Here is summary from release announce. Full changes are available in
docs/history file. (XSS problem was already fixed by geeklog-1.8.2sr1.)
* Improved strength of password hashing
* Allow Topics to have child Topics
* Allow Articles, Blocks and other Plugin objects to be associated with more
than one Topic
* Topic Breadcrumb support
* Emergency Rescue Tool is included with the Geeklog Install
* Added support for MySQLi
* Add Stop Forum Spam and Spam Number of Links Modules to Spam-X
* A new theme called Denim which is based on Responsive Web Design
* A new theme called Modern Curve
* Comments Form on same page as Articles and plugin other Plugin objects
* Comments RSS Feed Plugin now integrated into Geeklog
* Includes updated versions of jQuery to 1.9.1 and jQuery UI to 1.10.1
* Updated FCKeditor version to 2.6.9
* XSS fixes for the Install, Configuration, Topic Editor, Polls Plugin and
Calendar Plugin
* Twitter OAuth API updated
* HTML 5 DOCTYPE
pkgsrc change: stop using DIST_SUBDIR.
Version 3.0.6 (2013-03-21)
--------------------------
### Fixed
Do not add links to news, events, FAQs or newsletters to the sitemap if the
target page has not been published (see #5520).
### Fixed
Include the local configuration file twice, once before and once after the
module configuration files are parsed (see #5490). This will make settings like
the debug or safe mode work properly.
### Fixed
Correctly set the RSS feed self-reference (see #5478).
### Fixed
Remove `­` and ` ` from RSS and Atom feeds (see #5473).
### Fixed
Do not remove the grid column margin on mobile devices (see #5475).
### Fixed
Store the relative path to the installation in the `pathconfig.php` (see #5339).
### Fixed
Correctly send the comment moderation mails (see #5443).
### Fixed
Correctly create the user home directory upon registration (see #5437).
### Improved
Made the `.htaccess` files Apache 2.4 ready (see #5032).
### Fixed
Also truncate opened files in `File::truncate()` (see #5459).
### Fixed
Added the "allowTransparency" attribute to the mediabox script (see #5077).
### Fixed
The submit button label was not shown in the `FormSubmit` widget (see #5434).
### Fixed
Show invisible elements in the back end preview (see #5449).
### Fixed
Allow to create forward pages without a specific target (see #5453).
### Fixed
Updated the TinyMCE typolinks plugin (see #5329).
### Fixed
Correctly initialize the user's pagemounts (see #5454).
### Fixed
Support loading static JavaScripts in the `config.php` files (see #4890).
### Fixed
Show all articles if the article list module is in the same column (see #5373).
### Fixed
Do not show `mail_` templates from theme folders (see #5379).
### Fixed
Consider only published events when finding the calendar boundaries and only
render the previous and next links if there are events (see #5426).
### Fixed
Do not override the header and footer height in the layout builder (see #5368).
### Fixed
Correctly reset fallback, default and "do not copy" fields (see #5252).
Version 2.11.10 (2013-03-21)
----------------------------
### Fixed
Cast varchar date fields to int when selecting from the database (see #5503).
### Fixed
Only unset POST variables if `Widget::submitInput()` returns `true` (see #5474).
### Fixed
Strictly compare values when determining whether to save or not (see #5471).
### Updated
Updated TinyMCE to version 3.5.8 (see #5329).
### Fixed
Correctly show the "invalid date and time" error message (see #5480).
### Fixed
Correctly split the words when adding to the search index (see #5363).
### Fixed
Correctly load TinyMCE in IE7 and IE8 (see #5346).
### Fixed
Send the correct cache headers in "client cache only" mode (see #5358).
### Fixed
Remove the session of deleted or disabled users (see #5353).
### Fixed
Correctly set the cookie paths (see #5339).
The biggest fix is for a memory leak introduced in Django 1.5. Under certain circumstances, repeated iteration over querysets could leak memory - sometimes quite a bit of it. If you'd like more information, the details are in our ticket tracker (and in a related issue in Python itself).
If you've noticed memory problems under Django 1.5, upgrading to 1.5.1 should fix those issues.
Django 1.5.1 also includes a couple smaller fixes:
* Module-level warnings emitted during tests are no longer silently hidden.
* Prevented filtering on password hashes in the user admin.
Flask-BabelEx adds i18n/l10n support to Flask applications with
the help of the Babel library.
This is fork of official Flask-Babel extension with following
features:
* It is possible to use multiple language catalogs in one Flask
application;
* Localization domains: your extension can package localization
file(s) and use them if necessary;
* Does not reload localizations for each request.
Version 0.4
~~~~~~~~~~~
Released on 2013-04-01
* Add ``FLATPAGES_MARKDOWN_EXTENSIONS`` config to setup list of Markdown
extensions to use with default HTML renderer.
* Fix a bug with non-ASCII filenames.
Upstream changes(since 2.4.0):
2.4.3
Regression fix
MDL-38474 - Teachers unable to access server files
Note: Moodle 2.4.3 is being released just one week after 2.4.2 in response to a serious regression being discovered in 2.4.2.
Other fixes
MDL-38303 - MUC: Session cache is adjusted accordingly when user logs in or out
MDL-38386 - Upgrade step for 24 and master adjusted
MDL-38332 - Browsing users paginates properly for multiples of 30 users
MDL-33424 - Images correctly restored from a 1.9 course quiz
MDL-34011 - Display of student attempts for Short Answer questions in Lessons is now correct
2.4.2
Highlights
MDL-32975 - There is an option to sort My Courses list alphabetically
MDL-36297 - HTML purifier strings are now cached
MDL-35074 - More students can now appear per page in the Grader Report
MDL-34435 - Actions in categories are now logged
Functional changes
MDL-30669 - Admins are warned before deleting 'Sticky' site-wide blocks in 2.2 accidentally through a course page
MDL-37894 - Not yet opened quizzes show close date as well as open date
MDL-35336 - Process for enabling statistics is now clearer
API changes
MDL-36363 - Removing a file store cache instance removes its folder too
MDL-31636 - Comments API allows plugins to set the date format
Security issues
MSA-13-0011 Calendar subscription capability issue
MSA-13-0012 Information leak in course profiles
MSA-13-0013 Server information revealed through exception messages
MSA-13-0014 Password revealed in WebDav repository
MSA-13-0015 Cross-site scripting issue in Filepicker
MSA-13-0016 External Entity Injection through Zend library
MSA-13-0017 Form manipulation issue in notes
MSA-13-0018 Personal information leak through repositories
MSA-13-0019 Unauthorised settings editing through WebDav repository
Fixes and improvements
Fixes for MUC - MDL-37683 MDL-37545 MDL-38110 MDL-38165
MDL-37792 - Conditional Resource based on a profile interest field now works when fields are empty
MDL-38173 - Adding modules to courses where completion is enabled no longer causes corruption
MDL-37847 - Plain text essays now show HTML special characters appropriately
MDL-37774 - Moodle 1.9 to 2.x course restore now works with directory resources
MDL-37563 - Assignment upgrade now includes conditional access settings
MDL-36757 - Editing an activity no longer reveals hidden grades
MDL-35780 - Participants page disclosure of email addresses is now consistent
MDL-35175 - Lesson now shows attempts if associated with a grouping
MDL-37710 - Students can access their own submitted files in a team submission assignment
MDL-38352 - Improved language strings added to the English language pack, the most noticeable being 'My Moodle' in the site admin settings renamed as My home
2.4.1
Highlights
MDL-32880 - Make 1.9 blocks restorable in 2.3 onwards
MDL-34791 - Activity quick title edit updates name in gradebook
MDL-35653 - Wiki module works if you activate the force format option
API changes
MDL-30700 - There is a new function "text_sorting($columnname)" for the class flexible_table which allows you to specify which columns are of type "text" so they can be sorted correctly in all databases.
MDL-35593 - core_webservice_get_site_info returns version number as PARAM_TEXT
MDL-30961 - get_course_contents web service's name value is now PARAM_RAW
Security issues
MSA-13-0001 - Security issue in Google Spellchecker in TinyMCE
MSA-13-0002 - Capability issue with Outcome editing
MSA-13-0003 - Potential server file access through backup restoration
MSA-13-0004 - Information leak through activity report
MSA-13-0005 - Potential phishing attack through URL redirects
MSA-13-0006 - Potential information leak in Assignment module
MSA-13-0007 - Potential exploit in messaging
MSA-13-0008 - Information leak through Blog RSS
MSA-13-0009 - Information leak through Blog RSS
MSA-13-0010 - Failure to check capabilities in calendar
Fixes and improvements
MDL-36680 - Overview report now gives correct course total by not including hidden item grades
MDL-37165 - Assignment summary displays on Oracle
MDL-36963 - Automatic updates deployer needs checks directory permissions
1.0.5
* SQLAlchemy 0.8 support
* Choices and PostgreSQL Enum field type support
* Flask-BabelEx will be used to localize administrative interface
* Simple text file editor
* File admin has additional hooks: rename, edit, upload, etc
* Simple text file editor
* External links in menu
* Column descriptions
* Possibility to override master template
* Reworked templates. New âlayoutâ sample with completely different
administrative UI
* Ability to customize wtforms widget rendering through form_widget_args
property
* German translation (WIP)
* Updated documentation
* Lots of bug fixes
* Change to 5.0 branch.
Changelog:
Version 5.0.0 March 14th 2013
New design
Restore deleted files
New fulltext search
Display names
New photo gallery
Improved calendar and contacts
Improved bookmarks
New documentation system
Improved file cache
Improved security checks
Security hardening in templates
Security hardening: Implemented Content Security Policy
Better versioning of better autoexpire
Extended external storage
New OCS REST API support
Improved apps management
After curl 7.25.0 update (imported to pkgsrc at 20120417),
"curl-config --libs" no longer returns "-Wl,-R/usr/pkg/lib"
while "curl-config --static-libs" still returns it.
Fixes the root cause of libcurl part of PR pkg/46567, and this is
also required to fix openoffice3 issue as mentioned in PR pkg/46983.
The problem is tracked and reported by Yasushi Oshima.
Bump PKGREVISION.
* Add a `report` reaction.
This reaction does not halt the request, but leaves it up to the app to
react on this information. This allows e.g. frameworks to ignore failures
in certain conditions.
# Changelog
## Version 3.0.2 - 2013-03-13
* Fix generated pages to say they are utf-8 [#4]
* Fix formatting of usage section of documentation
* Update dependencies
* Convert to RDoc 4.0
## 1.0.3 (2013-03-14)
* Fixed a bug that broke media queries. [Rob]
* Fixed a bug that caused the input string to be modified when modifications
should only have been made to a copy.
added sanity-check for time-interval-option
added x-hiername for NetCache-Logparsing
fix for iPlanet Web Proxy Server
moved CARP from HIT to MISS section
2.0.4b (2013-02-04)
------------------
Bug fixes
- Fixed order of precedence for options (#2166)
The following order is enforced - first match wins
1. Command line arguments
2. .GNUstepDefaults
3. /etc/sogo/{debconf,sogo}.conf
4. SOGoDefaults.plist
- fixed handling of LDAP DN containing special characters (#2152, #2207)
- fixed handling of credential files for older GNUsteps (#2216)
- fixed display of messages with control characters (#2079, #2177)
- fixed tooltips in contacts list (#2211)
- fixed classification menu in component editor (#2223)
- fixed link to ACL editor for 'any authenticated user' (#2222, #2224)
- fixed saving preferences when mail module is disabled
- fixed handling for long credential strings (#2212)
2.0.4a (2013-01-30)
------------------
Enhancements
- updated Czech translation
- birthday is now properly formatted in addressbook module
Bug fixes
- fixed handling of groups with spaces in their UID
- fixed possible infinite loop in repeatable object
- fixed until date in component editor
- fixed saving all-day event in appointment editor
- fixed handling of decoding contacts UID
- fixed support of GNUstep 1.20 / Debian Squeeze
2.0.4 (2013-01-25)
------------------
New features
- sogo-tool: new "dump-defaults" command to easily create /etc/sogo/sogo.conf
Enhancements
- The sogo user is now a system user.
For new installs, this means that 'su - sogo' won't work anymore.
Please use 'sudo -u sogo cmd' instead
If used in scripts from cronjobs, 'requiretty' must be disabled in sudoers
- added basic support for LDAP URL in user sources
- renamed default SOGoForceIMAPLoginWithEmail to
SOGoForceExternalLoginWithEmail and extended it to SMTP authentication
- updated the timezone files to the 2012j edition and removed RRDATES
- updated CKEditor to version 4.0.1
- added Finnish translation - thanks to Kari Salmu
- updated translations
- recurrence-id of all-day events is now set as a proper date with no time
- 'show completed tasks' is now persistent
- fixed memory usage consumption for remote ICS subscriptions
Bug fixes
- fixed usage of browser's language for the login page
- fixed partstat of attendee in her/his calendar
- fixed French templates encoding
- fixed CardDAV collections for OS X
- fixed event recurrence editor (until date)
- fixed column display for subfolders of draft & sent
- improved IE7 support
- fixed drag'n'drop of events with Safari
- fixed first day of the week in datepickers
- fixed exceptions of recurring all-day events
2.0.3 (2012-12-06)
------------------
New features
- support for SAML2 for single sign-on, with the help of the lasso library
- added support for the "AUTHENTICATE" command and SASL mechanisms
- added domain default SieveHostFieldName
- added a search field for tasks
Enhancements
- search the contacts for the organization attribute
- in HTML mode, optionally place answer after the quoted text
- improved memory usage of "sogo-tool restore"
- fixed invitations status in OSX iCal.app/Calendar.app (cleanup RSVP attribute)
- now uses "imap4flags" instead of the deprecated "imapflags"
- added Slovak translation - thanks to Martin Pastor
- updated translations
Bug fixes
- fixed LDIF import with categories
- imported events now keep their UID when possible
- fixed importation of multiple calendars
- fixed modification date when drag'n'droping events
- fixed missing 'from' header in Outlook
- fixed invitations in Outlook
- fixed JavaScript regexp for Firefox
- fixed JavaScript syntax for IE7
- fixed all-day event display in day/week view
- fixed parsing of alarm
- fixed Sieve server URL fallback
- fixed Debian cronjob (spool directory cleanup)
3.1.14
- When include_once_override is on, use the cached realpath. See rev. 328172
for a full explanation (Rasmus)
- Fixed bug #63852 (apc 3.1.13 fails to build if __APC_SMA_DEBUG__ is set)
(Laruence)
- Fixed bug #63434 (Segfault if apc.shm_strings_buffer excceed apc.shm_size)
(Laruence)
- Fixed bug #63070 (apc.include_once_override bug) (Laruence)
- Fixed bug #62151 (Stat files only require read access only, windows). (Pierre)
- fix num. segfaults by revert rev. 326820 and issue reported in bug #62972
- Fixed bug #63491 file_md5 value was wrong when use apc_bin_load function
(Anatoliy)
- Fixed PHP 5.5 compatibility (related to VM variables access fix) (Anatoliy)
- Added tests for bugs #63224, #63545, #63669 (Anatoliy)
A Ruby wrapper for the Python [pygments syntax
highlighter](http://pygments.org/).
pygments.rb works by talking over a simple pipe to a long-lived Python child
process. This library replaces
[github/albino](https://github.com/github/albino), as well as a version of
pygments.rb that used an embedded Python interpreter.
Each Ruby process that runs has its own 'personal Python'; for example, 4
Unicorn workers will have one Python process each. If a Python process dies,
a new one will be spawned on the next pygments.rb request.
Upstream changes:
0.28 Thu Mar 14 2013
[FIXES]
- the Accept-Encoding header removal code was broken in the previous
version. Now the header will be removed as soon as a body filter
is configured.
[TEST]
- use File::Spec in the test suite to compute portable file names,
to avoid some test failures, like
http://www.cpantesters.org/cpan/report/856ca676-6bf5-1014-bfa1-9d8aa3912248
0.27 Fri Mar 8 2013
[IMPROVEMENTS]
- in HTTP::Proxy::HeaderFilter::standard, now remove the Accept-Encoding header
only when we know we'll actually look at the response body
[TESTS]
- use httpstat.us to test HTTP statuses
0.26 Wed Feb 6 2013
[IMPROVEMENTS]
- remove a "Use of "goto" to jump into a construct is deprecated"
warning (Tom Hukins)
[DOCUMENTATION]
- fix RT #77685 (Tom Hukins)
- improved the number of links to other modules from the documentation
[TEST]
- fix RT #71771 (Tom Hukins)
- fix test failures in POD tests (Tom Hukins)
## 2.5.0 / 2013-03-06
* Prevent Object methods from being called on drops
* Avoid symbol injection from liquid
* Added break and continue statements
* Fix filter parser for args without space separators
* Add support for filter keyword arguments
Since 2.2.3.1-beta
------------------
bugfix: Search in a member does not find file contents.
bugfix: Click on "search everywhere" does not find file contents.
bugfix: Groups listed alphabetically in the Administration Panel.
bugfix: Monthly view calendar print shows empty calendar.
bugfix: Improvements in performance of overview widgets.
bugfix: Timeslots are not reclassified reclassifying tasks.
bugfix: Cannot delete members if it has objects.
bugfix: Member deletion does not clean all related tables.
bugfix: Only managers or superior roles can change other user passwords.
bugfix: Several missing langs and undefined variables warnings clean.
bugfix: Db error when adding two workspaces with the same name.
bugfix: Quick add files - all radio buttons can be selected.
system: Russian translations updated.
Since 2.2.2
----------------
bugfix: Owner company cannot be classified.
bugfix: Task list group by user fix.
bugfix: Add pdf and docx files to searchable objects.
bugfix: js managers bugfixes.
bugfix: Cannot edit/delete mails from deleted accounts.
bugfix: Error in tasks reports when ordering by 'order' column.
bugfix: Fixes in migration from 1.X of custom properties.
usability: Reports can be edited to allow execution in every context.
usability: Performance improved in tasks list.
usability: Users are filtered by permissions in 'People' dimension when filtering by a workspace.
usability: Contacts are filtered in 'People' dimension when filtering by a workspace if they belong to the workspace.
system: Portuguese language updated.
Since 2.2.1
----------------
bugfix: logged_user fix when classifying attachments
bugfix: go back instead of redirect when editing file properties.
bugfix: chmod after mkdir when repository file backend creates directory
bugfix: Several template instatiation fixes
bugfix: mail classification bugfix
bugfix: allow to classify mails in workspaces,tags
bugfix: administration/users: 10 users per page fix
bugfix: do not use objects in estimated-worked widget, use raw data for better performance
bugfix: language fixes
bugfix: cannot use assigned_to combo when adding tasks in ie
bugfix: ie compatibility fix in calendar toolbars
bugfix: enable/disable cron events for calendar export/import when adding/deleting accounts
bugfix: html tags in task tooltip description at calendar
bugfix: cvs export prints html tags
bugfix: users with can_manage_security cannot manage groups
bugfix: view week calendar views don't show tasks all days if task starts or ends in another week
bugfix: dont show timeslots of other users if cannot see assigned to other's tasks
bugfix: ext buttons hechos a lo chancho
bugfix: patch if not exists function array_fill_keys (para php < 5.2)
bugfix: break large words in task description
bugfix: administrator cannot log in to admin panel when asking for credentials
bugfix: cannot edit file after uploaded from object picker
bugfix: getTimeValue when 12:XX AM
bugfix: bugfix in custom reports with boolean conditions on custom properties
bugfix: admin users paging fix
bugfix: migration companies comments fix
Since 2.2.1-rc
----------------
bugfix: Cannot manage plugins if no super admin.
bugfix: Reports were not grouping unclassified objects.
bugfix: Reports grouping misses a group.
bugfix: Fixed findById function in ContentDataObjects.
bugfix: Fixed Email plugin installation.
bugfix: Fixed translations for dimension names.
bugfix: Error with company logo when sending notifications.
bugfix: Time report fix when selecting custom dates and listing paused timeslots.
bugfix: Fix when getting plugin's javascript translations.
Since 2.2
----------------
bugfix: Calendar monthly view bugs with repeating events.
bugfix: Permissions system fix.
bugfix: Projects appear in object picker.
bugfix: language fixes (en_us, es_la, es_es).
bugfix: Error in calendar when user has timezone=0.
bugfix: Formatted tasks description and notes content does not shows italics and quotes when viewing.
bugfix: Compressing files does not create compressed file in the current context.
bugfix: Sometimes can subscribe users with no permissions to the object.
bugfix: Activity widget bug with general timeslots.
bugfix: Error when selecting default workspace in mail account edition.
bugfix: User types are not transalted.
bugfix: Prevent double generation of tasks when completing a repetitive task instance (double click on complete link).
bugfix: CSV export fixes at Total tasks times report.
usability: Create events according the filtered user.
usability: Config option to show tab icons.
usability: Config option to enable/disable milestones.
* Change the :ignore_crawl_delay option to a handler option :crawl_delay.
* Merge back the previous change to the source file.
* Remove Gemfile.lock.
* Add the ability to externalize the enforcement of the robots.txt Craw
jasonhowes authored a month ago.
* Migrate from jeweler to bundle gem.
=== unicorn 4.6.2 - HTTP parser fix for Rainbows! / 2013-02-26 02:59 UTC
This release fixes a bug in Unicorn::HttpParser#filter_body
which affected some configurations of Rainbows! There is
also a minor size reduction in the DSO.
=== unicorn 4.6.1 - minor cleanups / 2013-02-21 08:38 UTC
Unicorn::Const::UNICORN_VERSION is now auto-generated from
GIT-VERSION-GEN and always correct. Minor cleanups for
hijacking.
=== unicorn 4.6.0 - hijacking support / 2013-02-06 11:23 UTC
This pre-release adds hijacking support for Rack 1.5 users.
See Rack documentation for more information about hijacking.
There is also a new --no-default-middleware/-N option
for the `unicorn' command to ignore RACK_ENV within unicorn
thanks to Lin Jen-Shin.
There are only documentation and test-portability updates
since 4.6.0pre1, no code changes.
=== unicorn 4.6.0pre1 - hijacking support / 2013-01-29 21:05 UTC
This pre-release adds hijacking support for Rack 1.5 users.
See Rack documentation for more information about hijacking.
There is also a new --no-default-middleware/-N option
for the `unicorn' command to ignore RACK_ENV within unicorn.
3.2.7
* The index and zip functions now work like all other list functions and treat
individual values as single-element lists.
* Avoid stack overflow errors caused by very long function or mixin argument
lists.
* Emit relative paths when using the --line-comments flag of the sass
executable.
* Fix a case where very long numbers would cause the SCSS parser to take
exponential time.
3.2.6
* Support for Rubinius 2.0.0.rc1. All tests pass in 1.8 mode. 1.9 mode has
some tests blocked on Rubinius issue 2139.
* Support for JRuby 1.7.2.
* Support for symlinked executables. Thanks to Yin-So Chen.
* Support for bubbling @supports queries in the indented syntax.
* Fix an incorrect warning when using @extend from within nested @media
queries.
* Update the bundled version of listen to 0.7.2.
== 0.12.1 / 2013-02-19
* Minor Enhancements
* Update Kramdown version to 0.14 (#744, #808)
* Test Enhancements
* Update Rake version to 10.0.3 (#744)
* Update Shoulda version to 3.3.2 (#744)
* Update Redcarpet version to 2.2.2 (#744)
== 0.12.0 / 2012-12-22
* Minor Enhancements
* Add ability to explicitly specify included files (#261)
* Add --default-mimetype option (#279)
* Allow setting of RedCloth options (#284)
* Add post_url Liquid tag for internal post linking (#369)
* Allow multiple plugin dirs to be specified (#438)
* Inline TOC token support for RDiscount (#333)
* Add the option to specify the paginated url format (#342)
* Support Redcarpet 2 and fenced code blocks (#619)
* Better reporting of Liquid errors (#624)
* Bug Fixes
* Allow some special characters in highlight names
* URL escape category names in URL generation (#360)
* Fix error with limit_posts (#442)
* Properly select dotfile during directory scan (#363, #431, #377)
* Allow setting of Kramdown smart_quotes (#482)
* Ensure front-matter is at start of file (#562)
[866c9cd | 2013-02-21 12:21:46 UTC] Michael Fellinger <m.fellinger@gmail.com>
* Version 2013.02.21
[aa22191 | 2013-02-21 12:21:16 UTC] Michael Fellinger <m.fellinger@gmail.com>
* update dependencies
[1a2ee39 | 2013-02-07 00:10:01 UTC] Michael Fellinger <m.fellinger@gmail.com>
* Version 2013.02
[64ca67a | 2013-01-29 23:34:26 UTC] Michael Fellinger <m.fellinger@gmail.com>
* don't do CI for REE, it's not supported anymore, add rbx and jruby 1.9
[079975c | 2013-01-29 21:57:39 UTC] Yorick Peterse <yorickpeterse@gmail.com>
* Preserve values when calling render_full.
Signed-off-by: Yorick Peterse <yorickpeterse@gmail.com>
[a90d3f9 | 2013-01-29 21:53:16 UTC] Yorick Peterse <yorickpeterse@gmail.com>
* Fix for generting URLs using anchor().
Instead of always appending "?" to the URL the anchor() method should only do
so when there actually is a query string.
Signed-off-by: Yorick Peterse <yorickpeterse@gmail.com>
[d2aeb7f | 2013-01-29 21:17:08 UTC] Yorick Peterse <yorickpeterse@gmail.com>
* Caching of provides and method arities.
Caching of a controller's provide handlers as well as the method arities can
lead to a nice performance boost of around 300 transactions/second using the
following benchmark:
require 'innate'
Innate.middleware :live do
run Innate.core
end
Innate::Log.level = Logger::ERROR
Innate.options.mode = :live
ENV['RACK_ENV'] = 'none'
class MainController
Innate.node('/', self)
def index
return 'index'
end
end
[:fast_mappings, :cache_provides, :cache_method_arities].each do |key|
MainController.ancestral_trait[key] = true
end
Innate.start(:adapter => :thin)
Benchmarking this was done by running `siege -c 10 -t 5s -b HOST` and would
initially result in around 1700 trans/sec. When using this commit this sits
between 2000/2100 trans/sec.
To prevent any potential issues the caching of provides and method aritites is
disabled by default.
See Github issue #7 for more information.
Signed-off-by: Yorick Peterse <yorickpeterse@gmail.com>
[06dd4c5 | 2013-01-29 18:25:49 UTC] Yorick Peterse <yorickpeterse@gmail.com>
* Revert action caching.
Instead of caching the entire action instance (which is modified further down
the chain) various parts that make up this process will be cached instead
(where possible).
Signed-off-by: Yorick Peterse <yorickpeterse@gmail.com>
[32440b0 | 2013-01-15 18:38:41 UTC] Michael Fellinger <m.fellinger@gmail.com>
* prevent memory leak from action caching
[040d084 | 2013-01-15 18:37:19 UTC] Michael Fellinger <m.fellinger@gmail.com>
* clean up LRUHash a bit
[a136a72 | 2013-01-14 20:06:22 UTC] Michael Fellinger <m.fellinger@gmail.com>
* build middleware only once
[8aea7cb | 2013-01-14 18:31:37 UTC] Yorick Peterse <yorickpeterse@gmail.com>
* Only compile middleware for the current mode.
Signed-off-by: Yorick Peterse <yorickpeterse@gmail.com>
* Add and Update PKG_OPTIONS related to storage backend.
- squid-backend-null: "null" type of storage backend had been deperecated.
- Add squid-backend-rock.
- Revive squid-backend-aufs.
Bump PKGREVISION.
Version 0.10
~~~~~~~~~~~~
Released on 2013-03-11.
* Add the ``FREEZER_DESTINATION_IGNORE`` configuration
(Thanks to Jim Gray and Christopher Roach.)
* Add the ``FREEZER_RELATIVE_URLS`` configuration
* Add the :func:`relative_url_for` function.
Django 1.5 introduces support for a configurable User model. The basic Django User model is still around, of course, but now there's first-class support for specifying your own model and having Django's auth system make use of it.
Django 1.5 is the first Django release with support for Python 3 (specifically, Python 3.2 and newer). Python 3 support is still considered experimental -- largely because it hasn't received as much real-world testing as we'd like -- but a Python 3 porting guide is available if you'd like to give it a try, and we will be considering Python 3 compatibility bugs to be blockers for future releases.
Of course, if you're still comfortable with Python 2, Django continues to offer support for that just as we always have -- though note that the minimum version for Django 1.5 is Python 2.6.5, and Python 2.7.3 or newer is strongly recommended.
Django's documentation has also gotten some pretty significant work; the main documentation page has had a bit of a facelift to make things easier to find, the existing tutorial got some refurbishing, and several new tutorials -- including some more advanced topics, like writing an app you can reuse in multiple projects -- have been added. And the documentation for class-based views has been significantly expanded, which should make this feature a lot easier to understand and take advantage of.
== Changes
Please note that this release includes a few potentially breaking changes.
Of particular note are:
* SessionHash is no longer a Hash sublcass
* Rack::File cache_control parameter is removed in place of headers options
Additonally, SPEC has been updated in several areas and is now at 1,2.
A new SPEC section was introduced that provides two server-optional IO hijacking
APIs. Further information on these APIs will be made available by the community
in good time. In the mean time, some information can be found in the original
pull request: https://github.com/rack/rack/pull/481
* January 21st, 2013: Thirty third public release 1.5.0
* Introduced hijack SPEC, for before-response and after-response hijacking
* SessionHash is no longer a Hash subclass
* Rack::File cache_control parameter is removed, in place of headers options
* Rack::Auth::AbstractRequest#scheme now yields strings, not symbols
* Rack::Utils cookie functions now format expires in RFC 2822 format
* Rack::File now has a default mime type
* rackup -b 'run Rack::File.new(".")', option provides command line configs
* Rack::Deflater will no longer double encode bodies
* Rack::Mime#match? provides convenience for Accept header matching
* Rack::Utils#q_values provides splitting for Accept headers
* Rack::Utils#best_q_match provides a helper for Accept headers
* Rack::Handler.pick provides convenience for finding available servers
* Puma added to the list of default servers (preferred over Webrick)
* Various middleware now correctly close body when replacing it
* Rack::Request#params is no longer persistent with only GET params
* Rack::Request#update_param and #delete_param provide persistent operations
* Rack::Request#trusted_proxy? now returns true for local unix sockets
* Rack::Response no longer forces Content-Types
* Rack::Sendfile provides local mapping configuration options
* Rack::Utils#rfc2109 provides old netscape style time output
* Updated HTTP status codes
* Ruby 1.8.6 likely no longer passes tests, and is no longer fully supported
* January 28th, 2013: Thirty fourth public release 1.5.1
* Rack::Lint check_hijack now conforms to other parts of SPEC
* Added hash-like methods to Abstract::ID::SessionHash for compatibility
* Various documentation corrections
* February 7th, Thirty fifth public release 1.5.2
* Fix CVE-2013-0263, timing attack against Rack::Session::Cookie
* Fix CVE-2013-0262, symlink path traversal in Rack::File
* Add various methods to Session for enhanced Rails compatibility
* Request#trusted_proxy? now only matches whole stirngs
* Add JSON cookie coder, to be default in Rack 1.6+ due to security concerns
* URLMap host matching in environments that don't set the Host header fixed
* Fix a race condition that could result in overwritten pidfiles
* Various documentation additions
Docs: document ConnOpener::swanSong() better
Bug 3329: Quieten orphan Comm::Connection messages
Sync TESTDIR names used by testCoss and testUfs with testRock changes.
MacOS: reduce the testRock unit test UDS path
Bug 3720: SourceLayout: shuffle fd_table definition into fde.h
Bug 3794: MacOS: workaround compiler errors and case-insensitivity
Polish debugs in cacheability test
Bug 3753: Removes the domain from the cache_peer server pconn key
Bug 3781: Proxy Authentication not sent to cache_peer
Bug 3763: diskd Error: no filename in shm buffer
Solaris: Fix xstrto*() function linkages
Mentioned creation of diskers in cache_dir rock documentation.
Fix coverity scan issue 740457: unsecure temporary file creation
Bug 3686: cache_dir max-size default fails
Bug 3752: objects that cannot be cached in memory are not cached on disk if cache_dir max-size is used.
Upstream changes:
1.101 Sat Jul 21 15:01:20 PDT 2012
- Fix typos and formatting
- Mention CGI variables ala PEP 333
1.10 Fri Mar 9 08:46:27 PST 2012
- Released as PSGI 1.1
1.09_3 Wed Jun 22 13:48:31 PDT 2011
- Separated extensions into PSGI::Extensions
- Added psgix.harakiri and psgix.harakiri.commit
- Updated terminology section
- Clarified that body should be encoded byte strings and do not contain wide characters
- Clarified that header values must be defined
1.09_2 Tue Jun 7 15:21:47 PDT 2011
- Fixed a dumb mistake about allowed characters in header values
- Updated FAQ document
- psgi.input MUST have seek() only if psgix.input.buffered is true
1.09_1 Mon Mar 28 11:35:44 PDT 2011
- 1.1 beta
- Upped psgi.version to be [1,1]
- Lots of grammar and style fixes
- Removed poll_cb from writer spec
- Streaming interface now SHOULD be implemented, rather than MAY
- Promoted psgi.streaming, nonblocking and run_once keys to be MUST
- Added psgix.logger and psgix.session extensions
- Updated FAQ
Upstream changes:
0.028 2013-03-05 14:11:57 America/New_York
[SUPPORT]
- Fix repository/issue links to reflect proper repo name
0.027 2013-03-05 12:02:58 America/New_York
[SUPPORT]
- Changed metadata to point to the chansen github repository
for code and issues
[DOCUMENTATION]
- Added hyperlink for HTTP::CookieJar
0.026 2013-03-04 22:53:39 America/New_York
[ADDED]
- Added cookie support if an HTTP::CookieJar object is provided in the
'cookie_jar' attribute [Edward Zborowski]
0.025 2012-12-26 12:09:43 America/New_York
[ADDED]
- Agent string appends default if it ends in a space, just like LWP
[Chris Weyl]
0.024 2012-10-09 20:44:53 America/New_York
[ADDED]
- SSL connections now auto-retry I/O after SSL renegotiation [Alan
Gardner]
[FIXED]
- User-specified CA bundles take precedence over Mozilla::CA [Alan
Gardner]
[PREREQS]
- SSL support now requires Net::SSLeay 1.49 or greater to support
auto-retry [Mike Doherty]
- Downgraded IO::Socket::SSL and related prereqs to 'suggests' again
0.023 2012-09-19 09:55:46 America/New_York
[PREREQS]
- IO::Socket::SSL and related prereqs changed to 'required' for dev
release to get better failure diagnostics from CPAN Testers
[TESTING]
- Skip live SSL testing unless IO::Socket::SSL 1.56+ installed
Upstream changes:
MediaWiki 1.20.3
This is a security and maintenance release of the MediaWiki 1.20 branch.
Changes since 1.20.2
New preference type - 'api'. Preferences of this type are not shown on Special:Preferences, but are still available via the action=options API. (Unbreaks MLEB.)
(bug 44010) Context is passed to UserGetLanguageObject.
The recursion guard on RequestContext::getLanguage() was weakened.
(bug 40585) Don't drop 'step="any"' in HTML input fields.
(bug 44024) Fixed problems in ObjectCache when using XCache.
(bug 44010) FauxRequest leaked cookie data from primary request.
(bug 44135/bug 42441) Pass '2' instead of 'true' to CURLOPT_SSL_VERIFYHOST
(bug 43518) API action=unblock should return the user name, not the full user object
(Bug 45355) Prevent read of arbitrary files through mwdoc-filter.php
Drupal 7.21, 2013-03-06
-----------------------
- Allowed sites using the 'image_allow_insecure_derivatives' variable to still
have partial protection from the security issues fixed in Drupal 7.20.
Packages Collection.
The Zend Optimizer+ provides faster PHP execution through opcode caching and
optimization. It improves PHP performance by storing precompiled script
bytecode in the shared memory. This eliminates the stages of reading code from
the disk and compiling it on future access. In addition, it applies a few
bytecode optimization patterns that make code execution faster.
Provides a CAPTCHA for Python using the reCAPTCHA service. Does not require
any imaging libraries because the CAPTCHA is served directly from reCAPTCHA.
Also allows you to securely obfuscate emails with Mailhide.
*) Feature: $connections_active, $connections_reading, and
$connections_writing variables in the ngx_http_stub_status_module.
*) Feature: support of WebSocket connections in the
ngx_http_uwsgi_module and ngx_http_scgi_module.
*) Bugfix: in virtual servers handling with SNI.
*) Bugfix: new sessions were not always stored if the "ssl_session_cache
shared" directive was used and there was no free space in shared
memory.
Thanks to Piotr Sikora.
*) Bugfix: multiple X-Forwarded-For headers were handled incorrectly.
Thanks to Neal Poole for sponsoring this work.
*) Bugfix: in the ngx_http_mp4_module.
Thanks to Gernot Vormayr.
Changes from previous:
----------------------
2012-06-14 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m.el (w3m-url-encode-string-2): Encode only `(' and `)'.
2012-06-12 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m-proc.el (w3m-process-do-with-temp-buffer): Use labels macro again.
Functions that the labels form generates to be used in the outside of
the labels form should be prefixed with #' from now on.
Thanks to Michael Heerdegen and Andreas Schwab.
* w3m-proc.el (w3m-process-do-with-temp-buffer): Don't use labels macro
of which the spec has been changed in the most recent Emacs.
2012-06-04 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m.el (w3m-expand-url): Work for scheme name containing upcase
letters. Reported by Dan Jacobson <jidanni@jidanni.org>.
* w3m-util.el (w3m-force-mode-line-update): New alias.
* w3m-lnum.el (w3m-with-lnum, w3m-lnum-universal-dispatch): Use it.
2012-06-03 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m.el (w3m-create-page): Improve regexp matching Google's click-
tracking urls.
2012-05-14 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m.el (w3m-url-encode-string-2): New function.
(w3m-print-current-url, w3m-print-this-url, w3m-print-this-image-url):
Use it to encode url characters that are apt to be misidentified as
word boundaries.
2012-04-22 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m.el (w3m-create-page): Decode url in Google's click-tracking
filter.
2012-04-18 Andrey Kotlarski <m00naticus@gmail.com>
* w3m-lnum.el (w3m-with-lnum, w3m-lnum-universal-dispatch):
Explicitly redraw mode line.
(w3m-lnum-visit): Fix prompt; add --insecure option to Curl.
2012-04-17 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m.el (w3m-create-page): Add a filter for Google's click-tracking
temporarily --- maybe this should be incorporated in w3m-filter.el.
2012-04-13 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m.el (w3m-goto-mailto-url): Protect against nil value of body=;
decode url string; don't change mail buffer's modification status;
make sure body text is inserted to the message body.
2012-04-12 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m.el (w3m-shr-url-at-point): New function.
(w3m-url-at-point): Use it.
* doc/ptexinfmt.el (texinfo-format-syntax-table): Modify character
syntax of " and \ to w, as a workaround.
(texinfo-format-comma): Support @comma.
(texinfo-format-parse-args): Tweak it so as to work for @comma.
2012-03-16 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m.el (w3m-scroll-left, w3m-scroll-right): Use image-mode function
for an image page.
(w3m-shift-left, w3m-shift-right): Pass prefix argument to image-mode
function.
2012-03-12 Dan Jacobson <jidanni@jidanni.org>
* w3m.el (w3m-ctl-c-map): Bind `C-c C-e' to w3m-goto-new-session-url.
2012-02-27 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m.el (w3m-relationship-estimate-rules)
(w3m-open-all-links-in-new-session): Work for https Google pages.
2012-02-20 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m.el (w3m-goto-mailto-url): Work for mail body.
2012-02-13 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m-util.el (w3m-switch-to-buffer): Abolish.
* w3m-bookmark.el (w3m-bookmark-add-all-urls):
* w3m-ems.el (w3m-tab-drag-mouse-function)
(w3m-tab-click-mouse-function, w3m-tab-next-buffer)
(w3m-tab-make-keymap):
* w3m-form.el (w3m-form-input-textarea, w3m-form-input-select)
(w3m-form-input-map):
* w3m-session.el (w3m-session-select):
* w3m-tabmenu.el (w3m-switch-buffer, w3m-tab-menubar-open-item):
* w3m-util.el (w3m-popup-buffer, w3m-make-menu-commands):
* w3m.el (w3m-next-buffer, w3m-move-unseen-buffer)
(w3m-goto-url-new-session, w3m-reload-all-pages): Revert to using
switch-to-buffer.
2012-02-10 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m-hist.el (w3m-history-store-position): Don't trust column position
that Emacs tells if there's an image.
(w3m-history-restore-position): Revert 2011-10-21 change.
2012-02-10 Kevin Ryde <user42@zip.com.au>
* w3m.el (w3m-about-header): Show info of image where point stays.
2012-01-26 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m.el (w3m-mode): Don't make bidi-paragraph-direction bound globally
in old Emacsen and XEmacsen.
(w3m-goto-url): Work for name anchors.
2012-01-23 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m-ems.el (w3m-form-make-button): Use "submit" instead for an empty
text, that won't be buttonized.
Reported by Roland Winkler <winkler@gnu.org>.
2012-01-13 Hideyuki SHIRAI <shirai@meadowy.org>
* w3m.el (w3m-fontify-anchors, w3m-goto-url): Not encode and decode
the anchor values to use Punycode.
2012-01-10 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m.el (w3m-image-type-alist): Add image/tiff.
(w3m-view-previous-page): Protect against empty history.
2012-01-06 Katsumi Yamaoka <yamaoka@jpl.org>
* Makefile.in (install-icons, install-icons30, install-info)
(install-info-en, install-info-ja, install-package)
(install-package-ja):
* doc/Makefile.in (install): Add DESTDIR variable to installation
directory.
* w3mhack.el (w3mhack-expand-file-name): New function.
(w3mhack-what-where): Use it.
* aclocal.m4 (AC_SET_VANILLA_FLAG): Remove --no-unibyte option.
2012-01-02 Elias Pipping <pipping@lavabit.com>
* Makefile.in (install-lisp): Add DESTDIR variable to installation
directory.
2011-12-26 Dan Jacobson <jidanni@jidanni.org>
* w3m.el (w3m-gohome): Always reload the home page.
2011-12-07 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m.el (w3m-mode): Force paragraph direction to be left-to-right.
Suggested by Naohiro Aota <naota@elisp.net>.
2011-12-06 Katsumi Yamaoka <yamaoka@jpl.org>
* Makefile.in (.el.elc): Shut up.
* w3m-lnum.el (w3m-lnum-read-interactive): Use (sit-for 0) instead of
redisplay for Emacs 21.1, too.
2011-12-05 Katsumi Yamaoka <yamaoka@jpl.org>
* aclocal.m4 (AC_EMACS_LISP): Simplify.
(AC_PATH_EMACS): Simplify Lisp code so as to make it work for recent
XEmacsen.
* w3m-favicon.el (w3m-favicon-type): Silence SXEmacs 22.1.14's byte
compiler.
* w3m-lnum.el (w3m-lnum-read-interactive): Use (sit-for 0) instead of
redisplay for XEmacs.
* w3m.el (w3m-resize-image-interactive): Use read-char-exclusive with
no arg for XEmacs.
2011-12-05 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m.el (w3m-read-file-name): Don't strip query part from given url.
(w3m-download): Always prompt for file name; don't strip query part.
Suggested by Dan Jacobson <jidanni@jidanni.org>.
2011-12-04 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m-lnum.el (w3m-lnum-universal-dispatch): Add argument passed to
kill-buffer, Emacs 22 requires it; use beginning-of-line rather than
move-beginning-of-line that XEmacs doesn't provide.
2011-12-02 Dan Jacobson <jidanni@jidanni.org>
* w3m-search.el (w3m-search-engine-alist): Put search string first in
query form.
2011-11-30 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m-util.el (w3m-popup-buffer): Restore history position always.
* w3m.el (w3m-copy-buffer): Save history position.
2011-11-17 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m-lnum.el (w3m-lnum-actions-custom-type): New variable.
(w3m-lnum-actions-general, w3m-lnum-actions-image-alist)
(w3m-lnum-actions-link-alist w3m-lnum-actions-button-alist)
(w3m-lnum-actions-form-alist): Use it to improve custom type.
2011-11-16 Andrey Kotlarski <m00naticus@gmail.com>
Add alternative selection->action method.
* w3m-lnum.el: Update comment section.
(w3m-lnum-quick-browsing): Change default value.
(w3m-lnum-actions-general, w3m-lnum-actions-image-alist)
(w3m-lnum-actions-link-alist, w3m-lnum-actions-button-alist)
(w3m-lnum-actions-form-alist): New custom options.
(w3m-lnum-remove-overlays): Add optional parameters for start and end.
(w3m-lnum, w3m-lnum-prompt-str, w3m-lnum-highlight-anchor): Sanitize
variable naming.
(w3m-read-event, w3m-lnum-visit, w3m-lnum-make-action): New macros.
(w3m-lnum-read-interactive): Add optional parameters for previous filter
and selected number. Return last applied filter along selected value.
Use `w3m-read-event'. Remove lnum overlays within all buffer on
scroll.
(w3m-with-lnum): Add parameter for initial filter. Change mode-line
during selection.
(w3m-lnum-get-action): If single image during image selection -
immediately select it. Accommodate to new return format of
`w3m-lnum-read-interactive'.
(w3m-lnum-follow): Use `w3m-lnum-visit'.
(w3m-lnum-universal-dispatch): New function.
(w3m-lnum-universal): New command.
(w3m-lnum-view-image, w3m-lnum-save-image, w3m-lnum-print-this-url):
Use nth.
(w3m-lnum-zoom-image): Use `w3m-resize-image-interactive'.
(w3m-lnum-zoom-in-image, w3m-lnum-zoom-out-image): Update doc string.
(w3m-lnum-bookmark-add-this-url): Fix bookmarking of current url.
(w3m-lnum-actions-link-alist): Add actions for generic browser and Curl
if present.
* w3m.el (autoload): Autoload `w3m-lnum-universal'.
(w3m-resize-image-interactive): New function.
(w3m-lnum-map): Add key for `w3m-lnum-universal'.
2011-11-14 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m.el (w3m-expand-url): Assume only a name anchor, that has no
scheme part nor directory part, to be the buffer: scheme.
(w3m-buffer-local-url): Move forward.
2011-10-24 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m-hist.el: Require w3m-util.
2011-10-22 Naohiro Aota <naota@elisp.net>
* w3m.el (w3m-goto-url): Check name anchor after redirect resolution.
2011-10-21 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m-hist.el (w3m-history-restore-position): Don't hscroll if there
are images ([emacs-w3m:11658]).
2011-10-17 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m.el (w3m-canonicalize-url): Fix url that fails to have put
a separator following a domain name.
Suggested by Dan Jacobson <jidanni@jidanni.org>.
2011-10-14 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m.el (w3m-url-coding-system-alist): Add a rule for Google.
(w3m-url-coding-system): Allow function to determine coding system.
2011-10-14 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m.el (w3m-url-encode-string, w3m-url-transfer-encode-string):
Restore optional coding argument.
(w3m-gmane-url-at-point, w3m-canonicalize-url): Do.
(w3m-download): Decode file name in url.
* w3m-form.el (w3m-form-make-form-data, w3m-form-parse-and-fontify):
* w3m-search.el (w3m-search-escape-query-string, w3m-search-do-search)
(w3m-search-uri-replace): Revert last change.
2011-10-13 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m.el (w3m-url-coding-system-alist): New user option.
(w3m-show-decoded-url, w3m-google-feeling-lucky-charset): Abolish.
(w3m-url-coding-system): New function.
(w3m-url-encode-string, w3m-url-readable-string)
(w3m-url-transfer-encode-string): Use it.
* w3m.el (w3m-fontify-anchors, w3m-gmane-url-at-point)
(w3m-canonicalize-url, w3m-goto-url):
* w3m-form.el (w3m-form-make-form-data, w3m-form-parse-and-fontify):
* w3m-search.el (w3m-search-escape-query-string, w3m-search-do-search)
(w3m-search-uri-replace): Don't specify coding system for encoding url.
2011-10-07 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m-favicon.el (w3m-favicon-type): Prefer gif.
(w3m-favicon-convert): Work for gif icons named "favicon.ico".
2011-09-08 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m-lnum.el (w3m-lnum-face): Remove face alias.
(w3m-lnum-quick-browsing): Add custom type.
(w3m-lnum-remove-overlays, w3m-lnum-set-numbering)
(w3m-lnum-highlight-anchor, w3m-lnum-get-match-info): Fix overlay end
range, too.
2011-09-07 Andrey Kotlarski <m00naticus@gmail.com>
* w3m.el: Use `w3m-lnum' as naming prefix for commands and
maps from `w3m-lnum.el'.
* w3m-lnum.el: Use `w3m-lnum' as naming prefix everywhere instead of
`w3m-linknum' or `w3m-link-numbering'.
(w3m-lnum-set-numbering, w3m-lnum): Optionally don't clean previous
numbering.
(w3m-lnum-read-interactive): Don't clean previous numbering with
`w3m-lnum' in cases when there is no such.
(w3m-lnum-remove-overlays, w3m-lnum-set-numbering): Fix overlay start
range to make it work for XEmacs.
(w3m-lnum-get-action): Don't invoke `w3m-lnum-read-interactive' with 0
numbered items.
* w3m-util.el (w3m-goto-next-defun): New macro.
(w3m-goto-next-anchor-or-image, w3m-substitute-key-definitions): Move
from w3m-lnum.el
2011-09-04 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m-lnum.el (w3m-link-numbering, w3m-linknum-minibuffer-prompt)
(w3m-linknum-match): Use old defface style for XEmacs.
(w3m-link-set-numbering): Replace string-match-p w/ w3m-string-match-p.
(w3m-highlight-numbered-anchor, w3m-get-match-info): Fix range passed
to overlays-in to make it work for XEmacs.
2011-09-04 Andrey Kotlarski <m00naticus@gmail.com>
* w3m-lnum.el: Update copyright years. Don't require `cl'.
(w3m-linknum-match): Make numbering face visible for some
consoles.
(w3m-link-numbering-quick-browsing)
(w3m-link-numbering-context-alist): New custom variables.
(w3m-linknum-remove-overlays): Delete overlays only within the
visible window part.
(w3m-link-set-overlay): Don't use `incf'.
(w3m-link-set-numbering): Number additional context items as
specified by `w3m-link-numbering-context-alist'. Return index of
the last matched item.
(w3m-goto-next-image2): Fix doc typo.
(w3m-goto-next-anchor-or-image, w3m-link-numbering): Cosmetic
indent.
(w3m-linknum-prompt-str): Don't show 0 when this is being current
default for selection.
(w3m-read-int-interactive): Up and down scrolling preserves text
filter and cleans previous numbering. Allow <enter> shortcutting
options as specified by `w3m-link-numbering-quick-browsing'. Don't
let the text filter grow when no items match.
(w3m-with-linknum): Make `last-index' variable visible within body
and set as the last index currently used for numbering.
(w3m-get-match-info): New macro.
(w3m-get-anchor-info): Use `w3m-get-match-info'.
(w3m-go-to-linknum, w3m-linknum-get-action): Call
`w3m-get-anchor-info' with a selection number.
(w3m-linknum-follow, w3m-linknum-view-image)
(w3m-linknum-save-image, w3m-linknum-print-this-url): Don't use cl
functions.
(w3m-linknum-zoom-image): Cosmetic doc string change.
(w3m-linknum-bookmark-add-this-url): Use 1+.
2011-09-03 Dan Jacobson <jidanni@jidanni.org>
* w3m.el (w3m-lynx-like-map, w3m-info-like-map): Bind the `C-t t' key
to w3m-create-empty-session.
2011-09-02 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m.el (w3m-create-empty-session): New user command.
(w3m-new-session-url): Default to about:blank.
(w3m-input-url): Don't use about:* as initial value.
(w3m-goto-url-new-session): Use w3m-new-session-url as the default.
- SECURITY: CVE-2012-3499 (cve.mitre.org)
Various XSS flaws due to unescaped hostnames and URIs HTML output in
mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp.
[Jim Jagielski, Stefan Fritsch, Niels Heinen <heinenn google com>]
- SECURITY: CVE-2012-4558 (cve.mitre.org)
XSS in mod_proxy_balancer manager interface. [Jim Jagielski,
Niels Heinen <heinenn google com>]
- mod_rewrite: Stop merging RewriteBase down to subdirectories
unless new option 'RewriteOptions MergeBase' is configured.
Merging RewriteBase was unconditionally turned on in 2.2.23.
Bug Report 53963. [Eric Covener]
- mod_ssl: Send the error message for speaking http to an https port using
HTTP/1.0 instead of HTTP/0.9, and omit the link that may be wrong when
using SNI. Bug Report 50823. [Stefan Fritsch]
- mod_ssl: log revoked certificates at level INFO
instead of DEBUG. Bug Report 52162. [Stefan Fritsch]
- mod_proxy_ajp: Support unknown HTTP methods. Bug Report 54416.
[Rainer Jung]
- mod_dir: Add support for the value 'disabled' in FallbackResource.
[Vincent Deffontaines]
- mod_ldap: Fix regression in handling "server unavailable" errors on
Windows. Bug Report 54140. [Eric Covener]
- mod_ssl: fix a regression with the string rendering of the "UID" RDN
introduced in 2.2.15. Bug Report 54510. [Kaspar Brand]
- ab: add TLS1.1/TLS1.2 options to -f switch, and adapt output
to more accurately report the negotiated protocol. Bug Report 53916.
[Nicolás Pernas Maradei <nico emutex com>, Kaspar Brand]
- mod_cache: Explicitly allow cache implementations to cache a 206 Partial
Response if they so choose to do so. Previously an attempt to cache a 206
was arbitrarily allowed if the response contained an Expires or
Cache-Control header, and arbitrarily denied if both headers were missing.
Currently the disk and memory cache providers do not cache 206 Partial
Responses. [Graham Leggett]
- core: Remove unintentional APR dependency introduced with
Apache 2.2.22. [Eric Covener]
- core: Use a TLS 1.0 close_notify alert for internal dummy connection if
the chosen listener is configured for https. [Joe Orton]
- mod_ssl: Add new directive SSLCompression to disable TLS-level
compression. Bug Report 53219. [Björn Jacke <bjoern j3e de>, Stefan Fritsch]
- Added deprecated function to Mojo::Util. (marcus)
- Removed deprecated render_content helper.
- Improved documentation.
- Improved tests.
3.86 2013-02-22
- Welcome to the Mojolicious core team Joel Berger.
- Improved portability of Mojo::Asset::File tests.
- Improved documentation.
- Improved tests. (jberger, sri)
- Fixed path generation bug in Mojolicious::Routes::Pattern. (jberger)
- Fixed small domain detection bug in Mojo::UserAgent::CookieJar.
(dione, sri)
- Fixed comment lines in Mojo::Template to cover the whole line.
3.85 2013-02-13
- Deprecated Mojo::UserAgent::build_form_tx in favor of
Mojo::UserAgent::build_tx.
- Deprecated Mojo::UserAgent::build_json_tx in favor of
Mojo::UserAgent::build_tx.
- Deprecated Mojo::UserAgent::post_form in favor of Mojo::UserAgent::post.
- Deprecated Mojo::UserAgent::post_json in favor of Mojo::UserAgent::post.
- Deprecated Mojo::UserAgent::Transactor::form in favor of
Mojo::UserAgent::Transactor::tx.
- Deprecated Mojo::UserAgent::Transactor::json in favor of
Mojo::UserAgent::Transactor::tx.
- Deprecated Test::Mojo::post_form_ok in favor of Test::Mojo::post_ok.
- Deprecated Test::Mojo::post_json_ok in favor of Test::Mojo::post_ok.
- Deprecated ojo::f in favor of ojo::p.
- Deprecated ojo::n in favor of ojo::p.
- Added support for pluggable content generators to
Mojo::UserAgent::Transactor. (judofyr, sri)
- Added generators attribute to Mojo::UserAgent::Transactor.
- Added add_generator method to Mojo::UserAgent::Transactor.
- Updated jQuery to version 1.9.1.
- Improved documentation.
- Improved tests.
- Fixed memory leak in development not found page.
- Fixed custom temporary directory bug in Mojo::Asset::File.
3.84 2013-01-30
- Deprecated after_static_dispatch hook in favor of before_routes.
- Added after_static hook.
- Fixed small file descriptor leak in Mojo::UserAgent.
3.83 2013-01-27
- Moved bundled static files to mojo directory.
- Improved documentation.
- Improved tests.
- Fixed small Getopt::Long configuration bug in Mojolicious::Commands.
Changelog:
Version 4.5.7 Feb 20th 2013
Fix for 3rd party apps dropping the database
Fix SubAdmins management
Fix PHP warnings
Fix compatibility with some CIFS shares
More robust apps management
Remove not needed AWS tests
Improved mime type parsing
Several sharing fixes
Offer the option to change the password only supported by the backend
More robust auto language detection
Revoke DB rights on install only if the db is newly created
Fix rendering of database connection error page
LDAP: update quota more often
Multiple XSS vulnerabilities (oC-SA-2013-003)
Multiple CSRF vulnerabilities (oC-SA-2013-004)
PHP settings disclosure (oC-SA-2013-005)
Multiple code executions (oC-SA-2013-006)
Privilege escalation in the calendar application (oC-SA-2013-007)
Changelog:
Fix the following security bugs.
SECURITY: CVE-2012-3499 (cve.mitre.org) Various XSS flaws due to unescaped hostnames and URIs HTML output in mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp.
SECURITY: CVE-2012-4558 (cve.mitre.org) XSS in mod_proxy_balancer manager interface.
Changelog:
FIXED
Security fixes can be found here
FIXED
Improvements to the Click-to-Play vulnerable plugin blocklisting feature
Fixed in Firefox ESR 17.0.3
MFSA 2013-28 Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer
MFSA 2013-27 Phishing on HTTPS connection through malicious proxy
MFSA 2013-26 Use-after-free in nsImageLoadingContent
MFSA 2013-25 Privacy leak in JavaScript Workers
MFSA 2013-24 Web content bypass of COW and SOW security wrappers
MFSA 2013-21 Miscellaneous memory safety hazards (rv:19.0 / rv:17.0.3)
= Changes in 2.3.3 =
February 24, 2013 - version 2.3.3
* Changes
* #144 Add User-Agent field by default. You can remove the header by
setting nil to HTTPClient#agent_name.
* enigmail is broken
Changelog:
SeaMonkey-specific changes
Reply to List is now supported.
SSL-related warning prompts (leaving or entering a secure site, viewing mixed content) have been replaced by less intrusive, non-modal notification bars.
See the changes page for minor changes.
Mozilla platform changes
Image quality has been improved through a new HTML scaling algorithm.
Canvas elements can export their content as an image blob using canvas.toBlob() now.
CSS @page is now supported.
CSS viewport-percentage length units have been implemented (vh, vw, vmin and vmax).
CSS text-transform now supports full-width.
Fixed several stability issues.
Fixed in SeaMonkey 2.16
MFSA 2013-28 Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer
MFSA 2013-27 Phishing on HTTPS connection through malicious proxy
MFSA 2013-26 Use-after-free in nsImageLoadingContent
MFSA 2013-25 Privacy leak in JavaScript Workers
MFSA 2013-24 Web content bypass of COW and SOW security wrappers
MFSA 2013-23 Wrapped WebIDL objects can be wrapped again
MFSA 2013-22 Out-of-bounds read in image rendering
MFSA 2013-21 Miscellaneous memory safety hazards (rv:19.0 / rv:17.0.3)
