Ruby 2.6.9 Released
Posted by usa on 24 Nov 2021
Ruby 2.6.9 has been released.
This release includes security fixes. Please check the topics below for
details.
* CVE-2021-41817: Regular Expression Denial of Service Vulnerability of Date
Parsing Methods
* CVE-2021-41819: Cookie Prefix Spoofing in CGI::Cookie.parse See the commit
logs for details.
Ruby 2.6 is now under the state of the security maintenance phase, until the
end of March of 2022. After that date, maintenance of Ruby 2.6 will be
ended. We recommend you start planning the migration to newer versions of
Ruby, such as 3.0 or 2.7.
Linux compatibility package based on the openSUSE Linux distribution.
Please visit http://www.opensuse.org/ for more information about openSUSE
Linux.
This package supports running ELF binaries linked with glibc2 that
require GTK+-3.x shared libraries.
Changes:
WebKitGTK 2.34.2
================
- Fix scrolling issues when pressing Home and PgDown keys.
- Update effective appearance after web process switch on navigation.
- Fix the build with video disabled.
Changelog:
10.4.0: November 16, 2021
+ Handling of Weak Cryptography Algorithms
o From the qpdf CLI, the --allow-weak-crypto is now required to
suppress a warning when explicitly creating PDF files using RC4
encryption. While qpdf will always retain the ability to read and
write such files, doing so will require explicit acknowledgment
moving forward. For qpdf 10.4, this change only affects the
command-line tool. Starting in qpdf 11, there will be small API
changes to require explicit acknowledgment in those cases as well.
For additional information, see Chapter 6, Weak Cryptography.
+ Bug Fixes
o Fix potential bounds error when handling shell completion that
could occur when given bogus input.
o Properly handle overlay/underlay on completely empty pages (with no
resource dictionary).
o Fix crash that could occur under certain conditions when using
--pages with files that had form fields.
+ Library Enhancements
o Make QPDF::findPage functions public.
o Add methods to Pl_Flate to be able to receive warnings on certain
recoverable conditions.
o Add an extra check to the library to detect when foreign objects
are inserted directly (instead of using QPDF::copyForeignObject) at
the time of insertion rather than when the file is written.
Catching the error sooner makes it much easier to locate the
incorrect code.
+ CLI Enhancements
o Improve diagnostics around parsing --pages command-line options
+ Packaging Changes
o The Windows binary distribution is now built with crypto provided
by OpenSSL 3.0.
Changelog:
Noteworthy changes in version 2.2.33 (2021-11-23)
-------------------------------------------------
* gpg: New option --min-rsa-length. [rG6ee01c1d26]
* gpg: New option --forbid-gen-key. [rG985fb25c46]
* gpg: New option --override-compliance-check. [T5655]
* gpgconf: New command --show-configs. [rG8fe3f57643]
* agent,dirmngr: New option --steal-socket. [rG6507c6ab10]
* scd: Improve the selection of the default PC/SC reader. [T5644]
* gpg: Fix printing of binary notations. [T5667]
* gpg: Remove stale ultimately trusted keys from the trustdb. [T5685]
* gpgsm: Detect circular chains in --list-chain. [rGc9343bec83]
* gpgconf: Create the local option file even if the global file
exists. [T5650]
* dirmngr: Make reading resolv.conf more robust. [T5657]
* gpg-wks-server: Fix created file permissions. [rGf54feb4470]
* scd: Support longer data for ssh-agent authentication with openpgp
cards. [T5682]
* Support gpgconf.ctl for NetBSD and Solaris. [T5656,T5671]
* Silence "Garbled console data" warning under Windows in most
cases.
* Silence warning about the rootdir under Unices w/o a mounted /proc
file system.
* Fix possible build problems about missing include files. [T5592]
* i18n: Replace the term "PIN-Cache" by "Passswort-Cache" in the
German translation. [rgf453d52e53]
* i18n: Update the Russian translation.
Release-info: https://dev.gnupg.org/T5641
See-also: gnupg-announce/2021q4/000467.html
Changelog:
Fixed
* Improved hangs experienced by users of assistive technology such as NVDA
when installing Firefox through the Microsoft Store (bug 1736742)
* Resolved general instability/crashes on Linux caused by a file descriptor
leak when backgrounding tabs using WebGL (bug 1741997)
Changed
* Updated preference design for Firefox Suggest for improved clarity.
This module provides a parser for the multipart/form-data format.
It can read from a file, a socket or a WSGI environment. The parser
can be used to replace cgi.FieldStorage to work around its limitations.
fd-proxy is a very small program, written in C. Its purpose is to
connect the I/Os of a tcpserver and tcpclient pair (from the ucspi-tcp
suite) in order to implement a TCP proxy. Setting up such a proxy can be
done in a single line.
0.19.2
Fixed
- In `set_key`, add missing newline character before new entry if necessary.
0.19.1
Added
- Add support for Python 3.10.
0.19.0
Changed
- Require Python 3.5 or a later version. Python 2 and 3.4 are no longer supported.
by [@bbc2]).
Added
- The `dotenv_path` argument of `set_key` and `unset_key` now has a type of `Union[str,
os.PathLike]` instead of just `os.PathLike`
- The `stream` argument of `load_dotenv` and `dotenv_values` can now be a text stream
(`IO[str]`), which includes values like `io.StringIO("foo")` and `open("file.env",
"r")`
0.18.0
Changed
- Raise `ValueError` if `quote_mode` isn't one of `always`, `auto` or `never` in
`set_key`
- When writing a value to a .env file with `set_key` or `dotenv set <key> <value>`
- Use single quotes instead of double quotes.
- Don't strip surrounding quotes.
- In `auto` mode, don't add quotes if the value is only made of alphanumeric characters
(as determined by `string.isalnum`).
0.17.1
Fixed
- Fixed tests for build environments relying on `PYTHONPATH`
[0.17.0
Changed
- Make `dotenv get <key>` only show the value, not `key=value`
Added
- Add `--override`/`--no-override` option to `dotenv run`
0.16.0
Changed
- The default value of the `encoding` parameter for `load_dotenv` and `dotenv_values` is
now `"utf-8"` instead of `None`
- Fix resolution order in variable expansion with `override=False`
2.0.8
Changed
- Improvement over Vietnamese detection
- MD improvement on trailing data and long foreign (non-pure latin) data
- Efficiency improvements in cd/alphabet_languages from [@adbar](https://github.com/adbar)
- call sum() without an intermediary list following PEP 289 recommendations from [@adbar](https://github.com/adbar)
- Code style as refactored by Sourcery-AI
- Minor adjustment on the MD around european words
- Remove and replace SRTs from assets / tests
- Initialize the library logger with a `NullHandler` by default from [@nmaynes](https://github.com/nmaynes)
- Setting kwarg `explain` to True will add provisionally (bounded to function lifespan) a specific stream handler
## ReText 7.2.2 (2021-10-11)
* Issue #552 Fixed bad Spanish translation causing a crash.
* Fixed `TypeError: index 0 has type 'float' but 'int' is expected` with
Python 3.10.
* Fixed `RuntimeError: ffi_prep_cif_var failed` in XSettings code.
-Remove Ctrl + c for copying item name to the clipboard (in order to reduce
build dependency)
-Change color of selected items to make them more visible
-[docs] Add Persian, Chinese and Russian README
-[misc] add CLI flag to count hidden files and directories
-[misc] removed json dependency
-[misc] Better error handling (Replace error-chain with anyhow)
-[misc] add LanguageType
-[misc] update license cache
-[misc] Use time crate instead of chrono
-[language] added support for Protocol Buffers
-[language] added support for SQL, WebAssembly, Toml, Yaml, Jsonnet, Solidity,
Json, Sass, LLVM, AutoHotKey, Coq and Fortran Legacy
-[cd] Automate "languages supported" badge
-[cd] Add workflow for Minimum Rust Version badge
Version 3.6.5 2021-10-11
* modernised nltk.org website
* addressed LGTM.com issues
* support ZWJ sequences emoji and skin tone modifer emoji in TweetTokenizer
* METEOR evaluation now requires pre-tokenized input
* Code linting and type hinting
* implement get_refs function for DrtLambdaExpression
* Enable automated CoreNLP, Senna, Prover9/Mace4, Megam, MaltParser CI tests
* specify minimum regex version that supports regex.Pattern
* avoid re.Pattern and regex.Pattern which fail for Python 3.6, 3.7
Version 3.6.4 2021-10-01
* deprecate `nltk.usage(obj)` in favor of `help(obj)`
* resolve ReDoS vulnerability in Corpus Reader
* solidify performance tests
* improve phone number recognition in tweet tokenizer
* refactored CISTEM stemmer for German
* identify NLTK Team as the author
* replace travis badge with github actions badge
* add SECURITY.md
Version 3.6.3 2021-09-19
* Dropped support for Python 3.5
* Run CI tests on Windows, too
* Moved from Travis CI to GitHub Actions
* Code and comment cleanups
* Visualize WordNet relation graphs using Graphviz
* Fixed large error in METEOR score
* Apply isort, pyupgrade, black, added as pre-commit hooks
* Prevent debug_decisions in Punkt from throwing IndexError
* Resolved ZeroDivisionError in RIBES with dissimilar sentences
* Initialize WordNet IC total counts with smoothing value
* Fixed AttributeError for Arabic ARLSTem2 stemmer
* Many fixes and improvements to lm language model package
* Fix bug in nltk.metrics.aline, C_skip = -10
* Improvements to TweetTokenizer
* Optional show arg for FreqDist.plot, ConditionalFreqDist.plot
* edit_distance now computes Damerau-Levenshtein edit-distance
Version 3.6.2 2021-04-20
* move test code to nltk/test
* clean up some doctests
* fix bug in NgramAssocMeasures (order preserving fix)
* fixes for compatibility with Pypy 7.3.4
Version 3.6 2021-04-07
* add support for Python 3.9
* add Tree.fromlist
* compute Minimum Spanning Tree of unweighted graph using BFS
* fix bug with infinite loop in Wordnet closure and tree
* fix bug in calculating BLEU using smoothing method 4
* Wordnet synset similarities work for all pos
* new Arabic light stemmer (ARLSTem2)
* new syllable tokenizer (LegalitySyllableTokenizer)
* remove nose in favor of pytest
* misc bug fixes, code cleanups, test cleanups, efficiency improvements
