unit test failures.
3.4.24 (18 May 2017)
* Elements without a namespace (such as div) are no longer unified with
elements with the empty namespace (such as |div). This unification didn't
match the results returned by is-superselector(), and was not guaranteed to
be valid.
=== raindrops 0.18.0 / 2017-03-23 02:44 UTC
The most notable feature of this release is the addition of
FreeBSD and OpenBSD TCP_INFO support. This includes the
Raindrops::TCP for portably mapping TCP state names to
platform-dependent numeric values:
https://bogomips.org/raindrops/Raindrops.html#TCP
Thanks to Jeremy Evans and Simon Eskildsen on the
unicorn-public@bogomips.org mailing list for inspiring
these changes to raindrops.
There's also a few internal cleanups, and documentation
improvements, including some fixes to the largely-forgotten
Raindrops::Aggreage::PMQ class:
https://bogomips.org/raindrops/Raindrops/Aggregate/PMQ.html
20 changes since 0.17.0:
test_inet_diag_socket: fix Fixnum deprecation warning
TODO: add item for IPv6 breakage
ext: fix documentation for C ext-defined classes
TCP_Info: custom documentation for #get!
TypedData C-API conversion
test_watcher: disable test correctly when aggregate is missing
tcp_info: support this struct under FreeBSD
define Raindrops::TCP hash for TCP states
linux_inet_diag: reduce stack usage and simplify
avoid reading errno repeatedly
aggregate/pmq: avoid false sharing of lock buffers
aggregate/pmq: remove io-extra requirement
aggregate/pmq: avoid File#stat allocation
Merge remote-tracking branch 'origin/freebsd'
Merge remote-tracking branch 'origin/aggregate-pmq'
doc: remove private email support address
doc: update location of TCP_INFO-related stuff
build: avoid olddoc for building the RubyGem
doc: document Raindrops::TCP hash
aggregate/pmq: update version numbers for Ruby and Linux
* Switch to standard-editon to managed-edition since official distfile
is managed-edition for now.
* The bugfix release fixes an incompatibility with Symfony 3.3.
0.14.1.1 (2017-05-16)
* Fix unexpected Tilt behavior
0.14.1 (2017-05-16)
* FIX syntax error in ActiveRecord tasks (@sue445)
* NEW use hamlit if available in Gemfile
0.14.0.2 (2017-05-08)
* FIX#2132 use Sinatra2 IndifferentHash if available
## 2.0.0 / 2017-04-10
* Use Mustermann for patterns #1086 by Konstantin Haase
* Server now provides `-q` flag for quiet mode, which disables start/stop messages #1153 by Vasiliy.
* Session middleware can now be specified with `:session_store` setting #1161 by Jordan Owens.
* `APP_ENV` is now preferred and recommended over `RACK_ENV` for setting environment #984 by Damien Mathieu.
* Add Reel support #793 by Patricio Mac Adden.
* Make route params available during error handling #895 by Jeremy Evans.
* Unify `not_found` and `error` 404 behavior #896 by Jeremy Evans.
* Enable Ruby 2.3 `frozen_string_literal` feature #1076 by Vladimir Kochnev.
* Add Sinatra::ShowExceptions::TEMPLATE and patched Rack::ShowExceptions to prefer Sinatra template by Zachary Scott.
* Sinatra::Runner is used internally for integration tests #840 by Nick Sutterer.
* Fix case-sensitivity issue in `uri` method #889 by rennex.
* Use `Rack::Utils.status_code` to allow `status` helper to use symbol as well as numeric codes #968 by Tobias H. Michaelsen.
* Improved error handling for invalid params through Rack #1070 by Jordan Owens.
* Ensure template is cached only once #1021 by Patrik Rak.
* Rack middleware is initialized at server runtime rather than after receiving first request #1205 by Itamar Turner-Trauring.
* Improve Session Secret documentation to encourage better security practices #1218 by Glenn Rempe
* Exposed global and per-route options for Mustermann route parsing #1233 by Mike Pastore
* Use same `session_secret` for classic and modular apps in development #1245 by Marcus Stollsteimer
* Make authenticity token length a fixed value of 32 #1181 by Jordan Owens
* Modernize Rack::Protection::ContentSecurityPolicy with CSP Level 2 and 3 Directives #1202 by Glenn Rempe
* Adds preload option to Rack:Protection:StrictTransport #1209 by Ed Robinson
* Improve BadRequest logic. Raise and handle exceptions if status is 400 #1212 by Mike Pastore
* Make Rack::Test a development dependency #1232 by Mike Pastore
* Capture exception messages of raised NotFound and BadRequest #1210 by Mike Pastore
* Add explicit set method to contrib/cookies to override cookie settings #1240 by Andrew Allen
* Avoid executing filters even if prefix matches with other namespace #1253 by namusyaka
* Make `#has_key?` also indifferent in access, can accept String or Symbol #1262 by John Hope
* Add `allow_if` option to bypass json csrf protection #1265 by Jordan Owens
* rack-protection: Bundle StrictTransport, CookieTossing, and CSP #1267 by Mike Pastore
* Add `:strict_paths` option for managing trailing slashes #1273 by namusyaka
* Add full IndifferentHash implementation to params #1279 by Mike Pastore
Welcome to Mustermann. Mustermann is your personal string matching expert.
As an expert in the field of strings and patterns, Mustermann keeps its
runtime dependencies to a minimum and is fully covered with specs and
documentation.
Given a string pattern, Mustermann will turn it into an object that behaves
like a regular expression and has comparable performance characteristics.
No its own changes but here is related changes from Sinatra's changes.
* Modernize Rack::Protection::ContentSecurityPolicy with CSP Level 2 and 3
Directives #1202 by Glenn Rempe
* Adds preload option to Rack:Protection:StrictTransport #1209 by Ed Robinson
* rack-protection: Bundle StrictTransport, CookieTossing, and CSP #1267 by
Mike Pastore
pkgsrc change: depends on ruby-rack16 instead of ruby-rack.
# Version 2.14.0
Release date: 2017-05-01
### Added
* "threadsafe" mode that allows per-session configuration
* `:type` filter added to the `:fillable_field` selector
* Proxy methods when using RSpec for `all`/`within` that call either the
Capybara::DSL or RSpec matchers depending on arguments passed
* Support for the new errors in selenium-webdriver 3.4
### Fixed
* Element#inspect doesn't raise an error on obsolete elements
* Setting a contenteditable element with Selenium and Chrome 59
* Workaround a hang while setting the window size when using geckodriver 0.16
and Firefox 53
* Clicking on url with a blank href goes to the current url when using the
RackTest driver
1.6.8
* prevent exception caused by a race condition on multi-threaded server
like Puma.
* Handle NULL byte in multipart file name.
1.6.7
* Ensure env values are ASCII 8BIT encoded.
1.6.8
* Fix mistake in encoding change.
Django 1.11.2 adds a minor feature and fixes several bugs in 1.11.1. Also, the latest string translations from Transifex are incorporated.
Minor feature:
* The new LiveServerTestCase.port attribute reallows the use case of binding to a specific port following the bind to port zero change in Django 1.11.
Bugfixes:
* Added detection for GDAL 2.1 and 2.0, and removed detection for unsupported versions 1.7 and 1.8.
* Changed contrib.gis to raise ImproperlyConfigured rather than GDALException if gdal isn’t installed, to allow third-party apps to catch that exception.
* Fixed django.utils.http.is_safe_url() crash on invalid IPv6 URLs.
* Fixed regression causing pickling of model fields to crash.
* Fixed django.contrib.auth.authenticate() when multiple authentication backends don’t accept a positional request argument.
* Fixed introspection of index field ordering on PostgreSQL.
* Fixed a regression where Model._state.adding wasn’t set correctly on multi-table inheritance parent models after saving a child model.
* Allowed DjangoJSONEncoder to serialize django.utils.deprecation.CallableBool.
* Relaxed the validation added in Django 1.11 of the fields in the defaults argument of QuerySet.get_or_create() and update_or_create() to reallow settable model properties.
* Fixed MultipleObjectMixin.paginate_queryset() crash on Python 2 if the InvalidPage message contains non-ASCII.
* Prevented Subquery from adding an unnecessary CAST which resulted in invalid SQL.
* Corrected detection of GDAL 2.1 on Windows.
* Made date-based generic views return a 404 rather than crash when given an out of range date.
* Fixed a regression where file_move_safe() crashed when moving files to a CIFS mount.
* Moved the ImageField file extension validation added in Django 1.11 from the model field to the form field to reallow the use case of storing images without an extension
--------------
- Fix regression: Pull request ``892`` prevented Werkzeug from correctly
logging the IP of a remote client behind a reverse proxy, even when using
`ProxyFix`.
- Fix a bug in `safe_join` on Windows.
Insufficient redirect validation in the HTTP class. Reported by Ronni
Skansing.
Improper handling of post meta data values in the XML-RPC API. Reported by
Sam Thomas.
Lack of capability checks for post meta data in the XML-RPC API. Reported
by Ben Bidner of the WordPress Security Team.
A Cross Site Request Forgery (CSRF) vulnerability was discovered in the
filesystem credentials dialog. Reported by Yorick Koster.
A cross-site scripting (XSS) vulnerability was discovered when attempting
to upload very large files. Reported by Ronni Skansing.
A cross-site scripting (XSS) vulnerability was discovered related to the
Customizer. Reported by Weston Ruter of the WordPress Security Team.
2.97 Thu May 18 2017
- Change internal module name HTML::Template::DEFAULT to
HTML::Template::DEF to avoid conflict with
HTML::Template::Default. [Sam Tregar]
2.96 Thu May 18 2017
- Fixed typos in documentation [David Steinbrunner, Steve Kemp]
- Added CGI.pm as a dependency, needed now that it's no longer in core.
[Martin McGrath, Steve Bertrand]
pkgsrc change:
* Now support php71 using security/php-pecl-mcrypt package.
5.7.5.7 April 28th, 2016
New Features
* Nice column view for thumbnail image browsing (Thanks MrKarlDilkington)
* Added Max Width as an option to the Image Slider block (thanks cryophallion)
* Added configuration option concrete.misc.require_version_comments (defaulted
off) to enable the requiring of version comments (thanks mlocati)
Other improvements and bug fixes are too many to write here, please refer release note: https://documentation.concrete5.org/developers/background/version-history/5757-release-notes.
5.7.5.8 May 23, 2016
* German, Japanese and Russian languages are now included
* Image Slider Bug Fixes
* Using blank alt tags in Image Slider, Image and Content blocks if no alt is
provided, rather than the HtmlObject default ¡È#¡É ones.
5.7.5.9 July 25, 2016
New Features
* Rescan files through the file manager now scans 5 at a time, works through
the queue.
* Added option to ignore page permissions to the Page List block
* Dutch language is now included (Thank you Ramonleenders)
Other improvements and bug fixes are too many to write here, please refer release note: https://documentation.concrete5.org/developers/background/version-history/5759-release-notes.
5.7.5.10 December 1, 2016
* Minor bug fixes
* Fixed insecure use of non-random str_shuffle when creating user tokens
* Improvements to update process for version 8.
5.7.5.11 December 7, 2016
Bug Fixes
* Works again properly on PHP 5.3.
* Fixed bug that made upgrading impossible on PHP < 5.5.9.
* Fixed page not found error when clicking on a topic list to filter the page
list in the blog.
* Controller bug fixes and security updates.
5.7.5.12
Bug Fixes
* Fixed bug with Environment Information not working on PHP below 5.4.
5.7.5.13 December 16, 2016
Bug Fixes
* Once again, Environment Information is now available in the Dashboard.
libnghttp2
Previously, if libnghttp2 received an invalid header field, it is just ignored, and is treated like it was never happened. This release changes this behaviour, and now libnghttp2 treats an incoming invalid header field as error, and resets the stream with PROTOCOL_ERROR.
nghttp2_on_invalid_frame_callback is now called if validation of altsvc header field fails.
nghttpx
nghttpx now verifies that OCSP response received from a program specified by --fetch-ocsp-response-file. The validation can be turned off by using --no-verify-ocsp option. In this validation, it makes sure that the OCSP response is targeted to the expected certificate. This is important because we pass the file path to the external program (see --fetch-ocsp-response-file), and if the file is replaced because of renewal, and nghttpx has not reloaded its configuration, the certificate nghttpx has loaded and the one included in the file differ. Verifying the OCSP response detects this, and avoids to send wrong OCSP response.
mod_auth_mellon is a authentication module for Apache. It authenticates
the user against a SAML 2.0 IdP, and grants access to directories
depending on attributes received from the IdP.
Changelog:
Fixed
Fix excessive resource usage from the captive portal detection service (bug 1359697)
FIx hangs when using a proxy with NTLM authentication (bug 1360574)
Changed
Bump preloaded security information expiration times (bug 1364240)
Changelog:
Tomcat 8.5.15 (markt)
General
Add: Allow to exclude JUnit test classes using the build property test.exclude and document the property in BUILDING.txt. (rjung)
Catalina
Fix: Review those places where Tomcat re-encodes a URI or URI component and ensure that that correct encoding (path differs from query string) is applied and that the encoding is applied consistently. (markt)
Fix: Avoid a NullPointerException when reading attributes for a initialised HTTP connector where TLS is enabled. (markt)
Fix: Always quote the hostName of an SSLHostConfig element when using it as part of the JMX object name to avoid errors that prevent the associated TLS connector from starting if a wild card hostName is configured (because * is a reserved character for JMX object names). (markt)
Code: Start to switch to using Charset rather than String to store encoding configuration settings to reduce the number of places the associated Charset needs to be looked up. (markt)
Fix: Use a more reliable mechanism for the DefaultServlet when determining if the current request is for custom error page or not. (markt)
Fix: Ensure that when the Default or WebDAV servlets process an error dispatch that the error resource is processed via the doGet() method irrespective of the method used for the original request that triggered the error. (markt)
Fix: If a static custom error page is specified that does not exist or cannot be read, ensure that the intended error status is returned rather than a 404 or 403. (markt)
Fix: When the WebDAV servlet is configured and an error dispatch is made to a custom error page located below WEB-INF, ensure that the target error page is displayed rather than a 404 response. (markt)
Add: 61047: Add MIME mapping for woff2 fonts in the default web.xml. Patch provided by Justin Williamson. (violetagg)
Fix: Correct the logic that selects the encoding to use to decode the query string in the SSIServletExternalResolver so that the useBodyEncodingForURI attribute of the Connector is correctly taken into account. (markt)
Fix: Within the Expires filter, make the content type value specified with the ExpiresByType parameter, case insensitive. (markt)
Coyote
Fix: When a TrustManager is configured that does not support certificateVerificationDepth only log a warning about that lack of support when certificateVerificationDepth has been explicitly set. (markt)
Fix: 60970: Extend the fix for large headers to push requests. (markt)
Fix: Do not include a Date header in HTTP/2 responses with status codes less than 200. (markt)
Jasper
Fix: When no BOM is present and an encoding is detected, do not skip the bytes used to detect the encoding since they are not part of a BOM. (markt)
Update: 61057: Update to Eclipse JDT Compiler 4.6.3. (violetagg)
Fix: 61065: Ensure that once the class is resolved by javax.el.ImportHandler#resolveClass it will be cached with the proper name. (violetagg)
WebSocket
Fix: 61003: Ensure the flags for reading/writing in o.a.t.websocket.AsyncChannelWrapperSecure are correctly reset even if some exceptions occurred during processing. (markt/violetagg)
Web Applications
Add: Add documents for maxIdleTime attribute to Channel Receiver docs. (kfujino)
Other
Add: Modify the Ant build script used to publish to a Maven repository so that it no longer requires artifacts to be GPG signed. This is make it possible for the CI system to upload snapshot builds to the ASF Maven repository. (markt)
Code: Review i18n property files, remove unnecessary escaping and consistently use [...] to delimit inserted values. (markt)
release in progress Tomcat 8.5.14 (markt)
Catalina
Fix: 59825: Log a message that lists the components in the processing chain that do not support async processing when a call to ServletRequest.startAsync() fails. (markt)
Fix: 60926: Ensure o.a.c.core.ApplicationContextFacade#setSessionTimeout will invoke the correct method when running Tomcat with security manager. (markt)
Update: Update the early access Servlet 4.0 API implementation to reflect the change in method name from getPushBuilder() to newPushBuilder(). (markt)
Fix: Correct a regression in the X to comma refactoring that broke JMX operations that take parameters. (markt)
Fix: Avoid a NullPointerException when reading attributes for a running HTTP connector where TLS is not enabled. (markt)
Fix: 60940: Improve the handling of the META-INF/ and META-INF/MANIFEST.MF entries for Jar files located in /WEB-INF/lib when running a web application from a packed WAR file. (markt)
Fix: Pre-load the ExceptionUtils class. Since the class is used extensively in error handling, it is prudent to pre-load it to avoid any failure to load this class masking the true problem during error handling. (markt)
Fix: Avoid potential NullPointerExceptions related to access logging during shutdown, some of which have been observed when running the unit tests. (markt)
Fix: When there is no javax.servlet.WriteListener registered then a call to javax.servlet.ServletOutputStream#isReady will return false instead of throwing IllegalStateException. (violetagg)
Fix: When there is no javax.servlet.ReadListener registered then a call to javax.servlet.ServletInputStream#isReady will return false instead of throwing IllegalStateException. (violetagg)
Coyote
Fix: Align cipher configuration parsing with current OpenSSL master. (markt)
Fix: 60970: Fix infinite loop if application tries to write a large header to the response when using HTTP/2. (markt)
Jasper
Fix: 60925: Improve the handling of access to properties defined by interfaces when a BeanELResolver is used under a SecurityManager. (markt)
jdbc-pool
Code: Refactor the creating a constructor for a proxy class to reduce duplicate code. (kfujino)
Fix: In StatementFacade, the method call on the statements that have been closed throw SQLException rather than NullPointerException. (kfujino)
Other
Fix: Correct comments about Java 8 in Jre8Compat. Patch provided by fibbers via Github. (violetagg)
Fix: 60932: Correctly escape single quotes when used in i18n messages. Based on a patch by Michael Osipov. (markt)
Fix: Update the custom Ant task that integrates with the Symantec code signing service to use the now mandatory 2-factor authentication. (markt)
Changelog:
Tomcat 8.0.44 (violetagg)
General
Add: Allow to exclude JUnit test classes using the build property test.exclude and document the property in BUILDING.txt. (rjung)
Catalina
Fix: 60940: Improve the handling of the META-INF/ and META-INF/MANIFEST.MF entries for Jar files located in /WEB-INF/lib when running a web application from a packed WAR file. (markt)
Fix: Pre-load the ExceptionUtils class. Since the class is used extensively in error handling, it is prudent to pre-load it to avoid any failure to load this class masking the true problem during error handling. (markt)
Fix: Review those places where Tomcat re-encodes a URI or URI component and ensure that that correct encoding (path differs from query string) is applied and that the encoding is applied consistently. (markt)
Fix: Use a more reliable mechanism for the DefaultServlet when determining if the current request is for custom error page or not. (markt)
Fix: Ensure that when the Default or WebDAV servlets process an error dispatch that the error resource is processed via the doGet() method irrespective of the method used for the original request that triggered the error. (markt)
Fix: If a static custom error page is specified that does not exist or cannot be read, ensure that the intended error status is returned rather than a 404 or 403. (markt)
Fix: When the WebDAV servlet is configured and an error dispatch is made to a custom error page located below WEB-INF, ensure that the target error page is displayed rather than a 404 response. (markt)
Add: 61047: Add MIME mapping for woff2 fonts in the default web.xml. Patch provided by Justin Williamson. (violetagg)
Fix: Correct the logic that selects the encoding to use to decode the query string in the SSIServletExternalResolver so that the useBodyEncodingForURI attribute of the Connector is correctly taken into account. (markt)
Fix: 61072: Respect the documentation statements that allow using the platform default secure random for session id generation. (remm)
Fix: Correct the javadoc for o.a.c.connector.CoyoteAdapter#parseSessionCookiesId. Patch provided by John Andrew (XUZHOUWANG) via Github. (violetagg)
Jasper
Fix: 60925: Improve the handling of access to properties defined by interfaces when a BeanELResolver is used under a SecurityManager. (markt)
Update: 61057: Update to Eclipse JDT Compiler 4.6.3. (violetagg)
Fix: 61065: Ensure that once the class is resolved by javax.el.ImportHandler#resolveClass it will be cached with the proper name. (violetagg)
WebSocket
Fix: 61003: Ensure the flags for reading/writing in o.a.t.websocket.AsyncChannelWrapperSecure are correctly reset even if some exceptions occurred during processing. (markt/violetagg)
Web applications
Add: Document test.threads option in BUILDING.txt. (kkolinko, rjung)
Add: Add documents for maxIdleTime attribute to Channel Receiver docs. (kfujino)
jdbc-pool
Code: Refactor the creating a constructor for a proxy class to reduce duplicate code. (kfujino)
Fix: In StatementFacade, the method call on the statements that have been closed throw SQLException rather than NullPointerException. (kfujino)
Other
Fix: Correct comments about Java 8 in Jre8Compat. Patch provided by fibbers via Github. (violetagg)
Fix: 60932: Correctly escape single quotes when used in i18n messages. Based on a patch by Michael Osipov. (markt)
Fix: Update the custom Ant task that integrates with the Symantec code signing service to use the now mandatory 2-factor authentication. (markt)
Changelog:
Tomcat 7.0.78 (violetagg)
General
add Allow to exclude JUnit test classes using the build property test.exclude and document the property in BUILDING.txt. (rjung)
Catalina
fix Review those places where Tomcat re-encodes a URI or URI component and ensure that that correct encoding (path differs from query string) is applied and that the encoding is applied consistently. (markt)
fix Use a more reliable mechanism for the DefaultServlet when determining if the current request is for custom error page or not. (markt)
fix Ensure that when the Default or WebDAV servlets process an error dispatch that the error resource is processed via the doGet() method irrespective of the method used for the original request that triggered the error. (markt)
fix If a static custom error page is specified that does not exist or cannot be read, ensure that the intended error status is returned rather than a 404. (markt)
fix When the WebDAV servlet is configured and an error dispatch is made to a custom error page located below WEB-INF, ensure that the target error page is displayed rather than a 404 response. (markt)
add 61047: Add MIME mapping for woff2 fonts in the default web.xml. Patch provided by Justin Williamson. (violetagg)
fix Correct the logic that selects the encoding to use to decode the query string in the SSIServletExternalResolver so that the useBodyEncodingForURI attribute of the Connector is correctly taken into account. (markt)
fix 61072: Respect the documentation statements that allow using the platform default secure random for session id generation. (remm)
fix Correct the javadoc for o.a.c.connector.CoyoteAdapter#parseSessionCookiesId. Patch provided by John Andrew (XUZHOUWANG) via Github. (violetagg)
Jasper
fix 60925: Improve the handling of access to properties defined by interfaces when a BeanELResolver is used under a SecurityManager. (markt)
WebSocket
fix 61003: Ensure the flags for reading/writing in o.a.t.websocket.AsyncChannelWrapperSecure are correctly reset even if some exceptions occurred during processing. (markt/violetagg)
Web applications
add Document the property test.excludePerformance in BUILDING.txt. (rjung)
add Add documents for maxIdleTime attribute to Channel Receiver docs. (kfujino)
jdbc-pool
code Refactor the creating a constructor for a proxy class to reduce duplicate code. (kfujino)
fix In StatementFacade, the method call on the statements that have been closed throw SQLException rather than NullPointerException. (kfujino)
Other
fix Correct comments about Java 8 in Jre8Compat. Patch provided by fibbers via Github. (violetagg)
fix 60932: Correctly escape single quotes when used in i18n messages. Based on a patch by Michael Osipov. (markt)
Upstream changes:
Major features
Highlights
MDL-55611 - New Course overview dashboard block featuring timeline of events
MDL-58220 - Make use of OAuth 2 services to allow users to authenticate with Google G-Suite or Microsoft Office accounts and manage files from associated drives
MDL-39913 - New Assignment setting for restricting submission file types
MDL-4782 - "Stealth mode" for resources/activities in a course - not displayed on the course page but available for students
MDL-40759 - New Font Awesome icon font for all icons in Moodle
For teachers
MDL-58138 - Activity completion settings for setting activity completion defaults and bulk editing of completion requirements
MDL-48771 - Quiz activity: Option to delete multiple questions
MDL-53814 - Quiz activity: Question type icons are displayed in the quiz manual grading overview
MDL-55459 - Assignment activity: Annotated PDF comments are collapsible
MDL-23919 - Database activity: The setting "Required entries" is now an activity completion condition
MDL-57769 - Topic and weeks course formats: After a course is created, sections can be added and removed only from the course page (it is no longer possible to have "orphaned" activities)
MDL-46929, MDL-57456, MDL-57457 - Forum posts, glossary entries and book chapters may be tagged
MDL-56251 - For courses in weekly format, a new course setting allows for the course end date to be calculated automatically
MDL-47354 - Allow the page size in the Single view report to be configurable
Backup and restore
MDL-34859 - Add site defaults for all restore settings, improve UI around "Overwrite course configuration" select
MDL-40838 - Allow to restore non-default enrollment methods without restoring users
MDL-57769 - When restoring/importing big courses in Weeks and Topics formats into small existing courses ajust the number of sections automatically
For administrators
Please read carefully: Possible issues that may affect you in Moodle 3.3
MDL-46375 - Support for storing files not on the local drive (there are no open-source solutions at the moment, developer's help is required to implement custom cloud storage)
MDL-55528, MDL-58280 - New document converter plugin type allows alternatives to unoconv, such as the Google Drive converter
MDL-55980 - Run individual scheduled tasks from web interface
MDL-57896 - CLI wrapper for get_config() and set_config() methods
MDL-57789 - Use Cache-Control: immutable when serving files
MDL-37765 - New capability to bypass access restrictions, separated from capability to view hidden activities
MDL-57913 - Convert external database authentication synchronisation to scheduled task
Plugins removal and deprecation
The repository Skydrive is deprecated; please migrate to the newer OneDrive repository
The Dashboard block Course overview is replaced with a new block Course overview which is a different plugin. If you want to use the old block, you need to download and install it from https://moodle.org/plugins/block_course_overview
Mobile app support
MDL-57410 - Allow admins to add new external links to pages in the main menu of the Mobile app
MDL-57408 - Add new settings for allowing renaming strings in the Mobile app
MDL-49423 - Add new settings for disabling Mobile app functionalities
MDL-57759 - Allow offline attempts via the Mobile app in the lesson module
MDL-57162 - Support Native App install banners for Android as well as iOS for the mobile app
Other improvements
MDL-33483 - Google Docs repository: Save Doc files in different formats to RTF
MDL-42266 - Improve the list of maximum file size options for file uploads
MDL-51853 - Calendar subscriptions from imported files should be editable
MDL-41729 - Add ability to change passwords for users using Shibboleth
MDL-57572, MDL-57570, MDL-57355 - Redis and static caches performance improvements if igbinary library is installed
MDL-56808 - SCORM module: Performance improvements when running SCORM 1.2 packages
MDL-57686 - Add support for PDO databases in external database authentication
MDL-57638 - RSS Block: RSS feeds are more heavily cached and correctly respect skip values
For developers
MDL-55528 - New plugin type 'fileconverter' for file conversions, unoconv is now a plugin that can be replaced with scalable commercial solutions (see File Converters)
MDL-40759 - Font Awesome icon font is used for all icons in Moodle (see Moodle icons)
MDL-46375 - Support for storing files not on the local drive is implemented by allowing to override functionality of file_storage and stored_file classes (see File System API)
MDL-12689 - Convert all authentication plugins to use settings.php (see upgrade.txt)
MDL-53978 - Add extra plugin callbacks for every major stage of page render (see commit)
MDL-58138 - Course modules may provide additional callbacks to participate in bulk editing of activities completion rules in a course
MDL-58220 - Better office integration
MDL-45584 - Multiple caches can be instantiated with the same definition but with different identifiers
MDL-57769 - Course formats: Attribute 'numsections' was removed from topics and weeks, other course formats may want to implement similar changes
MDL-55956 - Priority field for the calendar events allowing to specify the priority of overrides
MDL-58566 - New methods for retrieving calendar events
MDL-55941 - New element to select first name of first/last names is implemented in tablelib or can be used by developers elsewhere (template)
MDL-56519 - Lint behat .feature files
MDL-57273 - New classes (core\persistent, core\form\persistent, core\external\exporter, \core\external\persistent_exporter) used to represent a data-model and export that data in a standard format for webservices (previously was used in competencies) (see Persistent form, Persistent, Exporter)
MDL-57490 - Removed several legacy JS functions from javascript-static.js
MDL-57690 - mcore YUI rollup is no longer included on every single Moodle page (see [forum post])
but quite a few handy improvements nonetheless.
Scrapy now supports anonymous FTP sessions with customizable user and
password via the new :setting:`FTP_USER` and :setting:`FTP_PASSWORD` settings.
And if you're using Twisted version 17.1.0 or above, FTP is now available
with Python 3.
There's a new :meth:`response.follow <scrapy.http.TextResponse.follow>` method
for creating requests; **it is now a recommended way to create Requests
in Scrapy spiders**. This method makes it easier to write correct
spiders; ``response.follow`` has several advantages over creating
``scrapy.Request`` objects directly:
* it handles relative URLs;
* it works properly with non-ascii URLs on non-UTF8 pages;
* in addition to absolute and relative URLs it supports Selectors;
for ``<a>`` elements it can also extract their href values.
* Add :meth:`~parsel.selector.SelectorList.get` and :meth:`~parsel.selector.SelectorList.getall`
methods as aliases for :meth:`~parsel.selector.SelectorList.extract_first`
and :meth:`~parsel.selector.SelectorList.extract` respectively
* Add default value parameter to :meth:`~parsel.selector.SelectorList.re_first` method
* Add :meth:`~parsel.selector.Selector.re_first` method to :class:`parsel.selector.Selector` class
* Bug fix: detect ``None`` result from lxml parsing and fallback with an empty document
* Rearrange XML/HTML examples in the selectors usage docs
Tue May 2 18:37:53 CEST 2017
Update manual. -CG
Add MHD_CONNECTION_INFO_REQUEST_HEADER_SIZE.
Releasing GNU libmicrohttpd 0.9.54. -CG
Thu Apr 27 22:31:00 CEST 2017
Replaced flags MHD_USE_PEDANTIC_CHECKS and MHD_USE_PERMISSIVE_CHECKS by
single option MHD_OPTION_STRICT_FOR_CLIENT. Flag MHD_USE_PEDANTIC_CHECKS
is still supported. -EG
Tue Apr 26 15:11:00 CEST 2017
Fixed shift in HTTP reasons strings.
Added test for HTTP reasons strings. -EG
Tue Apr 25 19:11:00 CEST 2017
Allow flag MHD_USE_POLL with MHD_USE_THREAD_PER_CONNECTION and without
flag MHD_USE_INTERNAL_POLLING_THREAD for backward compatibility. -EG
Mon Apr 24 17:29:45 CEST 2017
Enforce RFC 7230's rule on no whitespace by default,
introduce new MHD_USE_PERMISSIVE_CHECKS to disable. -CG
Sun Apr 23 20:05:44 CEST 2017
Enforce RFC 7230's rule on no whitespace in HTTP header
field names if MHD_USE_PEDANTIC_CHECKS is set. -CG
Sun Apr 23 19:20:33 CEST 2017
Replace remaining occurences of sprintf() with
MHD_snprintf_(). Thanks to Ram for pointing this out. -CG
Sat Apr 22 20:39:00 MSK 2017
Fixed builds in Linux without epoll.
Check for invalid --with-thread= configure parameters.
Fixed support for old libgcrypt on W32 with W32 threads. -EG
alsa is not supported upstream, and checks for failures by calling assert,
which means the default setup crashes whenever audio is played.
bump pkgrevision
