## Rails 3.2.19 (Jul 2, 2014) ##
* Fix regression when using `ActionView::Helpers::TranslationHelper#translate` with
`options[:raise]`.
This regression was introduced at ec16ba75a5493b9da972eea08bae630eba35b62f.
*Shota Fukumori (sora_h)*
Universal Ruby library to handle WebSocket protocol. It focuses on providing
abstraction layer over WebSocket API instead of providing server or client
functionality.
Currently, WebSocket Ruby supports all existing drafts of WebSocket, which
include:
* hixie-75
* hixie-76
* all hybi drafts (00-13)
* RFC 6455
Quote from http://www.providentcrm.com/news/sugarcrm-6-5-17-patch-list/.
1. Module scanner now blocks two additional functions:
simplexml_load_file and simplexml_load_string
2. JS Security Fix in Emails -- changing AJAX call from GET to POST.
3. XML Handling -- Additional error handling and libxml_disable_entity_loader
is now set to true.
4. Users module -- Additional checking on un-authorised access to other users
profile, plus Bugfix for password field.
Docs: external_acl_type documentation lies for cache=n option
Non https connectiona on SSL-bump enabled port may stuck
Do not leak implicit ACLs during reconfigure.
Assure that when LruMap::memLimit_ is set to 0 no entries stored on LruMap
Portability: use 64-bit for X-Cache-Age header
Windows: fix various libip build issues
Windows: rename TcpLogger::connect
Windows: rename ConnOpener::connect
Change order of BSD-specific network includes so that they are properly picked up
Do not leak ex_data for SSL state that survived reconfigure.
Do not register the same Cache Manager action more than once
Fix leaked TcpAcceptor job on reconfiguration
Fix leak of ACLs related to adaptation access rules
Bug 4056: assertion MemPools[type] from netdbExchangeStart()
Bug 4065: round-robin neighbor selection with unequal weights
Bug 4050: Segfault in CommSelectEngine::checkEvents on helper response
Fix segfault setting up server SSL connnection
Regression: segfault logging with %tg format specifier
SourceFormat Enforcement
Changelog:
1.11 12/21/2013
Minor parser bugfixes
Fix upgrading from older tt-rss versions
Minor performance improvements
Other bugfixes
API: fix labels not applying because API call expected labels in wrong format
1.12 03/21/2014
Parser / misc bugfixes
Default theme update
Traditional Chinese (zh_TW) translation
Various comics plugins merged into af_comics
* I gave up subdirectory installation with nginx... (MESSAGES)
Changelog:
Version 6.0.4 June 23rd 2014
Fixed a security issue (Will be disclosed two weeks after this release)
Several LDAP fixes and improvements
Add deprecated warning to load function
File scanner fixes
Heart beat fixes
Encryption fixes for some corner cases
Fix conflict dialog translations
Fix button text overflow
Fix search with Oracle
Php upload errors are written to log
OCS status code fixes
Add PostgreSQL version warning
Version 6.0.3 April 29rd 2014
Several security fixes. (Will be disclosed 2 weeks after the release)
Appframework extensions to improve the compatibility with 3rdparty apps
LDAP performance improvements
Fix updating of email adresses from LDAP
Fix WebDAV timestamp format handling
Disable internet connection check if a proxy is configured
Fix a potential file chunking problem on a server that is running out of storage
Do not expire file chunks while checking their existence
Fix loading of authentication apps in any case
Performance improvements by reducing the number of chmod operations.
Make the trusted domain upgrade feature more robust.
Don't allow creating a "Shared" folder.
Fixed "select all" + download on public page
Fix share as link with email multiple users
Reset time of last update feed polling to fix the updater
Share API fixes
Admin option for public upload with encryption enabled
Fix CIFS with home shares
Detect a missing "data" directory mount
Fix the filesize calculation of encrypted files
Fixes in the OpenStack support
Fixes in the SWIFT support
Don't block PHP sessions during download
Fix sharing oc addressbooks
Several ownCloud Documents improvements and fixes
Several smaller bugfixes
Tomcat 6.0.41
=============
Jasper
------
fix 56529: Avoid NoSuchElementException while handling attributes
with empty string value in custom tags. Based on a patch
provided by Hariprasad Manchi. (violetagg/kkolinko)
Tomcat 6.0.40 not released
============================
Catalina
--------
fix 56027: Add more options for managing FIPS mode in the
AprLifecycleListener. (schultz/kkolinko)
fix 56082: Fix a concurrency bug in JULI's LogManager
implementation. (markt)
fix 56236: Enable Tomcat to work with alternative Servlet and
JSP API JARs that package the XML schemas in such as way as
to require a dependency on the JSP API before enabling
validation for web.xml. Tomcat has no such dependency. (markt)
fix Change the default value of the xmlBlockExternal attribute
of Context elements. It is now true. (kkolinko)
fix Don't log to standard out in SSLValve. (kkolinko/markt)
code Use StringBuilder in DefaultServlet. (kkolinko)
fix 56275: Allow web applications to be stopped cleanly even
if filters throw exceptions when their destroy() method is
called. (markt/kkolinko)
fix Redefine the globalXsltFile initialisation parameter of the
DefaultServlet as relative to CATALINA_BASE/conf or
CATALINA_HOME/conf. Prevent user supplied XSLTs used by the
DefaultServlet from defining external entities. (markt)
fix Add a work around for validating XML documents (often TLDs)
that use just the file name to refer to refer to the JavaEE
schema on which they are based. (kkolinko)
fix 56369: Ensure that removing an MBean notification listener
reverts all the operations performed when adding an MBean
notification listener. (markt)
fix Only create XML parsing objects if required and fix associated
potential memory leak in the default Servlet. (markt)
fix Ensure that a TLD parser obtained from the cache has the
correct value of blockExternal. (markt/kkolinko)
add Extend XML factory, parser etc. memory leak protection to
cover some additional locations where, theoretically, a
memory leak could occur. (markt)
add Add the org.apache.naming package to the packages requiring
code to have the defineClassInPackage permission when running
under a security manager. (markt)
add Add the org.apache.naming.resources package to the packages
requiring code to have the accessClassInPackage permission
when running under a security manager. (markt)
fix Make the naming context tokens for containers more robust.
Require RuntimePermission when introducing a new token.
(markt/kkolinko)
Coyote
------
fix Improve processing of chuck size from chunked headers.
Avoid overflow and use a bit shift instead of a multiplication
as it is marginally faster. (markt/kkolinko)
fix Fix possible overflow when parsing long values from a byte
array. (markt)
update 56363: Update to version 1.1.30 of Tomcat Native library.
The minimum required version of this library for APR connector
is now 1.1.30. (kkolinko)
Jasper
------
fix Change the default behaviour of JspC to block XML external
entities by default. (kkolinko)
fix Restore the validateXml option to Jasper that was previously
renamed validateTld. Both options are now supported.
validateXml controls the validation of web.xml files when
Jasper parses them and validateTld controls the validation
of *.tld files when Jasper parses them. (markt)
fix 54475: Add Java 8 support to SMAP generation for JSPs.
Patch by Robbie Gibson. (markt)
fix 56010: Don't throw an IllegalArgumentException when
JspFactory.getPageContext is used with JspWriter.DEFAULT_BUFFER.
Based on a patch by Eugene Chung. (markt)
fix 56265: Do not escape values of dynamic tag attributes
ontaining EL expressions. (kkolinko)
fix 56283: Add support for running Tomcat 6 with ecj-P20140317-1600.jar
(as drop-in replacement for ecj-4.3.1.jar). Add support for
value "1.8" for the compilerSourceVM and compilerTargetVM
options. Note that ecj-P20140317-1600.jar can only be used
when running with Java 6 or later. The "1.8" options make
sense only when running with Java 8 (or later). (kkolinko)
fix 56334: Fix a regression in the handling of back-slash escaping
introduced by the fix for 55735. (markt/kkolinko)
fix Correct the handling of back-slash escaping in the EL parser
and no longer require that \$ or \# must be followed by { in
order for the back-slash escaping to take effect. (markt)
Cluster
-------
code Refactor AbstractReplicatedMap and related classes to enable
Tomcat 6 to be compiled using Java 8. (markt)
Web applications
----------------
add 56093: Documentation for SSLValve. (markt/kkolinko)
fix Correct documentation on Windows service options, aligning
it with Apache Commons Daemon documentation. (kkolinko)
add Add support for version-major, version-major-minor tags in
documentation XSLT, to simplify documentation backports. (kkolinko)
fix Fix target and rel attributes on links in documentation.
They were lost during XSLT transformation. (kkolinko)
Other
-----
code Remove svn keywords (such as $Id) from source files and
documentation. (kkolinko)
update Improvements to the Windows installer, to align it with
installing the sevice with service.bat. Use explicit memory
sizes (--JvmMs 128 Mb and --JvmMx 256 Mb). Specify log
directory path when ininstalling, so that the log file is
written to the Tomcat logs directory, instead of
"%SystemRoot%\System32\LogFiles\Apache". (kkolinko)
update 49993, 56143: Improve service.bat script. Allow it to be
launched from non-UAC console. The UAC prompt will be shown
only once. Now there is no need to run the command shell
with elevated privileges. Improve check for JAVA_HOME and
add support for JRE_HOME. Warn if neither "client" nor
"server" JVM is found. Align classpath, display name and
other options with the exe installer. Make command names
case-insensitive. Update documentation. (kkolinko)
This is a security update and approved by wiz@.
Upstream changes:
Changes since 1.22.7
(bug 65839) SECURITY: Prevent external resources in SVG files.
(bug 66428) MimeMagic: Don't seek before BOF. This has weird side effects like only extracting the tail of the file partially or not at all.
Changelog:
SeaMonkey-specific changes
The delimiter for forwarded messages can now be configured.
An option to not strip signatures on reply has been added to prevent top signatures from deleting the body.
Add to Searchbar (search-engine autodiscovery) was implemented.
The location bar tooltip now shows the complete current URL in case it is displayed only partially.
See the changes page for a more complete overview.
Mozilla platform changes
The Gamepad API has been finalized and enabled (learn more).
navigator.plugins is no longer enumerable, for user privacy.
ECMAScript Internationalization API has been enabled.
'box-sizing' (dropping the -moz- prefix) has been implemented.
SharedWorker is now enabled by default.
CSS3 variables have been implemented.
Console object is now available in Web Workers.
Promises have been enabled by default.
<input type="number"> has been implemented and enabled.
<input type="color"> has been implemented and enabled.
Fixed several stability issues.
Fixed in SeaMonkey 2.26.1
MFSA 2014-54 Buffer overflow in Gamepad API
MFSA 2014-53 Buffer overflow in Web Audio Speex resampler
MFSA 2014-52 Use-after-free with SMIL Animation Controller
MFSA 2014-51 Use-after-free in Event Listener Manager
MFSA 2014-49 Use-after-free and out of bounds issues found using Address Sanitizer
MFSA 2014-48 Miscellaneous memory safety hazards (rv:30.0 / rv:24.6)
Fixed in SeaMonkey 2.26
MFSA 2014-47 Debugger can bypass XrayWrappers with JavaScript
MFSA 2014-46 Use-after-free in nsHostResolve
MFSA 2014-45 Incorrect IDNA domain name matching for wildcard certificates
MFSA 2014-44 Use-after-free in imgLoader while resizing images
MFSA 2014-43 Cross-site scripting (XSS) using history navigations
MFSA 2014-42 Privilege escalation through Web Notification API
MFSA 2014-41 Out-of-bounds write in Cairo
MFSA 2014-39 Use-after-free in the Text Track Manager for HTML video
MFSA 2014-38 Buffer overflow when using non-XBL object as XBL
MFSA 2014-37 Out of bounds read while decoding JPG images
MFSA 2014-36 Web Audio memory corruption issues
MFSA 2014-34 Miscellaneous memory safety hazards (rv:29.0 / rv:24.5)
* Finnish translation is added and Latvian translation is removed.
* Example website (Music Academy) is removed from core distribution.
It is still available on Contao Extension Repository.
Version 3.2.12 (2014-06-18)
---------------------------
### Fixed
Replace insert tags in external redirect targets (see #6765).
### Fixed
Also apply the font settings to the ACE element (see #7103).
### Fixed
Show the placeholder image in the "edit file" dialog if the original image
exceeds the maximum dimensions supported by the GD library (see #7032).
### Fixed
Preserve whitespace before `<textarea>` tags when minifying code (see #7087).
### Fixed
Restore the PHP 5.3 compatibility of the listing module (see #7078).
### Fixed
Do not offer to drop tables or fields if the safe mode is active (see #7085).
### Fixed
Correctly detect binary fields during theme export (see #7079).
Version 3.3.3 (2014-06-18)
--------------------------
### Fixed
Convert insert tags before assigning the page title to the template (see #7097).
### Fixed
Correctly render images in TinyMCE in the newsletter module (see #7089).
usable with modern gcc.
Since the full "debug" version will behave differently to the standard
version (as it enables all the mozilla internal consistency checks, and
also drops compiler optimization), it is not very usefull when trying to
debug crashes that could be compiler bugs, or mozilla low level bugs -
so provide a new option "debug-info" that creates a debuggable, but
fully optimized version.
The result is best run from the pkgobj dir via the
work/build/dist/bin/run-mozilla script with options "-g ./firefox".
No changes to the default pkg generated.
=============
Version 4.2.4
=============
Version 4.2.4 of mod_wsgi can be obtained from:
https://github.com/GrahamDumpleton/mod_wsgi/archive/4.2.4.tar.gz
Bugs Fixed
----------
1. Fixed one off error in applying limit to the number of supplementary
groups allowed for a daemon process group. The result could be that if
more groups than the operating system allowed were specified to the option
``supplementary-groups``, then memory corruption or a process crash could
occur.
2. Improved error handling in setting up the current working directory and
group access rights for a process when creating a daemon process group. The
change means that if any error occurs that the daemon process group will be
restarted rather than allow it to keep running with an incorrect working
directory or group access rights.
New Features
------------
1. Added the ``--setup-only`` option to mod_wsgi express so that it is
possible to create the configuration when using the Django management command
``runmodwsgi`` without actually starting the server.
=============
Version 4.2.3
=============
Version 4.2.3 of mod_wsgi can be obtained from:
https://github.com/GrahamDumpleton/mod_wsgi/archive/4.2.3.tar.gz
Bugs Fixed
----------
1. The feature for starting mod_wsgi express using the Django management
command ``runmodwsgi`` was broken by the 4.2.2 release.
=============
Version 4.2.2
=============
Version 4.2.2 of mod_wsgi can be obtained from:
https://github.com/GrahamDumpleton/mod_wsgi/archive/4.2.2.tar.gz
Bugs Fixed
----------
1. The ``envvars`` file was being overwritten even if it existed and had
been modified.
New Features
------------
1. Output the location of the ``envvars`` file when using the
``setup-server`` command for ``mod_wsgi-express`` or if using the
``start-server`` command and the ``--envars-script`` option was being used.
2. Output the location of the ``apachectl`` script when using the
``setup-server`` command for ``mod_wsgi-express``.
=============
Version 4.2.1
=============
Version 4.2.1 of mod_wsgi can be obtained from:
https://github.com/GrahamDumpleton/mod_wsgi/archive/4.2.1.tar.gz
Bugs Fixed
----------
1. The auto generated configuration would not work with an Apache
installation where core Apache modules were statically compiled into Apache
rather than being dynamically loaded.
=============
Version 4.2.0
=============
Version 4.2.0 of mod_wsgi can be obtained from:
https://github.com/GrahamDumpleton/mod_wsgi/archive/4.2.0.tar.gz
New Features
------------
1. Added ``mod_wsgi.server_metrics()`` function which provides access to a
dictionary of data derived from the Apache worker scoreboard. In effect this
provides access to the same information that is used to create the Apache
server status page.
Note that if ``mod_status`` is not loaded into Apache, or the compile time
configuration of Apache prohibits the scoreboard from being available, this
function will return ``None``.
Also be aware that only partial information about worker status, and no
information about requests, will be returned if the ``ExtendedStatus``
directive is not also set to ``On``.
Although ``mod_status`` needs to be loaded, it is not necessary to enable
any URL to expose the server status page.
2. Added support for a platform plugin for New Relic to ``mod_wsgi-express``
which will report server status information up to New Relic if the
``--with-newrelic`` option is supplied when running mod_wsgi express.
That same option also enables the New Relic Python agent. If you only want
one or the other, you can instead use the ``--with-newrelic-agent`` and
``--with-newrelic-platform`` options.
The feature of ``mod_wsgi-express`` for reporting data up to the New Relic
Platform is dependent upon the separate ``mod_wsgi-metrics`` package being
installed.
Serf 1.3.6 [2014-06-09, from /tags/1.3.6, rxxxx]
Revert r2319 from serf 1.3.5: this change was making serf call handle_response
multiple times in case of an error response, leading to unexpected behavior.
