Changelog:
There have been multiple improvements in the bytes to/from characters conversion process. The core conversion process has been refactored to use the NIO APIs. This has resulted in a number of improvements including invalid UTF-8 byte sequences at the end of a series of bytes now trigger a conversion error rather than being silently swallowed. Errors detected in request URIs will be replaced with the replacement character (allowing the application to respond to the invalid URI as it wishes) and errors in request bodies will trigger an IOException. The use of the JVM provided UTF-8 decoder has been replaced by a better UTF-8 decoder derived from Apache Harmony. This improved decoder has earlier detection of error conditions and more closely follows the Unicode specification regarding the use of replacement characters.
The annotation scanning process now provides more information if the scan fails due to broken class dependencies. There is now enough information to identify the class(es) at fault. The JAR scanning process that supports annotation scanning has also seen multiple improvements and fixes including the exclusion by default of the Bootstrap class path from the scan.
Upgraded a number of Tomcat's dependencies including Commons Daemon to 1.0.14, Commons IO to 2.4 and Commons FileUpload to r1458500. A new dependency on Commons Codec was added to replace Tomcat's internal Base64 encoder/decoder.
version are:
. SPDY protocol support
. WebSocket connections
. OCSP Stapling
. gunzip module
. flood prevention through rejection codes
Full changelog:
Changes with nginx 1.4.0 24 Apr 2013
*) Bugfix: nginx could not be built with the ngx_http_perl_module if the
--with-openssl option was used; the bug had appeared in 1.3.16.
*) Bugfix: in a request body handling in the ngx_http_perl_module; the
bug had appeared in 1.3.9.
Changes with nginx 1.3.16 16 Apr 2013
*) Bugfix: a segmentation fault might occur in a worker process if
subrequests were used; the bug had appeared in 1.3.9.
*) Bugfix: the "tcp_nodelay" directive caused an error if a WebSocket
connection was proxied into a unix domain socket.
*) Bugfix: the $upstream_response_length variable has an incorrect value
"0" if buffering was not used.
Thanks to Piotr Sikora.
*) Bugfix: in the eventport and /dev/poll methods.
Changes with nginx 1.3.15 26 Mar 2013
*) Change: opening and closing a connection without sending any data in
it is no longer logged to access_log with error code 400.
*) Feature: the ngx_http_spdy_module.
Thanks to Automattic for sponsoring this work.
*) Feature: the "limit_req_status" and "limit_conn_status" directives.
Thanks to Nick Marden.
*) Feature: the "image_filter_interlace" directive.
Thanks to Ian Babrou.
*) Feature: $connections_waiting variable in the
ngx_http_stub_status_module.
*) Feature: the mail proxy module now supports IPv6 backends.
*) Bugfix: request body might be transmitted incorrectly when retrying a
request to the next upstream server; the bug had appeared in 1.3.9.
Thanks to Piotr Sikora.
*) Bugfix: in the "client_body_in_file_only" directive; the bug had
appeared in 1.3.9.
*) Bugfix: responses might hang if subrequests were used and a DNS error
happened during subrequest processing.
Thanks to Lanshun Zhou.
*) Bugfix: in backend usage accounting.
Changes with nginx 1.3.14 05 Mar 2013
*) Feature: $connections_active, $connections_reading, and
$connections_writing variables in the ngx_http_stub_status_module.
*) Feature: support of WebSocket connections in the
ngx_http_uwsgi_module and ngx_http_scgi_module.
*) Bugfix: in virtual servers handling with SNI.
*) Bugfix: new sessions were not always stored if the "ssl_session_cache
shared" directive was used and there was no free space in shared
memory.
Thanks to Piotr Sikora.
*) Bugfix: multiple X-Forwarded-For headers were handled incorrectly.
Thanks to Neal Poole for sponsoring this work.
*) Bugfix: in the ngx_http_mp4_module.
Thanks to Gernot Vormayr.
Changes with nginx 1.3.13 19 Feb 2013
*) Change: a compiler with name "cc" is now used by default.
*) Feature: support for proxying of WebSocket connections.
Thanks to Apcera and CloudBees for sponsoring this work.
*) Feature: the "auth_basic_user_file" directive supports "{SHA}"
password encryption method.
Thanks to Louis Opter.
Changes with nginx 1.3.12 05 Feb 2013
*) Feature: variables support in the "proxy_bind", "fastcgi_bind",
"memcached_bind", "scgi_bind", and "uwsgi_bind" directives.
*) Feature: the $pipe, $request_length, $time_iso8601, and $time_local
variables can now be used not only in the "log_format" directive.
Thanks to Kiril Kalchev.
*) Feature: IPv6 support in the ngx_http_geoip_module.
Thanks to Gregor Kali¨nik.
*) Bugfix: in the "proxy_method" directive.
*) Bugfix: a segmentation fault might occur in a worker process if
resolver was used with the poll method.
*) Bugfix: nginx might hog CPU during SSL handshake with a backend if
the select, poll, or /dev/poll methods were used.
*) Bugfix: the "[crit] SSL_write() failed (SSL:)" error.
*) Bugfix: in the "client_body_in_file_only" directive; the bug had
appeared in 1.3.9.
*) Bugfix: in the "fastcgi_keep_conn" directive.
Changes with nginx 1.3.11 10 Jan 2013
*) Bugfix: a segmentation fault might occur if logging was used; the bug
had appeared in 1.3.10.
*) Bugfix: the "proxy_pass" directive did not work with IP addresses
without port specified; the bug had appeared in 1.3.10.
*) Bugfix: a segmentation fault occurred on start or during
reconfiguration if the "keepalive" directive was specified more than
once in a single upstream block.
*) Bugfix: parameter "default" of the "geo" directive did not set
default value for IPv6 addresses.
Changes with nginx 1.3.10 25 Dec 2012
*) Change: domain names specified in configuration file are now resolved
to IPv6 addresses as well as IPv4 ones.
*) Change: now if the "include" directive with mask is used on Unix
systems, included files are sorted in alphabetical order.
*) Change: the "add_header" directive adds headers to 201 responses.
*) Feature: the "geo" directive now supports IPv6 addresses in CIDR
notation.
*) Feature: the "flush" and "gzip" parameters of the "access_log"
directive.
*) Feature: variables support in the "auth_basic" directive.
*) Bugfix: nginx could not be built with the ngx_http_perl_module in
some cases.
*) Bugfix: a segmentation fault might occur in a worker process if the
ngx_http_xslt_module was used.
*) Bugfix: nginx could not be built on MacOSX in some cases.
Thanks to Piotr Sikora.
*) Bugfix: the "limit_rate" directive with high rates might result in
truncated responses on 32-bit platforms.
Thanks to Alexey Antropov.
*) Bugfix: a segmentation fault might occur in a worker process if the
"if" directive was used.
Thanks to Piotr Sikora.
*) Bugfix: a "100 Continue" response was issued with "413 Request Entity
Too Large" responses.
*) Bugfix: the "image_filter", "image_filter_jpeg_quality" and
"image_filter_sharpen" directives might be inherited incorrectly.
Thanks to Ian Babrou.
*) Bugfix: "crypt_r() failed" errors might appear if the "auth_basic"
directive was used on Linux.
*) Bugfix: in backup servers handling.
Thanks to Thomas Chen.
*) Bugfix: proxied HEAD requests might return incorrect response if the
"gzip" directive was used.
Changes with nginx 1.3.9 27 Nov 2012
*) Feature: support for chunked transfer encoding while reading client
request body.
*) Feature: the $request_time and $msec variables can now be used not
only in the "log_format" directive.
*) Bugfix: cache manager and cache loader processes might not be able to
start if more than 512 listen sockets were used.
*) Bugfix: in the ngx_http_dav_module.
Changes with nginx 1.3.8 30 Oct 2012
*) Feature: the "optional_no_ca" parameter of the "ssl_verify_client"
directive.
Thanks to Mike Kazantsev and Eric O'Connor.
*) Feature: the $bytes_sent, $connection, and $connection_requests
variables can now be used not only in the "log_format" directive.
Thanks to Benjamin Grössing.
*) Feature: the "auto" parameter of the "worker_processes" directive.
*) Bugfix: "cache file ... has md5 collision" alert.
*) Bugfix: in the ngx_http_gunzip_filter_module.
*) Bugfix: in the "ssl_stapling" directive.
Changes with nginx 1.3.7 02 Oct 2012
*) Feature: OCSP stapling support.
Thanks to Comodo, DigiCert and GlobalSign for sponsoring this work.
*) Feature: the "ssl_trusted_certificate" directive.
*) Feature: resolver now randomly rotates addresses returned from cache.
Thanks to Anton Jouline.
*) Bugfix: OpenSSL 0.9.7 compatibility.
Changes with nginx 1.3.6 12 Sep 2012
*) Feature: the ngx_http_gunzip_filter_module.
*) Feature: the "memcached_gzip_flag" directive.
*) Feature: the "always" parameter of the "gzip_static" directive.
*) Bugfix: in the "limit_req" directive; the bug had appeared in 1.1.14.
Thanks to Charles Chen.
*) Bugfix: nginx could not be built by gcc 4.7 with -O2 optimization if
the --with-ipv6 option was used.
Changes with nginx 1.3.5 21 Aug 2012
*) Change: the ngx_http_mp4_module module no longer skips tracks in
formats other than H.264 and AAC.
*) Bugfix: a segmentation fault might occur in a worker process if the
"map" directive was used with variables as values.
*) Bugfix: a segmentation fault might occur in a worker process if the
"geo" directive was used with the "ranges" parameter but without the
"default" parameter; the bug had appeared in 0.8.43.
Thanks to Zhen Chen and Weibin Yao.
*) Bugfix: in the -p command-line parameter handling.
*) Bugfix: in the mail proxy server.
*) Bugfix: of minor potential bugs.
Thanks to Coverity.
*) Bugfix: nginx/Windows could not be built with Visual Studio 2005
Express.
Thanks to HAYASHI Kentaro.
Changes with nginx 1.3.4 31 Jul 2012
*) Change: the "ipv6only" parameter is now turned on by default for
listening IPv6 sockets.
*) Feature: the Clang compiler support.
*) Bugfix: extra listening sockets might be created.
Thanks to Roman Odaisky.
*) Bugfix: nginx/Windows might hog CPU if a worker process failed to
start.
Thanks to Ricardo Villalobos Guevara.
*) Bugfix: the "proxy_pass_header", "fastcgi_pass_header",
"scgi_pass_header", "uwsgi_pass_header", "proxy_hide_header",
"fastcgi_hide_header", "scgi_hide_header", and "uwsgi_hide_header"
directives might be inherited incorrectly.
Changes with nginx 1.3.3 10 Jul 2012
*) Feature: entity tags support and the "etag" directive.
*) Bugfix: trailing dot in a source value was not ignored if the "map"
directive was used with the "hostnames" parameter.
*) Bugfix: incorrect location might be used to process a request if a
URI was changed via a "rewrite" directive before an internal redirect
to a named location.
Changes with nginx 1.3.2 26 Jun 2012
*) Change: the "single" parameter of the "keepalive" directive is now
ignored.
*) Change: SSL compression is now disabled when using all versions of
OpenSSL, including ones prior to 1.0.0.
*) Feature: it is now possible to use the "ip_hash" directive to balance
IPv6 clients.
*) Feature: the $status variable can now be used not only in the
"log_format" directive.
*) Bugfix: a segmentation fault might occur in a worker process on
shutdown if the "resolver" directive was used.
*) Bugfix: a segmentation fault might occur in a worker process if the
ngx_http_mp4_module was used.
*) Bugfix: in the ngx_http_mp4_module.
*) Bugfix: a segmentation fault might occur in a worker process if
conflicting wildcard server names were used.
*) Bugfix: nginx might be terminated abnormally on a SIGBUS signal on
ARM platform.
*) Bugfix: an alert "sendmsg() failed (9: Bad file number)" on HP-UX
while reconfiguration.
Changes with nginx 1.3.1 05 Jun 2012
*) Security: now nginx/Windows ignores trailing dot in URI path
component, and does not allow URIs with ":$" in it.
Thanks to Vladimir Kochetkov, Positive Research Center.
*) Feature: the "proxy_pass", "fastcgi_pass", "scgi_pass", "uwsgi_pass"
directives, and the "server" directive inside the "upstream" block,
now support IPv6 addresses.
*) Feature: the "resolver" directive now supports IPv6 addresses and an
optional port specification.
*) Feature: the "least_conn" directive inside the "upstream" block.
*) Feature: it is now possible to specify a weight for servers while
using the "ip_hash" directive.
*) Bugfix: a segmentation fault might occur in a worker process if the
"image_filter" directive was used; the bug had appeared in 1.3.0.
*) Bugfix: nginx could not be built with ngx_cpp_test_module; the bug
had appeared in 1.1.12.
*) Bugfix: access to variables from SSI and embedded perl module might
not work after reconfiguration.
Thanks to Yichun Zhang.
*) Bugfix: in the ngx_http_xslt_filter_module.
Thanks to Kuramoto Eiji.
*) Bugfix: memory leak if $geoip_org variable was used.
Thanks to Denis F. Latypoff.
*) Bugfix: in the "proxy_cookie_domain" and "proxy_cookie_path"
directives.
Changes with nginx 1.3.0 15 May 2012
*) Feature: the "debug_connection" directive now supports IPv6 addresses
and the "unix:" parameter.
*) Feature: the "set_real_ip_from" directive and the "proxy" parameter
of the "geo" directive now support IPv6 addresses.
*) Feature: the "real_ip_recursive", "geoip_proxy", and
"geoip_proxy_recursive" directives.
*) Feature: the "proxy_recursive" parameter of the "geo" directive.
*) Bugfix: a segmentation fault might occur in a worker process if the
"resolver" directive was used.
*) Bugfix: a segmentation fault might occur in a worker process if the
"fastcgi_pass", "scgi_pass", or "uwsgi_pass" directives were used and
backend returned incorrect response.
*) Bugfix: a segmentation fault might occur in a worker process if the
"rewrite" directive was used and new request arguments in a
replacement used variables.
*) Bugfix: nginx might hog CPU if the open file resource limit was
reached.
*) Bugfix: nginx might loop infinitely over backends if the
"proxy_next_upstream" directive with the "http_404" parameter was
used and there were backup servers specified in an upstream block.
*) Bugfix: adding the "down" parameter of the "server" directive might
cause unneeded client redistribution among backend servers if the
"ip_hash" directive was used.
*) Bugfix: socket leak.
Thanks to Yichun Zhang.
*) Bugfix: in the ngx_http_fastcgi_module.
Plack::Middleware::Test::StashWarnings is a Plack middleware
component to record warnings generated by your application so that
you can test them to make sure your application complains about
the right things.
Changelog:
0.18
- change threshold for combining headers and body from 1024 bytes to 8192
0.17_01
- reduce rt_sig* syscalls (kazeburo)
0.16
- Set REMOTE_PORT environment variable (kazeburo)
0.15
- unbundle Plack::Standalone::Server::Prefork::Server::Starter (see `perldoc Starlet` to find out how to boot Starlet using Server::Starter)
Changelog:
0.05 Mon Oct 22 2012
Resources: Preserve the media attribute when inlining CSS
Resources: Avoid uninitialized warnings by checking the attributes we expect
Changelog:
1.44 Sat Jun 30 20:32:04 CDT 2012
------------------------------------
There is no new functionality in this release.
[FIXES]
Fixed test failures on Win32. Thanks, Jerry Gay.
1.42 Thu May 31 11:35:26 CDT 2012
------------------------------------
If you want to use the autolint functionality, you'll have to have
HTML::Lint 2.20.
[FIXES]
Custom lint objects don't get reset before they get used, making
autolint with a custom lint object practically useless.
https://github.com/petdance/test-www-mechanize/issues/25
1.40 Fri Apr 13 15:14:39 CDT 2012
------------------------------------
[ENHANCEMENTS]
Added a $mech->autolint() method so you can turn autolinting on and off
in mid-program. Thanks, Mike O'Regan.
New functions $mech->scrape_text_by_id() and $mech->scrape_text_by_attr()
let you extract text from your pages. Convenience function
$mech->scraped_id_is() makes it easy to scrape and compare in one
function.
<h1 id="pagetitle">My Awesome Page!</h1>
# Verify that HTML is there with:
$mech->scraped_id_is( 'pagetitle', 'My Awesome Page!' );
[FIXES]
$mech->has_tag() now handles nested tags more sensibly. This fixes
Google Code ticket #1.
[INTERNALS]
Explicitly requires Test::Simple 0.94 or higher.
Brought over t/TestServer.pm from WWW::Mechanize which fixes a number
of problems.
Changelog:
_______________________________________________________________________________
2013-03-11 Release 6.05
Karen Etheridge (3):
Derive message from status code if it was not provided
Merge pull request #33 from tomhukins/fix-readme
fix typo in comment
Ville Skyttä (3):
Spelling fixes.
Spelling fix.
Merge pull request #34 from berekuk/fix-github-path
Gisle Aas (3):
Update repo URL
With Net::HTTP 6.04 we don't need our own can_read() and sysread override
$ENV{HTTP_PROXY} might override our test setup [RT#81381]
Vyacheslav Matyukhin (1):
fix github url in perldoc
Slaven Rezic (1):
* Pod is utf-8
Peter Rabbitson (1):
Match required perl in Makefile.PL
Tom Hukins (1):
Fix Github URLs
Multiple crasher bugs in streaming and the regular expression code have been fixed
Better handling of timeouts
Minor performance optimisations
The ban lurker now works correctly again
ESI and compression would sometimes deliver garbled data, this has been fixed
* Fix MESSAGE based on wen@'s patch
Remove duplicated arguments, fix MySQL version.
Changelog:
Version 5.0.5 April 19th 2013
Fix navigation hover effect
Fix database migration
Add a warning in the logfile when doing a migration
Fix renaming of shared files
Improved quota calculation
Fix free space calculation
Several layout fixes
Better save mode check
Cleanup database after user deletion
Fix touch for creating new files
Several trash bin fixes
Update MediaElement.js
Fix double address book problem
Fix layout problem triggered by impress
Several smaller fixes
Security: XSS in flashmediaelement.swf (oC-SA-2013-017)
Security: Authentication bypass in Contacts (oC-SA-2013-018)
Version 5.0.4 April 11th 2013
Fix file renames
Improved compatibility with PostgreSQL
Fixed upgrade for PostgreSQL users
Improved LDAP compatibility
Fix the upgrade hint
Make upgrade more robust fix maintainance mode
Smaller CSS fixes
Fix internet check for proxy users
Manually disable files_archive app to fix upgrade
Fix touch() for local storage
Fix versioning check to allow installation of 3rd party apps
Fix default quota
Several contacts fixes
Several calendar fixes
Fixed ampache support in media player
Improve mail function in antivirus app
Fix setting of user quotas
Fix deleted files size calculation
Fix “You do not have write permissions here” warning
Fix asynchronous loading of users
Fix notice from the nullbyte check
XSS vulnerability in jPlayer (oC-SA-2013-014)
PostgreSQL: Insecure database password generator (oC-SA-2013-015)
Windows: Local file disclosure (oC-SA-2013-016)
Version 5.0.3 April 3th 2013
Correctly handle .part files
Improve PostgreSQL support
Fix database upgrading from old versions
Improved app styles
Version 5.0.2 April 2th 2013
Fix versioning string
Fix compatibility with older MySQL versions
Version 5.0.1 April 2th 2013
Fixed classnames and improved autoloaded to improve compatibility with older PHP versions
Show a warning if an insecure PHP version is used
Filesizes are displayed correctly
Fixed groups in usermanagement
Several Internet Explorer fixes
Use display-names in more places
Fix upgrading of cache
Fix navigation scrollbar for lots of apps
Fixed ETag handling to prevent wrong conflict files
Fix public link handling
Better indexes to improve performance
Several Windows server fixes
Fix renames of shared files
Fix PostgreSQL compatibility
Improve error reporting for app installation
Improved compatibility with Novell eDirectory
Several LDAP fixes
Improved sorting in usermanagement
Improved background jobs
Several CardDAV contacts fixes
Several mediaplayer fixes
Fixes for text editor
Several lucene search fixes
Several smaller fixes
Contacts: SQL Injection (oC-SA-2013-012)
Multiple XSS vulnerabilities (oC-SA-2013-011)
Changes from previous:
_______________________________________________________________________________
2013-03-10 Net-HTTP 6.06
Jesse Luehrs (1):
IO::Socket::SSL doesn't play well with select() [RT#81237]
_______________________________________________________________________________
2012-11-10 Net-HTTP 6.05
Gisle Aas (1):
Convert to Test::More style and disable test on Windows [RT#81090]
Marinos Yannikos (1):
SSL broken for some servers [RT#81073]
_______________________________________________________________________________
2012-11-08 Net-HTTP 6.04
Gisle Aas (3):
Simpler handling of double chunked [RT#77240]
Check for timeouts before reading [RT#72676]
Fake can_read
Dagfinn Ilmari Mannsåker (1):
Fix chunked decoding on temporary read error [RT#74431]
Eric Wong (1):
NB: set http_bytes if read_entity_body hits EAGAIN on first read
Jay Hannah (1):
chunked,chunked is invalid, but happens. :( Ignore all but the first. [RT#77240]
*) Bugfix: a segmentation fault might occur in a worker process if
subrequests were used; the bug had appeared in 1.3.9.
*) Bugfix: the "tcp_nodelay" directive caused an error if a WebSocket
connection was proxied into a unix domain socket.
*) Bugfix: the $upstream_response_length variable has an incorrect value
"0" if buffering was not used.
Thanks to Piotr Sikora.
*) Bugfix: in the eventport and /dev/poll methods.
*) Bugfix: new sessions were not always stored if the "ssl_session_cache
shared" directive was used and there was no free space in shared
memory.
Thanks to Piotr Sikora.
*) Bugfix: responses might hang if subrequests were used and a DNS error
happened during subrequest processing.
Thanks to Lanshun Zhou.
*) Bugfix: in the ngx_http_mp4_module.
Thanks to Gernot Vormayr.
*) Bugfix: in backend usage accounting.
Changes since 0.4.0, from NEWS file:
* Add MellonSPentityId to control entityId in autogenerated metadata
Version 0.6.1
---------------------------------------------------------------------------
* Fix the POST replay functionality when multiple users logging in
at once.
* Add a fallback for the case where the POST replay data has expired
before the user logs in.
Version 0.6.0
---------------------------------------------------------------------------
Backwards-incompatible changes:
* The POST replay functionality has been disabled by default, and the
automatic creation of the MellonPostDirectory target directory has been
removed. If you want to use the POST replay functionality, take a
look at the README file for instructions for how to enable this.
* Start discovery service when accessing the login endpoint. We used
to bypass the discovery service in this case, and just pick the first
IdP. This has been changed to send a request to the discovery service
instead, if one is configured.
* The MellonLockFile default path has been changed to:
/var/run/mod_auth_mellon.lock
This only affects platforms where a lock file is required and
where Apache doesn't have write access to that directory during
startup. (Apache can normally create files in that directory
during startup.)
Other changes:
* Fix support for SOAP logout.
* Local logout when IdP does not support SAML 2.0 Single Logout.
* MellonDoNotVerifyLogoutSignature option to disable logout signature
validation.
* Support for relative file paths in configuration.
* The debian build-directory has been removed from the repository.
* Various cleanups and bugfixes:
* Fix cookie parsing header parsing for some HTTP libraries.
* Fix inheritance of MellonAuthnContextClassRef option.
* Use ap_set_content_type() instead of accessing request->content_type.
* README indentation cleanups.
* Support for even older versions of GLib.
* Fixes for error handling during session initialization.
* Directly link with GLib rather than relying on the Lasso library
linking to it for us.
* Some code cleanups.
Version 0.5.0
---------------------------------------------------------------------------
* Honour MellonProbeDiscoveryIdP order when sending probes.
* MellonAuthnContextClassRef configuration directive, to limit
authentication to specific authentication methods.
* Support for the HTTP-POST binding when sending authentication
requests to the IdP.
* MellonSubjectConfirmationDataAddressCheck option to disable received
address checking.
* Various cleanups and bugfixes:
* Support for older versions of GLib and APR.
* Send the correct SP entityID to the discovery service.
* Do not set response headers twice.
* Several cleanups in the code that starts authentication.
Fixed in 7.30.0 - April 12 2013
Release contains security-related bug fix
Changes:
imap: Changed response tag generation to be completely unique
imap: Added support for SASL-IR extension
imap: Added support for the list command
imap: Added support for the append command
imap: Added custom request parsing
imap: Added support to the fetch command for UID and SECTION properties
imap: Added parsing and verification of the UIDVALIDITY mailbox attribute
darwinssl: Make certificate errors less techy
imap/pop3/smtp: Added support for the STARTTLS capability
checksrc: ban use of sprintf, vsprintf, strcat, strncat and gets
curl_global_init() now accepts the CURL_GLOBAL_ACK_EINTR flag
Added CURLMOPT_MAX_HOST_CONNECTIONS, CURLMOPT_MAX_TOTAL_CONNECTIONS for new multi interface connection handling
Added CURLMOPT_MAX_PIPELINE_LENGTH, CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE, CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE, CURLMOPT_PIPELINING_SITE_BL and CURLMOPT_PIPELI NING_SERVER_BL for new pipelining control
Bugfixes:
SECURITY ADVISORY: cookie tailmatching to avoid cross-domain leakage
darwinssl: Fix build under Leopard
DONE: consider callback-aborted transfers premature
ntlm: Fixed memory leaks
smtp: Fixed an issue when processing EHLO failure responses
pop3: Fixed incorrect return value from pop3_endofresp()
pop3: Fixed SASL authentication capability detection
pop3: Fixed blocking SSL connect when connecting via POP3S
imap: Fixed memory leak when performing multiple selects
nss: fix misplaced code enabling non-blocking socket mode
AddFormData: prevent only directories from being posted
darwinssl: fix infinite loop if server disconnected abruptly
metalink: fix improbable crash parsing metalink filename
show proper host name on failed resolve
MacOSX-Framework: Make script work in Xcode 4.0 and later
strlcat: remove function
darwinssl: Fix send glitchiness with data > 32 or so KB
polarssl: better 1.1.x and 1.2.x support
various documentation improvements
multi: NULL pointer reference when closing an unused multi handle
SOCKS: fix socks proxy when noproxy matched
install-sh: updated to support multiple source files as arguments
PolarSSL: added human readable error strings
resolver_error: remove wrong error message output
docs: updates HTML index and general improvements
curlbuild.h.dist: enhance non-configure GCC ABI detection logic
sasl: Fixed null pointer reference when decoding empty digest challenge
easy: do not ignore poll() failures other than EINTR
darwinssl: disable ECC ciphers under Mountain Lion by default
CONNECT: count received headers
build: fixes for VMS
CONNECT: clear 'rewindaftersend' on success
HTTP proxy: insert slash in URL if missing
hiperfifo: updated to use current libevent API
getinmemory.c: abort the transfer nicely if not enough memory
improved win32 memorytracking
corrected proxy header response headers count
FTP quote operations on re-used connection
tcpkeepalive on win32
tcpkeepalive on Mac OS X
easy: acknowledge the CURLOPT_MAXCONNECTS option properly
easy interface: restore default MAXCONNECTS to 5
win32: don't set SO_SNDBUF for windows vista or later versions
HTTP: made cookie sort function more deterministic
winssl: Fixed memory leak if connection was not successful
FTP: wait on both connections during active STOR state
connect: treat a failed local bind of an interface as a non-fatal error
darwinssl: disable insecure ciphers by default
FTP: handle "rubbish" in front of directory name in 257 responses
mk-ca-bundle: Fixed lost OpenSSL output with "-t"
Upstream changes:
3.94 2013-04-08
- Added is_hidden method to Mojolicious::Routes.
- Removed deprecated start method from Mojolicious::Commands.
- Improved documentation.
- Improved tests.
- Fixed small selector bug in get command.
- Fixed small anchor bug in Mojolicious::Plugin::PODRenderer.
3.93 2013-04-05
- Deprecated Mojo::IOLoop::Delay::end in favor of generated callbacks.
- Improved Mojo::IOLoop::Delay to be able to generate callbacks that can
capture all arguments.
- Improved prefork command to allow -a and -L values below 1 second.
- Improved documentation.
- Improved tests.
- Fixed multiple timing bugs in Mojo::IOLoop::Delay.
3.92 2013-04-03
- Added monotonic clock support to make Mojolicious more resilient to time
jumps.
- Added steady_time function to Mojo::Util.
- Removed deprecated namespace method from Mojolicious::Routes.
- Removed deprecated base_tag helper.
- Improved WebSocket send method to stringify objects. (jberger)
- Improved version command to show required versions of optional
dependencies.
- Improved documentation.
- Improved tests.
- Fixed RFC 6901 compliance of Mojo::JSON::Pointer. (jberger, sri)
- Fixed a few small Unicode bugs in get command.
3.91 2013-03-17
- Improved bad charset handling in Mojo::DOM::HTML.
- Improved documentation.
- Improved tests.
- Fixed HTTPS proxy support for blocking requests in Mojo::UserAgent.
- Fixed support for RFC 2817 in Mojo::Message::Request.
- Fixed whitespace bug in Mojo::DOM::HTML.
- Fixed proxy detection bug in get command.
3.90 2013-03-14
- Added direct array access for parsed parameters to Mojo::Parameters.
- Added direct array access for path parts to Mojo::Path.
- Improved dumper helper to sort hash keys.
- Improved documentation.
- Improved tests.
- Fixed bug in Mojo::Headers that prevented multiline headers from being
parsed correctly.
- Fixed multiline header support in hash representation of Mojo::Headers.
- Fixed cloning bug in Mojo::Headers.
3.89 2013-03-04
- Improved documentation.
- Improved tests.
- Fixed installable scripts to not "use lib", which sadly breaks updated
dual-life modules. (jberger, sri)
- Fixed bug preventing delayed normalization for reused Mojo::Path objects.
- Fixed path matching bug in Mojo::Path.
3.88 2013-03-03
- Improved Mojo::Path to delay normalization as long as possible.
- Improved Mojo::Path performance.
- Improved documentation.
- Improved tests.
- Fixed small domain detection bug in Mojo::UserAgent::CookieJar.
File too long (should be no more than 24 lines).
Line too long (should be no more than 80 characters).
Trailing empty lines.
Trailing white-space.
Trucated the long files as best as possible while preserving the most info
contained in them.
* I will check the build on NetBSD 5.2 later...
Changelog:
Continued performance improvements around common browser tasks (page loads, downloads, shutdown, etc.).
Continued implementation of draft ECMAScript 6 (clear() and Math.imul).
<canvas> now supports blend modes.
Various <audio> and <video> improvements have been implemented.
The Details button on the Crash Reporter has been fixed (bug 793972).
Fixed several stability issues.
Fixed in SeaMonkey 2.17
MFSA 2013-40 Out-of-bounds array read in CERT_DecodeCertPackage
MFSA 2013-39 Memory corruption while rendering grayscale PNG images
MFSA 2013-38 Cross-site scripting (XSS) using timed history navigations
MFSA 2013-37 Bypass of tab-modal dialog origin disclosure
MFSA 2013-36 Bypass of SOW protections allows cloning of protected nodes
MFSA 2013-35 WebGL crash with Mesa graphics driver on Linux
MFSA 2013-34 Privilege escalation through Mozilla Updater
MFSA 2013-31 Out-of-bounds write in Cairo library
MFSA 2013-30 Miscellaneous memory safety hazards (rv:20.0 / rv:17.0.5)
Fixed in SeaMonkey 2.16.1
MFSA 2013-29 Use-after-free in HTML Editor
