4.1.2 (2021-03-17)
Avoid NonExistentTimeError during DST transition
4.1.1 (2020-11-28)
Don't import rest_framework from package root
4.1 (2020-11-28)
Add Django REST Framework serializer field
Add new choices_display kwarg with supported values WITH_GMT_OFFSET and STANDARD
Deprecate display_GMT_offset kwarg
4.0 (2019-12-03)
Add support for django 3.0, python 3.8
Drop support for django 1.11, 2.0, 2.1, python 2.7, 3.4
3.1 (2019-10-02)
Officially support django 2.2 (already worked)
Add option to display TZ offsets in form field
Changelog:
Version 78.10.1, first offered to ESR channel users on May 4, 2021
Fixed
* Resolved an issue caused by a recent Widevine plugin update which prevented
some purchased video content from playing correctly (bug 1705138)
* Security fix
Security fixes:
#CVE-2021-29951: Mozilla Maintenance Service could have been started or stopped
by domain users
Flask-Static-Digest is a Flask extension that will help make your
static files production ready with very minimal effort on your part.
It does this by md5 tagging and gzipping your static files after
running a `flask digest compile` command that this extension adds
to your Flask app.
Changelog:
Version 88.0.1, first offered to Release channel users on May 5, 2021
-------------------------------------------------------------------------------
Fixed
* Resolved an issue caused by a recent Widevine plugin update which prevented
some purchased video content from playing correctly (bug 1705138)
* Fixed corruption of videos playing on Twitter or WebRTC calls on some Gen6
Intel graphics chipsets (bug 1708937)
* Fixed menulists in Preferences being unreadable for users with High
Contrast Mode enabled (bug 1706496)
* Various stability and security fixes.
Security fixes:
#CVE-2021-29953: Universal Cross-Site Scripting
#CVE-2021-29952: Race condition in Web Render Components
warp-tls: HTTP over TLS support for Warp via the TLS package
SSLv1 and SSLv2 are obsoleted by IETF. We should use TLS 1.2 (or TLS
1.1 or TLS 1.0 if necessary). HTTP/2 can be negotiated by ALPN.
warp: A fast, light-weight web server for WAI applications.
HTTP/1.0, HTTP/1.1 and HTTP/2 are supported. For HTTP/2, Warp supports
direct and ALPN (in TLS) but not upgrade.
This library contains functions for encoding bytestring builders for
chunked HTTP/1.1 transfer.
This functionality was extracted from the blaze-builder package.
This package bundles the minified jQuery code into a Haskell package,
so it can be depended upon by Cabal packages. The first three
components of the version number match the upstream jQuery
version. The package is designed to meet the redistribution
requirements of downstream users (e.g. Debian).
This package bundles the minified Flot code (a jQuery plotting
library) into a Haskell package, so it can be depended upon by Cabal
packages. The first three components of the version number match the
upstream flot version. The package is designed to meet the
redistribution requirements of downstream users (e.g. Debian).
Django 3.2.1
CVE-2021-31542: Potential directory-traversal via uploaded files
MultiPartParser, UploadedFile, and FieldFile allowed directory-traversal via uploaded files with suitably crafted file names.
In order to mitigate this risk, stricter basename and path sanitation is now applied. Specifically, empty file names and paths with dot segments will be rejected.
Bugfixes
Corrected detection of GDAL 3.2 on Windows.
Fixed a bug in Django 3.2 where subclasses of BigAutoField and SmallAutoField were not allowed for the DEFAULT_AUTO_FIELD setting.
Fixed a regression in Django 3.2 that caused a crash of QuerySet.values()/values_list() after QuerySet.union(), intersection(), and difference() when it was ordered by an unannotated field.
Restored, following a regression in Django 3.2, displaying an exception message on the technical 404 debug page.
Fixed a bug in Django 3.2 where a system check would crash on a reverse one-to-one relationships in CheckConstraint.check or UniqueConstraint.condition.
Fixed a regression in Django 3.2 that caused a crash of ModelAdmin.search_fields when searching against phrases with unbalanced quotes.
Fixed a bug in Django 3.2 where variable lookup errors were logged rendering the sitemap template if alternates were not defined.
Fixed a regression in Django 3.2 that caused a crash when combining Q() objects which contains boolean expressions.
Fixed a regression in Django 3.2 that caused a crash of QuerySet.update() on a queryset ordered by inherited or joined fields on MySQL and MariaDB.
Fixed a regression in Django 3.2 that caused a crash when decoding a cookie value, used by django.contrib.messages.storage.cookie.CookieStorage, in the pre-Django 3.2 format.
Fixed a regression in Django 3.2 that stopped the shift-key modifier selecting multiple rows in the admin changelist.
Fixed a bug in Django 3.2 where a system check would crash on the STATICFILES_DIRS setting with a list of 2-tuples of (prefix, path).
Fixed a long standing bug involving queryset bitwise combination when used with subqueries that began manifesting in Django 3.2, due to a separate fix using Exists to exclude() multi-valued relationships.
Fixed a bug in Django 3.2 where variable lookup errors were logged when rendering some admin templates.
Fixed a bug in Django 3.2 where an admin changelist would crash when deleting objects filtered against multi-valued relationships. The admin changelist now uses Exists() instead QuerySet.distinct() because calling delete() after distinct() is not allowed in Django 3.2 to address a data loss possibility.
Fixed a regression in Django 3.2 where the calling process environment would not be passed to the dbshell command on PostgreSQL.
Fixed a performance regression in Django 3.2 when building complex filters with subqueries. As a side-effect the private API to check django.db.sql.query.Query equality is removed.
Django 3.2.0:
Automatic AppConfig discovery simplifies configuration of pluggable applications.
Customizing the type of auto-created primary keys begins a process of migrating to BigAutoField primary key fields by default.
Functional indexes can now be created on expressions and database functions.
Django 2.2.21 fixes a security issue in 2.2.20.
CVE-2021-31542: Potential directory-traversal via uploaded files
MultiPartParser, UploadedFile, and FieldFile allowed directory-traversal via uploaded files with suitably crafted file names.
In order to mitigate this risk, stricter basename and path sanitation is now applied. Specifically, empty file names and paths with dot segments will be rejected.
Django 2.2.20
CVE-2021-28658: Potential directory-traversal via uploaded files
MultiPartParser allowed directory-traversal via uploaded files with suitably crafted file names.
Built-in upload handlers were not affected by this vulnerability.
0.59.0
- Last main release to support Python 2
- Fix Python 2 urlparse scheme
- Add support for headers with multiple values
- Add debug support for reserved custom status codes
- Allow multiple Set-Cookie: headers
- Simplified cookie sorting
- Add no_proxy support
- Add Host header to HTTP proxy request
- Improve PEP8 style compliance
TUI for quickly searching crates.io
The searches return the same results as if you entered the search term
into the search bar on crates.io.
The results are returned in pages of 5 results each.
Sun 25 Apr 2021 14:00:00 MSK
Released GNU libmicrohttpd 0.9.73
This release brings new features, improvements, and a few fixes.
The most important addition is the new function for vector-backed
responses, based on the patch contributed by NASA engineers.
Other changes include compatibility with autoconf 2.70+, improved
testsuite compatibility with CI systems, fixed and improved MSVC
builds, and implemention of ALPN support.
More detailed list of notable changes:
API changes:
+ Added new function MHD_create_response_from_iovec(), based on the
patch provided by Lawrence Sebald and Damon N. Earp from NASA.
+ Added MHD_OPTION_SIGPIPE_HANDLED_BY_APP daemon option.
+ Added new function MHD_run_wait().
+ Added MHD_OPTION_TLS_NO_ALPN to disable usage of ALPN even if
it is supported by TLS library.
New features:
+ Added '--enable-heavy-tests' configure parameter (disabled by
default).
+ Implemented support for ALPN.
Improvements and enhancements:
* Return timeout of zero also for connections awaiting cleanup.
* Compatibility with autoconf >=2.70, used new autoconf features.
* Warn user when custom logger option is not the first option.
* Added information to the header about minimal MHD version when
particular symbols were introduced.
* Updated test certificates to be compatible with modern browsers.
* Added on-fly detection of UNIX domain sockets and pipes, MHD does
not try to use TCP/IP-specific socket options on them.
* Report more detailed error description in the MHD log for send
and receive errors.
* Enabled bind port autodetection for MSVC builds.
Fixes:
# Fix PostProcessor to always properly stop iteration when
application callback tells it to do so.
# Fixed MD5 digest authorization broken when compiled without
variable length arrays support (notably with MSVC).
# Fixed detection of type of send errors on W32.
-- Evgeny Grin (Karlson2k)
0.7.3
-----
prelude: >
Small release to remove support for older Python versions, and to do some
housekeeping on the project repository and contributor experience.
Changes include:
+ Moving CI from Travis to Github Actions
This decision was made following Travis CIs recent change in policies
around open source projects.
+ Moving to Github Actions gave us the ability to define slightly more
granular workflows, which give more insight into why tests failed and put
CI results directly in Github.
+ ``Tox`` as a single entrypoint for all main developer tasks, specifically
linting, testing and building docs.
+ Updated contribution guidelines
deprecations:
- |
This release drops support for Python versions 3.4 and 3.5. Support for
python 3.4 was dropped from Pip in July 2019, and support for 3.5 in
January of this year. According to `PyPI Stats
<https://pypistats.org/packages/flask-flatpages>`_. these versions
account for a handful of downloads a month. Version 0.7.2 has
identical funcitonality to this release and will still work for these
versons.
fixes:
- |
This release resolves issue `# 79
<https://github.com/Flask-Flatpages/Flask-Flatpages/issues/79>`_.
by correcting an inconsistent parameter name in the documentation.
- |
Building on the fix to Issue `# 77
<https://github.com/Flask-FlatPages/Flask-FlatPages/issues/77>`_, we
replace the custom compact module with ``six``.
Now it should be more obvious when a package needs it as a dependency,
as it will fail loudly if it isn't declared as a tool.
While here, some duplicate dependencies on itstool were removed from the
MATE packages
v0.6.0
======
Another major release version after v0.5.0 with a lot of breaking changes.
Application changes:
- Introducing Article View used to read a web page in reader mode directly in
the application:
- mercury-parser is required for the view to function
- a brief demo video about Article View:
https://www.youtube.com/watch?v=jIsKZwPi2T8
- Supporting fully customizable key bindings:
- users can now freely customize shortcuts by modifying the default config
file
- Change default key bindings:
- With fully customizable shortcuts, the default key mapping received major
changes to simplify its interfaces.
- For more details on the new shortcuts, press ? in each View to see the
new key mapping or read the default config file.
- Remove webbroswer package (originally used to open a link in browser with
cross-platform support)
- Now, to open an external link in the browser, users need to define
the url_open_command config option in the default config file.
Default to be xdg-open.
Codebase changes:
- implement new features (fully customizable key mapping, Article View)
- fix bugs, improve documentation and error handlers
v2.1.2
Fixed: Support Python 3.9's changed urllib.parse.urljoin() behavior.
< py3.9: furl('wss://slrp.com/').join('foo:1') -> 'wss://slrp.com/foo:1'
>= py3.9: furl('wss://slrp.com/').join('foo:1') -> 'foo:1'
Changed: Drop semicolon query delimiters. See
https://bugs.python.org/issue42967.
Changed: Drop support for EOL Python 3.4 and Python 3.5.
v2.1.1
Fixed: Export metadata variables (furl.__title__, furl.__version__, etc).
Added: scheme, host, netloc, and origin as parameters to furl.remove().
Changed: Homogenize parameter order across furl.add(), furl.set(), and
furl.remove().
Changed: furl.origin can be assigned None. This has the same behavior as
furl.remove(origin=True).
