* Create user/group
Changelog:
* [bp/r43638][SEC] unserialize: More complete check for objects in serialized data when it's not the first item
* And more bugfixes
Changelog:
Version 4.5.5 Dec 20th 2012
Show drag and drop shadow for Firefox
Fix Knowledgebase under certain conditions
Fix setting of sharing password
Fix setting of sharing password
Several sharing fixes
Fixversioning during sharing
Fix mounting of external filesystems especially CIFS
Fix several PHP warnings
Show /Shared as standard directory
Fix session management for running several ownClouds on the same host
Fix WebDAV quota enforement
Fix CalDAV with LDAP users
Better warning about missing dependencies
Add warning about conflicting WebDAV auth and LDAP backend
Restore send sharing link my email
Fix encoding problem with mounting of CIFS filesystems
Fix mimetype icons for new files
Fix the folder size calculation
Fix for deleting multiple files
Fix for controling the data dir with LDAP
Security: Auth bypass in user_webdavauth and user_ldap (oC-SA-2012-006)
Security: XSS vulnerability in bookmarks (oC-SA-2012-007)
* Add a possible fix of SA4931, too.
Drupal 6.27, 2012-12-19
----------------------
- Fixed security issues (multiple vulnerabilities), see SA-CORE-2012-004.
Release notes
Release date: 2012-12-18
Opera 12.12 is a recommended upgrade offering security and stability enhancements.
Fixes and Stability Enhancements since Opera 12.11
General and User Interface
* Several general fixes and stability improvements
* New option `Delete settings and data for all extensions' option (off by
default) in the Delete Private Data dialog
* Corrected an issue where using the 'Delete Private Data' dialog could delete
extension and settings data
* Redesigned the 'Delete Private Data' dialog to be more usable with small
screens
* Fixed an issue where quitting Opera while in fullscreen mode could cripple
the interface on the next start-up
Security
* Fixed an issue where malformed GIF images could allow execution of arbitrary code; see our advisory
http://www.opera.com/support/kb/view/1038/
* Fixed an issue where repeated attempts to access a target site could trigger
address field spoofing, as reported by Masato Kinugawa; see our advisory
http://www.opera.com/support/kb/view/1040/
UNIX-only
* Fixed an issue where private data could be disclosed to other computer
users, or be modified by them, as reported by Jann Horn; see our advisory
http://www.opera.com/support/kb/view/1039/
turned off in www/curl.
Modify the curl package to be aware of the libidn option. Ensure default
is on.
No functional change, so no version number bump.
== 1.5.0 Knife
* Fix compilation under Ubuntu 12.04 with -Werror=format-security option.
* Raise an error when no PID file.
* Prevent duplicate response headers.
* Make proper response on exception [MasterLambaster].
* Automatically close idling pipeline connections on server stop [MasterLambaster].
=== unicorn 4.5.0 - check_client_connection option / 2012-12-07 22:59 UTC
The new check_client_connection option allows unicorn to detect
most disconnected local clients before potentially expensive
application processing begins.
This feature is useful for applications experiencing spikes of
traffic leading to undesirable queue times, as clients will
disconnect (and perhaps even retry, compounding the problem)
before unicorn can even start processing the request.
To enable this feature, add the following line to a unicorn
config file:
check_client_connection true
This feature only works when nginx (or any other HTTP/1.0+
client) is on the same machine as unicorn.
A huge thanks to Tom Burns for implementing and testing this
change in production with real traffic (including mitigating
an unexpected DoS attack).
ref: http://mid.gmane.org/CAK4qKG3rkfVYLyeqEqQyuNEh_nZ8yw0X_cwTxJfJ+TOU+y8F+w@mail.gmail.com
This release fixes broken Rainbows! compatibility in 4.5.0pre1.
=== unicorn 4.5.0pre1 - check_client_connection option / 2012-11-29 23:48 UTC
The new check_client_connection option allows unicorn to detect
most disconnected clients before potentially expensive
application processing begins.
This feature is useful for applications experiencing spikes of
traffic leading to undesirable queue times, as clients will
disconnect (and perhaps even retry, compounding the problem)
before unicorn can even start processing the request.
To enable this feature, add the following line to a unicorn
config file:
check_client_connection true
A huge thanks to Tom Burns for implementing and testing this
change in production with real traffic (including mitigating
an unexpected DoS attack).
=== unicorn 4.4.0 - minor updates / 2012-10-11 09:11 UTC
Non-regular files are no longer reopened on SIGUSR1. This
allows users to specify FIFOs as log destinations.
TCP_NOPUSH/TCP_CORK is no longer set/unset by default. Use
:tcp_nopush explicitly with the "listen" directive if you wish
to enable TCP_NOPUSH/TCP_CORK.
Listen sockets are now bound _after_ loading the application for
preload_app(true) users. This prevents load balancers from
sending traffic to an application server while the application
is still loading.
There are also minor test suite cleanups.
3.2.3
* sass --watch no longer crashs when a file in a watched directory is deleted.
* Allow @extend within bubbling nodes such as @media.
* Fix various JRuby incompatibilities and test failures.
* Work around a performance bug that arises from using @extend with
deeply-nested selectors.
3.2.2
* Add a --poll option to force sass --watch to use the polling backend to
Listen.
* Fix some error reporting bugs related to @import.
* Treat protocol-relative URLs in @imports as static URLs, just like http and
https URLs.
* Improve the error message for misplaced simple selectors.
* Fix an option-handling bug that was causing errors with the Compass URL
helpers.
* Fix a performance issue with @import that only appears when ActiveSupport is
loaded.
* Fix flushing of actions to stdout. Thanks to Russell Davis
(http://github.com/russelldavis).
* Fix the documentation for the max() function.
* Fix a @media parsing bug.
Deprecations -- Must Read!
* Sass will now print a warning when it encounters a single @import statement
that tries to import more than one file. For example, if you have @import
"screen" and both screen.scss and _screen.scss exist, a warning will be
printed. This will become an error in future versions of Sass.
=== 2.8 / 2012-10-17
* Minor enhancements
* Added Net::HTTP::Persistent::detect_idle_timeout which can be used to
determine the idle timeout for a host.
* The read timeout may now be updated for every request. Issue #33 by
Mislav Marohnić
* Added NO_PROXY support. Pull Request #31 by Laurence Rowe.
* Added #cert and #key aliases for Net::HTTP compatibility. Pull request
#26 by dlee.
* The artifice gem now disables SSL session reuse to prevent breakage of
testing frameworks. Pull Request #29 by Christopher Cooke.
* Disabled Net::HTTP::Persistent::SSLReuse on Ruby 2+. This feature is now
built-in to Net::HTTP.
* Bug fixes
* Socket options are set again following connection reset. Pull request #28
by cmaion.
* #shutdown now works even if no connections were made. Pull Request #24 by
James Tucker.
* Updated test RSA key size to 1024 bits. Bug #25 by Gunnar Wolf.
* The correct host:port are shown in the exception when a proxy connection
fails. Bug #30 by glebtv.
== 0.6.2 / 2012-09-27
* Minor enhancements
* Support HTTP PATCH method (Marjan Krekoten' #33)
* Preserve the exact query string when possible (Paul Grayson #63)
* Add a #delete method to CookieJar (Paul Grayson #63)
* Bug fixes
* Fix HTTP Digest authentication when the URI has query params
* Don't append default ports to HTTP_HOST (David Lee #57)
- Bug 3622: peerClearRRStart scheduling multiple events
- Bug 3615: configure check for default max number of FDs is broken
- Bug 3607: --enable-auth documented default action incorrect
- Bug 3593: socket failure: Address family not supported by protocol
- Bug 3584: Detection of setresuid() is broken
- Bug 3568: Consolidate external_acl_type config dumping and add missing %%
- Bug 3564: eCAP not supporting CoAP URI schemes
- Bug 3484: Docs: sslproxy_cert_error example flawed
- Bug 3462: Delay Pools and ICAP
- Bug 3133: better fix: Memory leak handling requests for sites that don't
exist
- Bug 2976: ERR_INVALID_URL for transparently captured requests when
reconfiguring
- Silence IOS 15.1 unknown capabilities messages.
- Account for Store disk client quota when bandwidth-limiting the server.
- ... and several documentation fixes
- ... and several compile fixes
Highlights
* New Media Manager
+ Beautiful interface: A streamlined, all-new experience
+ Create galleries faster with drag-and-drop reordering,
inline caption editing, and simplified controls
+ Insert multiple images at once with Shift/Ctrl+click
* New Default Theme - Twenty Twelve
+ Simple, flexible, elegant
+ Mobile-first, responsive design
+ Gorgeous Open Sans typeface
+ Uses the latest Theme Features
* Admin Enhancements
+ New Welcome Screen
+ Retina-Ready (HiDPI) Admin
+ Hide Link Manager for new installs
+ Better accessibility for screenreaders, touch devices, and
keyboard users
+ More polish on admin screens, including a new color picker
* For Developers
+ WP_Comment_Query and WP_User_Query accept now meta queries
just like WP_Query
+ Meta queries now support querying for objects without a
particular meta key
+ Post objects are now instances of a WP_Post class, which
improves performance and caching
+ Multisite's switch_to_blog() is now significantly faster and
more reliable
+ WordPress has added the Underscore and Backbone JavaScript
libraries
+ TinyMCE, jQuery, jQuery UI, and SimplePie have all been
updated to the latest versions
+ Image Editing API for cropping, scaling, etc., that uses
ImageMagick as well as GD
+ XML-RPC: Now always enabled and supports fetching users,
managing post revisions, searching
+ New "show_admin_column" parameter for register_taxonomy()
allows automatic creation of taxonomy columns on associated post-types.
0.7.7
More fixes for App Engine, now less likely to swallow important exceptions.
Adding proxy_info_from_* methods to Python3. Reviewed in https://codereview.appspot.com/6588078/.
Added GeoTrust cert
Make httplib2.Http() instances pickleable. Reviewed in https://codereview.appspot.com/6506074/
The following issues have been fixed:
229 python3 httplib2 clobbers multiple headers of same key
230 Expose meaningful exception for App Engine URLFetch ResponseTooLargeError
231 Expose App Engine URLFetch DeadlineExceededError for debugging purposes
## Rails 3.2.9 (unreleased) ##
* Clear url helpers when reloading routes.
*Santiago Pastorino*
* Revert the shorthand routes scoped with `:module` option fix
This added a regression since it is changing the URL mapping.
This makes the stable release backward compatible.
*Rafael Mendonça França*
* Revert the `assert_template` fix to not pass with ever string that matches the template name.
This added a regression since people were relying on this buggy behavior.
This will introduce back #3849 but this stable release will be backward compatible.
Fixes#8068.
*Rafael Mendonça França*
* Revert the rename of internal variable on ActionController::TemplateAssertions to prevent
naming collisions. This added a regression related with shoulda-matchers, since it is
expecting the [instance variable @layouts](9e1188eea6/lib/shoulda/matchers/action_controller/render_with_layout_matcher.rb (L74)).
This will introduce back #7459 but this stable release will be backward compatible.
Fixes#8068.
*Rafael Mendonça França*
* Accept :remote as symbolic option for `link_to` helper. *Riley Lynch*
* Warn when the `:locals` option is passed to `assert_template` outside of a view test case
Fix#3415
*Yves Senn*
* Rename internal variables on ActionController::TemplateAssertions to prevent
naming collisions. @partials, @templates and @layouts are now prefixed with an underscore.
Fix#7459
*Yves Senn*
* `resource` and `resources` don't modify the passed options hash
Fix#7777
*Yves Senn*
* Precompiled assets include aliases from foo.js to foo/index.js and vice versa.
# Precompiles phone-<digest>.css and aliases phone/index.css to phone.css.
config.assets.precompile = [ 'phone.css' ]
# Precompiles phone/index-<digest>.css and aliases phone.css to phone/index.css.
config.assets.precompile = [ 'phone/index.css' ]
# Both of these work with either precompile thanks to their aliases.
<%= stylesheet_link_tag 'phone', media: 'all' %>
<%= stylesheet_link_tag 'phone/index', media: 'all' %>
*Jeremy Kemper*
* `assert_template` is no more passing with what ever string that matches
with the template name.
Before when we have a template `/layout/hello.html.erb`, `assert_template`
was passing with any string that matches. This behavior allowed false
positive like:
assert_template "layout"
assert_template "out/hello"
Now it only passes with:
assert_template "layout/hello"
assert_template "hello"
Fixes#3849.
*Hugolnx*
* Handle `ActionDispatch::Http::UploadedFile` like `Rack::Test::UploadedFile`, don't call to_param on it. Since
`Rack::Test::UploadedFile` isn't API compatible this is needed to test file uploads that rely on `tempfile`
being available.
*Tim Vandecasteele*
* Respect `config.digest = false` for `asset_path`
Previously, the `asset_path` internals only respected the `:digest`
option, but ignored the global config setting. This meant that
`config.digest = false` could not be used in conjunction with
`config.compile = false` this corrects the behavior.
*Peter Wagenet*
* Fix#7646, the log now displays the correct status code when an exception is raised.
*Yves Senn*
* Fix handling of date selects when using both disabled and discard options.
Fixes#7431.
*Vasiliy Ermolovich*
* Fix select_tag when option_tags is nil.
Fixes#7404.
*Sandeep Ravichandran*
* `javascript_include_tag :all` will now not include `application.js` if the file does not exists. *Prem Sichanugrist*
* Support cookie jar options (e.g., domain :all) for all session stores.
Fixes GH#3047, GH#2483.
*Ravil Bayramgalin*
* Performance Improvement to send_file: Avoid having to pass an open file handle as the response body. Rack::Sendfile
will usually intercept the response and just uses the path directly, so no reason to open the file. This performance
improvement also resolves an issue with jRuby encodings, and is the reason for the backport, see issue #6844.
*Jeremy Kemper & Erich Menge*
