Docs: document ConnOpener::swanSong() better
Bug 3329: Quieten orphan Comm::Connection messages
Sync TESTDIR names used by testCoss and testUfs with testRock changes.
MacOS: reduce the testRock unit test UDS path
Bug 3720: SourceLayout: shuffle fd_table definition into fde.h
Bug 3794: MacOS: workaround compiler errors and case-insensitivity
Polish debugs in cacheability test
Bug 3753: Removes the domain from the cache_peer server pconn key
Bug 3781: Proxy Authentication not sent to cache_peer
Bug 3763: diskd Error: no filename in shm buffer
Solaris: Fix xstrto*() function linkages
Mentioned creation of diskers in cache_dir rock documentation.
Fix coverity scan issue 740457: unsecure temporary file creation
Bug 3686: cache_dir max-size default fails
Bug 3752: objects that cannot be cached in memory are not cached on disk if cache_dir max-size is used.
Upstream changes:
1.101 Sat Jul 21 15:01:20 PDT 2012
- Fix typos and formatting
- Mention CGI variables ala PEP 333
1.10 Fri Mar 9 08:46:27 PST 2012
- Released as PSGI 1.1
1.09_3 Wed Jun 22 13:48:31 PDT 2011
- Separated extensions into PSGI::Extensions
- Added psgix.harakiri and psgix.harakiri.commit
- Updated terminology section
- Clarified that body should be encoded byte strings and do not contain wide characters
- Clarified that header values must be defined
1.09_2 Tue Jun 7 15:21:47 PDT 2011
- Fixed a dumb mistake about allowed characters in header values
- Updated FAQ document
- psgi.input MUST have seek() only if psgix.input.buffered is true
1.09_1 Mon Mar 28 11:35:44 PDT 2011
- 1.1 beta
- Upped psgi.version to be [1,1]
- Lots of grammar and style fixes
- Removed poll_cb from writer spec
- Streaming interface now SHOULD be implemented, rather than MAY
- Promoted psgi.streaming, nonblocking and run_once keys to be MUST
- Added psgix.logger and psgix.session extensions
- Updated FAQ
Upstream changes:
0.028 2013-03-05 14:11:57 America/New_York
[SUPPORT]
- Fix repository/issue links to reflect proper repo name
0.027 2013-03-05 12:02:58 America/New_York
[SUPPORT]
- Changed metadata to point to the chansen github repository
for code and issues
[DOCUMENTATION]
- Added hyperlink for HTTP::CookieJar
0.026 2013-03-04 22:53:39 America/New_York
[ADDED]
- Added cookie support if an HTTP::CookieJar object is provided in the
'cookie_jar' attribute [Edward Zborowski]
0.025 2012-12-26 12:09:43 America/New_York
[ADDED]
- Agent string appends default if it ends in a space, just like LWP
[Chris Weyl]
0.024 2012-10-09 20:44:53 America/New_York
[ADDED]
- SSL connections now auto-retry I/O after SSL renegotiation [Alan
Gardner]
[FIXED]
- User-specified CA bundles take precedence over Mozilla::CA [Alan
Gardner]
[PREREQS]
- SSL support now requires Net::SSLeay 1.49 or greater to support
auto-retry [Mike Doherty]
- Downgraded IO::Socket::SSL and related prereqs to 'suggests' again
0.023 2012-09-19 09:55:46 America/New_York
[PREREQS]
- IO::Socket::SSL and related prereqs changed to 'required' for dev
release to get better failure diagnostics from CPAN Testers
[TESTING]
- Skip live SSL testing unless IO::Socket::SSL 1.56+ installed
Upstream changes:
MediaWiki 1.20.3
This is a security and maintenance release of the MediaWiki 1.20 branch.
Changes since 1.20.2
New preference type - 'api'. Preferences of this type are not shown on Special:Preferences, but are still available via the action=options API. (Unbreaks MLEB.)
(bug 44010) Context is passed to UserGetLanguageObject.
The recursion guard on RequestContext::getLanguage() was weakened.
(bug 40585) Don't drop 'step="any"' in HTML input fields.
(bug 44024) Fixed problems in ObjectCache when using XCache.
(bug 44010) FauxRequest leaked cookie data from primary request.
(bug 44135/bug 42441) Pass '2' instead of 'true' to CURLOPT_SSL_VERIFYHOST
(bug 43518) API action=unblock should return the user name, not the full user object
(Bug 45355) Prevent read of arbitrary files through mwdoc-filter.php
Drupal 7.21, 2013-03-06
-----------------------
- Allowed sites using the 'image_allow_insecure_derivatives' variable to still
have partial protection from the security issues fixed in Drupal 7.20.
Packages Collection.
The Zend Optimizer+ provides faster PHP execution through opcode caching and
optimization. It improves PHP performance by storing precompiled script
bytecode in the shared memory. This eliminates the stages of reading code from
the disk and compiling it on future access. In addition, it applies a few
bytecode optimization patterns that make code execution faster.
Provides a CAPTCHA for Python using the reCAPTCHA service. Does not require
any imaging libraries because the CAPTCHA is served directly from reCAPTCHA.
Also allows you to securely obfuscate emails with Mailhide.
*) Feature: $connections_active, $connections_reading, and
$connections_writing variables in the ngx_http_stub_status_module.
*) Feature: support of WebSocket connections in the
ngx_http_uwsgi_module and ngx_http_scgi_module.
*) Bugfix: in virtual servers handling with SNI.
*) Bugfix: new sessions were not always stored if the "ssl_session_cache
shared" directive was used and there was no free space in shared
memory.
Thanks to Piotr Sikora.
*) Bugfix: multiple X-Forwarded-For headers were handled incorrectly.
Thanks to Neal Poole for sponsoring this work.
*) Bugfix: in the ngx_http_mp4_module.
Thanks to Gernot Vormayr.
Changes from previous:
----------------------
2012-06-14 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m.el (w3m-url-encode-string-2): Encode only `(' and `)'.
2012-06-12 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m-proc.el (w3m-process-do-with-temp-buffer): Use labels macro again.
Functions that the labels form generates to be used in the outside of
the labels form should be prefixed with #' from now on.
Thanks to Michael Heerdegen and Andreas Schwab.
* w3m-proc.el (w3m-process-do-with-temp-buffer): Don't use labels macro
of which the spec has been changed in the most recent Emacs.
2012-06-04 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m.el (w3m-expand-url): Work for scheme name containing upcase
letters. Reported by Dan Jacobson <jidanni@jidanni.org>.
* w3m-util.el (w3m-force-mode-line-update): New alias.
* w3m-lnum.el (w3m-with-lnum, w3m-lnum-universal-dispatch): Use it.
2012-06-03 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m.el (w3m-create-page): Improve regexp matching Google's click-
tracking urls.
2012-05-14 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m.el (w3m-url-encode-string-2): New function.
(w3m-print-current-url, w3m-print-this-url, w3m-print-this-image-url):
Use it to encode url characters that are apt to be misidentified as
word boundaries.
2012-04-22 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m.el (w3m-create-page): Decode url in Google's click-tracking
filter.
2012-04-18 Andrey Kotlarski <m00naticus@gmail.com>
* w3m-lnum.el (w3m-with-lnum, w3m-lnum-universal-dispatch):
Explicitly redraw mode line.
(w3m-lnum-visit): Fix prompt; add --insecure option to Curl.
2012-04-17 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m.el (w3m-create-page): Add a filter for Google's click-tracking
temporarily --- maybe this should be incorporated in w3m-filter.el.
2012-04-13 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m.el (w3m-goto-mailto-url): Protect against nil value of body=;
decode url string; don't change mail buffer's modification status;
make sure body text is inserted to the message body.
2012-04-12 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m.el (w3m-shr-url-at-point): New function.
(w3m-url-at-point): Use it.
* doc/ptexinfmt.el (texinfo-format-syntax-table): Modify character
syntax of " and \ to w, as a workaround.
(texinfo-format-comma): Support @comma.
(texinfo-format-parse-args): Tweak it so as to work for @comma.
2012-03-16 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m.el (w3m-scroll-left, w3m-scroll-right): Use image-mode function
for an image page.
(w3m-shift-left, w3m-shift-right): Pass prefix argument to image-mode
function.
2012-03-12 Dan Jacobson <jidanni@jidanni.org>
* w3m.el (w3m-ctl-c-map): Bind `C-c C-e' to w3m-goto-new-session-url.
2012-02-27 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m.el (w3m-relationship-estimate-rules)
(w3m-open-all-links-in-new-session): Work for https Google pages.
2012-02-20 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m.el (w3m-goto-mailto-url): Work for mail body.
2012-02-13 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m-util.el (w3m-switch-to-buffer): Abolish.
* w3m-bookmark.el (w3m-bookmark-add-all-urls):
* w3m-ems.el (w3m-tab-drag-mouse-function)
(w3m-tab-click-mouse-function, w3m-tab-next-buffer)
(w3m-tab-make-keymap):
* w3m-form.el (w3m-form-input-textarea, w3m-form-input-select)
(w3m-form-input-map):
* w3m-session.el (w3m-session-select):
* w3m-tabmenu.el (w3m-switch-buffer, w3m-tab-menubar-open-item):
* w3m-util.el (w3m-popup-buffer, w3m-make-menu-commands):
* w3m.el (w3m-next-buffer, w3m-move-unseen-buffer)
(w3m-goto-url-new-session, w3m-reload-all-pages): Revert to using
switch-to-buffer.
2012-02-10 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m-hist.el (w3m-history-store-position): Don't trust column position
that Emacs tells if there's an image.
(w3m-history-restore-position): Revert 2011-10-21 change.
2012-02-10 Kevin Ryde <user42@zip.com.au>
* w3m.el (w3m-about-header): Show info of image where point stays.
2012-01-26 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m.el (w3m-mode): Don't make bidi-paragraph-direction bound globally
in old Emacsen and XEmacsen.
(w3m-goto-url): Work for name anchors.
2012-01-23 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m-ems.el (w3m-form-make-button): Use "submit" instead for an empty
text, that won't be buttonized.
Reported by Roland Winkler <winkler@gnu.org>.
2012-01-13 Hideyuki SHIRAI <shirai@meadowy.org>
* w3m.el (w3m-fontify-anchors, w3m-goto-url): Not encode and decode
the anchor values to use Punycode.
2012-01-10 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m.el (w3m-image-type-alist): Add image/tiff.
(w3m-view-previous-page): Protect against empty history.
2012-01-06 Katsumi Yamaoka <yamaoka@jpl.org>
* Makefile.in (install-icons, install-icons30, install-info)
(install-info-en, install-info-ja, install-package)
(install-package-ja):
* doc/Makefile.in (install): Add DESTDIR variable to installation
directory.
* w3mhack.el (w3mhack-expand-file-name): New function.
(w3mhack-what-where): Use it.
* aclocal.m4 (AC_SET_VANILLA_FLAG): Remove --no-unibyte option.
2012-01-02 Elias Pipping <pipping@lavabit.com>
* Makefile.in (install-lisp): Add DESTDIR variable to installation
directory.
2011-12-26 Dan Jacobson <jidanni@jidanni.org>
* w3m.el (w3m-gohome): Always reload the home page.
2011-12-07 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m.el (w3m-mode): Force paragraph direction to be left-to-right.
Suggested by Naohiro Aota <naota@elisp.net>.
2011-12-06 Katsumi Yamaoka <yamaoka@jpl.org>
* Makefile.in (.el.elc): Shut up.
* w3m-lnum.el (w3m-lnum-read-interactive): Use (sit-for 0) instead of
redisplay for Emacs 21.1, too.
2011-12-05 Katsumi Yamaoka <yamaoka@jpl.org>
* aclocal.m4 (AC_EMACS_LISP): Simplify.
(AC_PATH_EMACS): Simplify Lisp code so as to make it work for recent
XEmacsen.
* w3m-favicon.el (w3m-favicon-type): Silence SXEmacs 22.1.14's byte
compiler.
* w3m-lnum.el (w3m-lnum-read-interactive): Use (sit-for 0) instead of
redisplay for XEmacs.
* w3m.el (w3m-resize-image-interactive): Use read-char-exclusive with
no arg for XEmacs.
2011-12-05 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m.el (w3m-read-file-name): Don't strip query part from given url.
(w3m-download): Always prompt for file name; don't strip query part.
Suggested by Dan Jacobson <jidanni@jidanni.org>.
2011-12-04 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m-lnum.el (w3m-lnum-universal-dispatch): Add argument passed to
kill-buffer, Emacs 22 requires it; use beginning-of-line rather than
move-beginning-of-line that XEmacs doesn't provide.
2011-12-02 Dan Jacobson <jidanni@jidanni.org>
* w3m-search.el (w3m-search-engine-alist): Put search string first in
query form.
2011-11-30 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m-util.el (w3m-popup-buffer): Restore history position always.
* w3m.el (w3m-copy-buffer): Save history position.
2011-11-17 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m-lnum.el (w3m-lnum-actions-custom-type): New variable.
(w3m-lnum-actions-general, w3m-lnum-actions-image-alist)
(w3m-lnum-actions-link-alist w3m-lnum-actions-button-alist)
(w3m-lnum-actions-form-alist): Use it to improve custom type.
2011-11-16 Andrey Kotlarski <m00naticus@gmail.com>
Add alternative selection->action method.
* w3m-lnum.el: Update comment section.
(w3m-lnum-quick-browsing): Change default value.
(w3m-lnum-actions-general, w3m-lnum-actions-image-alist)
(w3m-lnum-actions-link-alist, w3m-lnum-actions-button-alist)
(w3m-lnum-actions-form-alist): New custom options.
(w3m-lnum-remove-overlays): Add optional parameters for start and end.
(w3m-lnum, w3m-lnum-prompt-str, w3m-lnum-highlight-anchor): Sanitize
variable naming.
(w3m-read-event, w3m-lnum-visit, w3m-lnum-make-action): New macros.
(w3m-lnum-read-interactive): Add optional parameters for previous filter
and selected number. Return last applied filter along selected value.
Use `w3m-read-event'. Remove lnum overlays within all buffer on
scroll.
(w3m-with-lnum): Add parameter for initial filter. Change mode-line
during selection.
(w3m-lnum-get-action): If single image during image selection -
immediately select it. Accommodate to new return format of
`w3m-lnum-read-interactive'.
(w3m-lnum-follow): Use `w3m-lnum-visit'.
(w3m-lnum-universal-dispatch): New function.
(w3m-lnum-universal): New command.
(w3m-lnum-view-image, w3m-lnum-save-image, w3m-lnum-print-this-url):
Use nth.
(w3m-lnum-zoom-image): Use `w3m-resize-image-interactive'.
(w3m-lnum-zoom-in-image, w3m-lnum-zoom-out-image): Update doc string.
(w3m-lnum-bookmark-add-this-url): Fix bookmarking of current url.
(w3m-lnum-actions-link-alist): Add actions for generic browser and Curl
if present.
* w3m.el (autoload): Autoload `w3m-lnum-universal'.
(w3m-resize-image-interactive): New function.
(w3m-lnum-map): Add key for `w3m-lnum-universal'.
2011-11-14 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m.el (w3m-expand-url): Assume only a name anchor, that has no
scheme part nor directory part, to be the buffer: scheme.
(w3m-buffer-local-url): Move forward.
2011-10-24 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m-hist.el: Require w3m-util.
2011-10-22 Naohiro Aota <naota@elisp.net>
* w3m.el (w3m-goto-url): Check name anchor after redirect resolution.
2011-10-21 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m-hist.el (w3m-history-restore-position): Don't hscroll if there
are images ([emacs-w3m:11658]).
2011-10-17 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m.el (w3m-canonicalize-url): Fix url that fails to have put
a separator following a domain name.
Suggested by Dan Jacobson <jidanni@jidanni.org>.
2011-10-14 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m.el (w3m-url-coding-system-alist): Add a rule for Google.
(w3m-url-coding-system): Allow function to determine coding system.
2011-10-14 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m.el (w3m-url-encode-string, w3m-url-transfer-encode-string):
Restore optional coding argument.
(w3m-gmane-url-at-point, w3m-canonicalize-url): Do.
(w3m-download): Decode file name in url.
* w3m-form.el (w3m-form-make-form-data, w3m-form-parse-and-fontify):
* w3m-search.el (w3m-search-escape-query-string, w3m-search-do-search)
(w3m-search-uri-replace): Revert last change.
2011-10-13 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m.el (w3m-url-coding-system-alist): New user option.
(w3m-show-decoded-url, w3m-google-feeling-lucky-charset): Abolish.
(w3m-url-coding-system): New function.
(w3m-url-encode-string, w3m-url-readable-string)
(w3m-url-transfer-encode-string): Use it.
* w3m.el (w3m-fontify-anchors, w3m-gmane-url-at-point)
(w3m-canonicalize-url, w3m-goto-url):
* w3m-form.el (w3m-form-make-form-data, w3m-form-parse-and-fontify):
* w3m-search.el (w3m-search-escape-query-string, w3m-search-do-search)
(w3m-search-uri-replace): Don't specify coding system for encoding url.
2011-10-07 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m-favicon.el (w3m-favicon-type): Prefer gif.
(w3m-favicon-convert): Work for gif icons named "favicon.ico".
2011-09-08 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m-lnum.el (w3m-lnum-face): Remove face alias.
(w3m-lnum-quick-browsing): Add custom type.
(w3m-lnum-remove-overlays, w3m-lnum-set-numbering)
(w3m-lnum-highlight-anchor, w3m-lnum-get-match-info): Fix overlay end
range, too.
2011-09-07 Andrey Kotlarski <m00naticus@gmail.com>
* w3m.el: Use `w3m-lnum' as naming prefix for commands and
maps from `w3m-lnum.el'.
* w3m-lnum.el: Use `w3m-lnum' as naming prefix everywhere instead of
`w3m-linknum' or `w3m-link-numbering'.
(w3m-lnum-set-numbering, w3m-lnum): Optionally don't clean previous
numbering.
(w3m-lnum-read-interactive): Don't clean previous numbering with
`w3m-lnum' in cases when there is no such.
(w3m-lnum-remove-overlays, w3m-lnum-set-numbering): Fix overlay start
range to make it work for XEmacs.
(w3m-lnum-get-action): Don't invoke `w3m-lnum-read-interactive' with 0
numbered items.
* w3m-util.el (w3m-goto-next-defun): New macro.
(w3m-goto-next-anchor-or-image, w3m-substitute-key-definitions): Move
from w3m-lnum.el
2011-09-04 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m-lnum.el (w3m-link-numbering, w3m-linknum-minibuffer-prompt)
(w3m-linknum-match): Use old defface style for XEmacs.
(w3m-link-set-numbering): Replace string-match-p w/ w3m-string-match-p.
(w3m-highlight-numbered-anchor, w3m-get-match-info): Fix range passed
to overlays-in to make it work for XEmacs.
2011-09-04 Andrey Kotlarski <m00naticus@gmail.com>
* w3m-lnum.el: Update copyright years. Don't require `cl'.
(w3m-linknum-match): Make numbering face visible for some
consoles.
(w3m-link-numbering-quick-browsing)
(w3m-link-numbering-context-alist): New custom variables.
(w3m-linknum-remove-overlays): Delete overlays only within the
visible window part.
(w3m-link-set-overlay): Don't use `incf'.
(w3m-link-set-numbering): Number additional context items as
specified by `w3m-link-numbering-context-alist'. Return index of
the last matched item.
(w3m-goto-next-image2): Fix doc typo.
(w3m-goto-next-anchor-or-image, w3m-link-numbering): Cosmetic
indent.
(w3m-linknum-prompt-str): Don't show 0 when this is being current
default for selection.
(w3m-read-int-interactive): Up and down scrolling preserves text
filter and cleans previous numbering. Allow <enter> shortcutting
options as specified by `w3m-link-numbering-quick-browsing'. Don't
let the text filter grow when no items match.
(w3m-with-linknum): Make `last-index' variable visible within body
and set as the last index currently used for numbering.
(w3m-get-match-info): New macro.
(w3m-get-anchor-info): Use `w3m-get-match-info'.
(w3m-go-to-linknum, w3m-linknum-get-action): Call
`w3m-get-anchor-info' with a selection number.
(w3m-linknum-follow, w3m-linknum-view-image)
(w3m-linknum-save-image, w3m-linknum-print-this-url): Don't use cl
functions.
(w3m-linknum-zoom-image): Cosmetic doc string change.
(w3m-linknum-bookmark-add-this-url): Use 1+.
2011-09-03 Dan Jacobson <jidanni@jidanni.org>
* w3m.el (w3m-lynx-like-map, w3m-info-like-map): Bind the `C-t t' key
to w3m-create-empty-session.
2011-09-02 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m.el (w3m-create-empty-session): New user command.
(w3m-new-session-url): Default to about:blank.
(w3m-input-url): Don't use about:* as initial value.
(w3m-goto-url-new-session): Use w3m-new-session-url as the default.
- SECURITY: CVE-2012-3499 (cve.mitre.org)
Various XSS flaws due to unescaped hostnames and URIs HTML output in
mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp.
[Jim Jagielski, Stefan Fritsch, Niels Heinen <heinenn google com>]
- SECURITY: CVE-2012-4558 (cve.mitre.org)
XSS in mod_proxy_balancer manager interface. [Jim Jagielski,
Niels Heinen <heinenn google com>]
- mod_rewrite: Stop merging RewriteBase down to subdirectories
unless new option 'RewriteOptions MergeBase' is configured.
Merging RewriteBase was unconditionally turned on in 2.2.23.
Bug Report 53963. [Eric Covener]
- mod_ssl: Send the error message for speaking http to an https port using
HTTP/1.0 instead of HTTP/0.9, and omit the link that may be wrong when
using SNI. Bug Report 50823. [Stefan Fritsch]
- mod_ssl: log revoked certificates at level INFO
instead of DEBUG. Bug Report 52162. [Stefan Fritsch]
- mod_proxy_ajp: Support unknown HTTP methods. Bug Report 54416.
[Rainer Jung]
- mod_dir: Add support for the value 'disabled' in FallbackResource.
[Vincent Deffontaines]
- mod_ldap: Fix regression in handling "server unavailable" errors on
Windows. Bug Report 54140. [Eric Covener]
- mod_ssl: fix a regression with the string rendering of the "UID" RDN
introduced in 2.2.15. Bug Report 54510. [Kaspar Brand]
- ab: add TLS1.1/TLS1.2 options to -f switch, and adapt output
to more accurately report the negotiated protocol. Bug Report 53916.
[Nicolás Pernas Maradei <nico emutex com>, Kaspar Brand]
- mod_cache: Explicitly allow cache implementations to cache a 206 Partial
Response if they so choose to do so. Previously an attempt to cache a 206
was arbitrarily allowed if the response contained an Expires or
Cache-Control header, and arbitrarily denied if both headers were missing.
Currently the disk and memory cache providers do not cache 206 Partial
Responses. [Graham Leggett]
- core: Remove unintentional APR dependency introduced with
Apache 2.2.22. [Eric Covener]
- core: Use a TLS 1.0 close_notify alert for internal dummy connection if
the chosen listener is configured for https. [Joe Orton]
- mod_ssl: Add new directive SSLCompression to disable TLS-level
compression. Bug Report 53219. [Björn Jacke <bjoern j3e de>, Stefan Fritsch]
- Added deprecated function to Mojo::Util. (marcus)
- Removed deprecated render_content helper.
- Improved documentation.
- Improved tests.
3.86 2013-02-22
- Welcome to the Mojolicious core team Joel Berger.
- Improved portability of Mojo::Asset::File tests.
- Improved documentation.
- Improved tests. (jberger, sri)
- Fixed path generation bug in Mojolicious::Routes::Pattern. (jberger)
- Fixed small domain detection bug in Mojo::UserAgent::CookieJar.
(dione, sri)
- Fixed comment lines in Mojo::Template to cover the whole line.
3.85 2013-02-13
- Deprecated Mojo::UserAgent::build_form_tx in favor of
Mojo::UserAgent::build_tx.
- Deprecated Mojo::UserAgent::build_json_tx in favor of
Mojo::UserAgent::build_tx.
- Deprecated Mojo::UserAgent::post_form in favor of Mojo::UserAgent::post.
- Deprecated Mojo::UserAgent::post_json in favor of Mojo::UserAgent::post.
- Deprecated Mojo::UserAgent::Transactor::form in favor of
Mojo::UserAgent::Transactor::tx.
- Deprecated Mojo::UserAgent::Transactor::json in favor of
Mojo::UserAgent::Transactor::tx.
- Deprecated Test::Mojo::post_form_ok in favor of Test::Mojo::post_ok.
- Deprecated Test::Mojo::post_json_ok in favor of Test::Mojo::post_ok.
- Deprecated ojo::f in favor of ojo::p.
- Deprecated ojo::n in favor of ojo::p.
- Added support for pluggable content generators to
Mojo::UserAgent::Transactor. (judofyr, sri)
- Added generators attribute to Mojo::UserAgent::Transactor.
- Added add_generator method to Mojo::UserAgent::Transactor.
- Updated jQuery to version 1.9.1.
- Improved documentation.
- Improved tests.
- Fixed memory leak in development not found page.
- Fixed custom temporary directory bug in Mojo::Asset::File.
3.84 2013-01-30
- Deprecated after_static_dispatch hook in favor of before_routes.
- Added after_static hook.
- Fixed small file descriptor leak in Mojo::UserAgent.
3.83 2013-01-27
- Moved bundled static files to mojo directory.
- Improved documentation.
- Improved tests.
- Fixed small Getopt::Long configuration bug in Mojolicious::Commands.
Changelog:
Version 4.5.7 Feb 20th 2013
Fix for 3rd party apps dropping the database
Fix SubAdmins management
Fix PHP warnings
Fix compatibility with some CIFS shares
More robust apps management
Remove not needed AWS tests
Improved mime type parsing
Several sharing fixes
Offer the option to change the password only supported by the backend
More robust auto language detection
Revoke DB rights on install only if the db is newly created
Fix rendering of database connection error page
LDAP: update quota more often
Multiple XSS vulnerabilities (oC-SA-2013-003)
Multiple CSRF vulnerabilities (oC-SA-2013-004)
PHP settings disclosure (oC-SA-2013-005)
Multiple code executions (oC-SA-2013-006)
Privilege escalation in the calendar application (oC-SA-2013-007)
Changelog:
Fix the following security bugs.
SECURITY: CVE-2012-3499 (cve.mitre.org) Various XSS flaws due to unescaped hostnames and URIs HTML output in mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp.
SECURITY: CVE-2012-4558 (cve.mitre.org) XSS in mod_proxy_balancer manager interface.
Changelog:
FIXED
Security fixes can be found here
FIXED
Improvements to the Click-to-Play vulnerable plugin blocklisting feature
Fixed in Firefox ESR 17.0.3
MFSA 2013-28 Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer
MFSA 2013-27 Phishing on HTTPS connection through malicious proxy
MFSA 2013-26 Use-after-free in nsImageLoadingContent
MFSA 2013-25 Privacy leak in JavaScript Workers
MFSA 2013-24 Web content bypass of COW and SOW security wrappers
MFSA 2013-21 Miscellaneous memory safety hazards (rv:19.0 / rv:17.0.3)
= Changes in 2.3.3 =
February 24, 2013 - version 2.3.3
* Changes
* #144 Add User-Agent field by default. You can remove the header by
setting nil to HTTPClient#agent_name.
* enigmail is broken
Changelog:
SeaMonkey-specific changes
Reply to List is now supported.
SSL-related warning prompts (leaving or entering a secure site, viewing mixed content) have been replaced by less intrusive, non-modal notification bars.
See the changes page for minor changes.
Mozilla platform changes
Image quality has been improved through a new HTML scaling algorithm.
Canvas elements can export their content as an image blob using canvas.toBlob() now.
CSS @page is now supported.
CSS viewport-percentage length units have been implemented (vh, vw, vmin and vmax).
CSS text-transform now supports full-width.
Fixed several stability issues.
Fixed in SeaMonkey 2.16
MFSA 2013-28 Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer
MFSA 2013-27 Phishing on HTTPS connection through malicious proxy
MFSA 2013-26 Use-after-free in nsImageLoadingContent
MFSA 2013-25 Privacy leak in JavaScript Workers
MFSA 2013-24 Web content bypass of COW and SOW security wrappers
MFSA 2013-23 Wrapped WebIDL objects can be wrapped again
MFSA 2013-22 Out-of-bounds read in image rendering
MFSA 2013-21 Miscellaneous memory safety hazards (rv:19.0 / rv:17.0.3)
Security-fix release. Here's a brief summary of each issue and its resolution:
Issue: Host header poisoning: an attacker could cause Django to generate and display URLs that link to arbitrary domains. This could be used as part of a phishing attack. These releases fix this problem by introducing a new setting, ALLOWED_HOSTS, which specifies a whitelist of domains your site is known to respond to.
Important: by default Django 1.3.6 and 1.4.4 set ALLOWED_HOSTS to allow all hosts. This means that to actually fix the security vulnerability you should define this setting yourself immediately after upgrading.
Issue: Formset denial-of-service: an attacker can abuse Django's tracking of the number of forms in a formset to cause a denial-of-service attack. This has been fixed by adding a default maximum number of forms of 1,000. You can still manually specify a bigger max_num, if you wish, but 1,000 should be enough for anyone.
Issue: XML attacks: Django's serialization framework was vulnerable to attacks via XML entity expansion and external references; this is now fixed. However, if you're parsing arbitrary XML in other parts of your application, we recommend you look into the defusedxml Python packages which remedy this anywhere you parse XML, not just via Django's serialization framework.
Issue: Data leakage via admin history log: Django's admin interface could expose supposedly-hidden information via its history log. This has been fixed.
Collection.
nginx (pronounced "engine X") is a lightweight web (HTTP) server/reverse proxy
and mail (IMAP/POP3) proxy written by Igor Sysoev.
nginx has been running for more than three years on many heavily loaded Russian
sites including Rambler (RamblerMedia.com). In March 2007 about 20% of all
Russian virtual hosts were served or proxied by nginx. According to Google
Online Security Blog nginx serves or proxies about 4% of all Internet virtual
hosts, although Netcraft shows much less percent.
The sources are licensed under a BSD-like license.
Serf 0.7.2 [2011-03-12, branch 0.7.x r1451]
Actually disable Nagle when creating a connection (r1441).
Return error when app asks for HTTPS over proxy connection (r1433).
Serf 0.7.1 [2011-01-25, branch 0.7.x r1431]
Fix memory leak when using SSL (r1408, r1416).
Fix build for blank apr-util directory (r1421).
Serf 0.7.0 [2010-08-25, r1407]
Fix double free abort when destroying request buckets.
Fix test server in unit test framework to avoid random test failures.
Allow older Serf programs which don't use the new authn framework to still
handle authn without forcing them to switch to the new framework. (r1401)
Remove the SERF_DECLARE macros, preferring a .DEF file for Windows
Barrier buckets now pass read_iovec to their wrapped bucket.
Fix HTTP header parsing to allow for empty header values.
Serf 0.6.1 [2010-05-14, r1370]
Generally: this release fixes problems with the 0.4.0 packaging.
Small compilation fix in outgoing.c for Windows builds.
Serf 0.6.0 [2010-05-14, r1363]
Not released.
Serf 0.5.0
Not released.
Serf 0.4.0 [2010-05-13, r1353]
[NOTE: this release misstated itself as 0.5.0; use a later release instead]
Provide authn framework, supporting Basic, Digest, Kerberos (SSPI, GSS),
along with proxy authn using Basic or Digest
Added experimental listener framework, along with test_server.c
Improvements and fixes to SSL support, including connection setup changes
Experimental support for unrequested, arriving ("async") responses
Experimental BWTP support using the async arrival feature
Headers are combined on read (not write), to ease certian classes of parsing
Experimental feature on aggregate buckets for a callback-on-empty
Fix the bucket allocator for when APR is using its pool debugging features
Proxy support in the serf_get testing utility
Fix to include the port number in the Host header
serf_get propagates errors from the response, instead of aborting (Issue 52)
Added serf_lib_version() for runtime version tests
Serf 0.3.1 [2010-02-14, r1320]
Fix loss of error on request->setup() callback. (Issue 47)
Support APR 2.x. (Issue 48)
Fixed slowdown in aggregate bucket with millions of child buckets.
Avoid hang in apr_pollset_poll() by unclosed connections after fork().
Geeklog History/Changes:
Feb 19, 2013 (1.8.2sr1)
------------
This release addresses the following security issues:
- High-Tech Bridge Security Research Lab reported an XSS in the calendar_type
parameter in the Calendar plugin (HTB23143).
- Trustwave Spiderlabs reported XSS in the install script, the Configuration,
as well as in the Admin interfaces for the Polls plugin and the Topic editor
(TWSL2013-001).
Not security-related:
- Fixed Twitter OAuth login by switching to version 1.1 of the Twitter API
(feature request #0001506).
Version 3.0.5 (2013-02-19)
--------------------------
### Fixed
Removed the pixel unit from the video width and height attributes (see #5383).
### Fixed
Correctly load the language files (see #5384).
*) Change: now if the "include" directive with mask is used on Unix
systems, included files are sorted in alphabetical order.
*) Change: the "add_header" directive adds headers to 201 responses.
*) Feature: the "geo" directive now supports IPv6 addresses in CIDR
notation.
*) Feature: the "flush" and "gzip" parameters of the "access_log"
directive.
*) Feature: variables support in the "auth_basic" directive.
*) Feature: the $pipe, $request_length, $time_iso8601, and $time_local
variables can now be used not only in the "log_format" directive.
Thanks to Kiril Kalchev.
*) Feature: IPv6 support in the ngx_http_geoip_module.
Thanks to Gregor Kali¨nik.
*) Bugfix: nginx could not be built with the ngx_http_perl_module in
some cases.
*) Bugfix: a segmentation fault might occur in a worker process if the
ngx_http_xslt_module was used.
*) Bugfix: nginx could not be built on MacOSX in some cases.
Thanks to Piotr Sikora.
*) Bugfix: the "limit_rate" directive with high rates might result in
truncated responses on 32-bit platforms.
Thanks to Alexey Antropov.
*) Bugfix: a segmentation fault might occur in a worker process if the
"if" directive was used.
Thanks to Piotr Sikora.
*) Bugfix: a "100 Continue" response was issued with "413 Request Entity
Too Large" responses.
*) Bugfix: the "image_filter", "image_filter_jpeg_quality" and
"image_filter_sharpen" directives might be inherited incorrectly.
Thanks to Ian Babrou.
*) Bugfix: "crypt_r() failed" errors might appear if the "auth_basic"
directive was used on Linux.
*) Bugfix: in backup servers handling.
Thanks to Thomas Chen.
*) Bugfix: proxied HEAD requests might return incorrect response if the
"gzip" directive was used.
*) Bugfix: a segmentation fault occurred on start or during
reconfiguration if the "keepalive" directive was specified more than
once in a single upstream block.
*) Bugfix: in the "proxy_method" directive.
*) Bugfix: a segmentation fault might occur in a worker process if
resolver was used with the poll method.
*) Bugfix: nginx might hog CPU during SSL handshake with a backend if
the select, poll, or /dev/poll methods were used.
*) Bugfix: the "[crit] SSL_write() failed (SSL:)" error.
*) Bugfix: in the "fastcgi_keep_conn" directive.
+ updated MESSAGES in order to show a working logrotate.
Upstream changes:
1.3110 06.10.2012
[ BUG FIXES ]
* GH #817, #823, #825: Removing Clone from core. Pure-perl environments
supported again (Sawyer X).
* GH #755, #819, #827, #828: HTTP::Headers accepted by dancer_response
(Roberto Patriarca, Dagfinn Ilmari Mannsåker, draxil, perlpong).
[ ENHANCEMENTS ]
* GH #826: The version of wallflower shipped with Dancer has been removed.
It was well out of date. BooK is now maintaining it as a more general
solution under the name App::Wallflower. (BooK)
* GH #834: Provide empty Headers object if not defined (Yanick Champoux).
* GH #840, #841: Dancer::Plugin::Ajax now has content_type (Lee Carmichael).
[ DOCUMENTATION ]
* GH #821: Pointing to new homepage (alfie).
* GH #822: Typos in documentation (Stefan Hornburg - racke).
* GH #824: Fix in Dancer/Session.pm (pdl).
* GH #830: Fix Github links to https:// (Olivier Mengué).
* GH #838: Error in Dancer::Plugin::Ajax Documentation (Lee Carmichael).
* GH #839: Typo (goblin).
This relase contains fix for CVE-2012-6112(TinyMCE), too.
Version 3.0.4 (2013-02-14)
--------------------------
### Fixed
Correctly split the words when adding to the search index (see #5363).
### Fixed
If an eagerly loaded relation does not exist, return `null` instead of an empty
model in `Model::getRelated()` (see #5356).
### Fixed
Throw an exception if the file system and the database are out of sync and
show a meaningful error message (see #5101).
### Fixed
Return an associative array in `Model_Collection::fetchEach()` if the requested
field is **not** `id` (see #5134).
### Fixed
Make eagerly loaded "pageTree" fields mandatory again (see #4866).
### Fixed
Do not use forward pages as upper page in the book navigation (see #5074).
### Fixed
Correctly show the "empty news list" note (see #5304).
### Fixed
Correctly sort values by an external order field (see #5322).
### Fixed
Define the login status constants in the back end (see #4099, #5279).
### Fixed
Make sure the drag'n'drop hints do not overlay the field labels (see #5338).
### Fixed
Apply the color picker to single fields as well (see #5240).
### Fixed
Correctly close the SimpleModal overlay with the escape key (see #5297).
### Updated
Update TinyMCE to version 3.5.8 (see #5273).
### Fixed
Correctly check for nested arrays in `Widget::isValidOption()` (see #5328).
### Fixed
Preserve the order of multi source fields when exporting a theme (see #5237).
### Fixed
Also check whether the target exists when creating new folders (see #5260).
### Fixed
Load the core `autoload.php` files first (see #5261).
### Fixed
Support `null` as column default value in the DCA (see #5252).
### New
Added the `$blnDoNotCreate` option to the `Files` class, which makes the class
write to a temporary file first and then move it to its destination in one
atomic operation. This fixes some cache issues (see #5307).
### Fixed
Handle `@` blocks when importing style sheets (see #5250).
### Fixed
Show the newsletter list even if there is no jumpTo page configured in the
channel and show the enclosures in the newsletter reader (see #5233).
### Fixed
Added an option to load model relations uncached (see #5248, #5102). Also fixed
the `array_merge()` order so the default options can be overriden.
### Updated
Updated SimplePie to version 1.3.1 (see #5207).
### Updated
Updated SwiftMailer to version 4.3.0 (see #5263).
### Fixed
The jQuery accordion script did not work with minified markup (see #5245).
### Fixed
Removed the "spaceToUnderscore" option from all alias fields (see #5266).
### Fixed
The media content element now supports .ogg files (see #5282).
### Fixed
Do not rewrite requests for .mp3, .mp4, .webm or .ogv files (see #5258, #5284).
### Fixed
Correctly determin the last run of the command scheduler (see #5278).
### Fixed
Make the jQuery accordion behave like the MooTools version (see #5251).
### Fixed
Added support for more advanced media queries (see #5236).
### Fixed
Added the missing `UserGroupModel` class (see #5218).
### Fixed
Handle the case that `glob()` returns `false` (see #5226).
### Fixed
The table sorter did not work if jQuery and MooTools were active (see #5228).
### Fixed
Copy all content elements if pages are duplicated with childs (see #5241).
### Fixed
Added lazy template loading for newsletter mail templates.
The only significant packaging change is to drop the dependency on
py-subversion. It's still needed to use subversion repositories, but
use of svn is now optional.
Update provided by Martin Resnick of BBN, with minor tweaks by me.
Trac 1.0 'Cell' (September 7, 2012)
http://svn.edgewall.org/repos/trac/tags/trac-1.0
Trac 1.0 is a major release adding refreshed user interface and
improved DVCS repository support as the most visible changes.
The following list contains only a few highlights:
- The default theme looks more modern, especially on recent browsers
(no effort has been made to make it look better on older browsers
like IE6 or 7)
- The TracHacks GitPlugin has been donated by Herbert Valerio Riedel
to the Trac project (many thanks!) and is now maintained here as an
optional component
- As a consequence, the Subversion support has been moved below
`tracopt.versioncontrol` as well
- The Git and Mercurial log view feature a visualization of the
branching structure
- Usability improvements for the tickets, with a better support for
conflict detection and resolution
- Integration of the TracHacks BatchModifyPlugin, contributed by
Brian Meeker (many thanks!) and is now maintained there as a
default component
- jQuery/UI integration, featuring a date picker for date fields
- Improved integration with Pygments syntax highlighting
- ... and numerous smaller features added and bugs fixed since 0.12!
= Changelog
== Version 3.0.1 - 2013-02-06
* Switch to using puma for the webserver
* Switch to using simplecov for coverage testing
* Update all gem dependencies
* Update to fixme project template
* Convert to minitest
== Version 2.1.0 - 2011-03-17
* Update to Launchy 1.0.0
* Update to Thin 1.2.8
Puma: A Ruby Web Server Built For Concurrency
Puma is a simple, fast, and highly concurrent HTTP 1.1 server for Ruby web
applications. It can be used with any application that supports Rack, and is
considered the replacement for Webrick and Mongrel. It was designed to be the
go-to server for Rubinius, but also works well with JRuby and MRI. Puma is
intended for use in both development and production environments.
= Contributed Plugins and Utilities
This package includes a variety of add-on components for Padrino Framework:
* exception_notifier - Send errors through mail or/and to redmine
* auto_locale - Switch for you automatically the I18n.locale
* flash_session - Middleware that help you in passing your
session in the URI, when it should be in the
cookie.
* orm_ar_permalink - Generate permalink for a specified column on
ActiveRecord
* orm_ar_permalink_i18n - Generate permalink for a specified multi
language column(s) on ActiveRecord
* orm_ar_translate - Translate for you your ActiveRecord columns
* orm_mm_permalink - Generate permalink for a specified column on
MongoMapper
* orm_mm_search - Full text search in MongoMapper in specified
columns
* helpers_assets_compressor - Joins and compress your js/css with
yui-compressor
Opera 12.14 is a recommended upgrade offering security and stability enhancements.
Fixes and Stability Enhancements since Opera 12.13
General and User Interface
* Update addresses a re-occuring crash, allowing users to update two or more
extensions at one time.
* htmlscrubber: Allow the bitcoin URI scheme.
* htmlscrubber: Allow the URI schemes of major VCS's.
* aggregate: When run with --aggregate, if an aggregation is already
running, don't go on and --refresh.
* trail: Avoid excess dependencies between pages in the trail
and the page defining the trail. Thanks, smcv.
* opendiscussion: Don't allow editing discussion pages if discussion pages
are disabled. (smcv)
* poll: Add expandable option to allow users to easily add new choices to
a poll.
* trail: Avoid massive slowdown caused by pagetemplate hook when displaying
dynamic cgi pages, which cannot use trail anyway.
* Deal with empty diffurl in configuration.
* cvs: Various fixes. (schmonz)
* highlight: Now adds a span with class highlight-<extension> around
highlighted content, allowing for language-specific css styling.
* Allowing railtie and compressor to honor config settings for sass.style and
assets.css_compressor with default values if not otherwise set. This allows
assets.css_compressor = :yui to actually work!
3.2.5
* Fix a bug where bogus @extend warnings were being generated.
* Fix an @import bug on Windows. Thanks to Darryl Miles.
* Ruby 2.0.0-preview compatibility. Thanks to Eric Saxby.
* Fix incorrect line numbering when using DOS line endings with the indented
syntax.
3.2.4
* Fix imports from .jar files in JRuby. Thanks to Alex Hvostov.
* Allow comments within @import statements in SCSS.
* Fix a parsing performance bug where long decimals would occasionally take
many minutes to parse.
## 2.2.1 (08 February 2013)
- Updated to jQuery 1.9.1
- Updated to latest jquery-ujs
## 2.2.0 (19 January 2012)
- Updated to jQuery 1.9.0
- Updated to latest jquery-ujs
= Application Extensions and Helpers (padrino-helpers)
=== Overview
This component provides a great deal of view helpers related to html markup
generation.
There are helpers for generating tags, forms, links, images, and more. Most of
the basic methods should be very familiar to anyone who has used rails view
helpers.
= Simple Mailer Support (padrino-mailer)
=== Overview
This component creates an easy and intuitive interface for delivering email
within a Sinatra application. The mail library is utilized to do the bulk of
the work. There is full support for rendering email templates, using an html
content type and for file attachments.
The Padrino Mailer uses a familiar Sinatra syntax similar to that of defining
routes for a controller.
= Admin Dashboard and Authentication (padrino-admin)
=== Overview
Padrino has a beautiful Admin management dashboard with these features:
Orm Agnostic::Data Adapters for Datamapper, Activerecord, Sequel, Mongomapper,
Mongoid, Couchrest.
Template Agnostic:: Erb, Erubis and Haml Renderer.
Authentication:: Support for Account authentication, Account Permission
managment.
Scaffold:: You can simply create a new "admin interface" by providing a Model.
Access Control:: Supports authentication and role permissions for your
application.
= Agnostic Application Generators (padrino-gen)
=== Overview
Padrino comes preloaded with flexible code generators powered in part by the
excellent Thor gem (incidentally also used in the Rails 3 generators).
These generators are intended to allow for easy code generation both in
creating new applications and building on existing ones.
The generators have been built to be as library agnostic as possible,
supporting a myriad of test frameworks, js libraries, mocking libraries, etc.
= Painless Page and Fragment Caching (padrino-cache)
== Overview
This component enables caching of an application's response contents on
both page- and fragment-levels. Output cached in this manner is persisted,
until it expires or is actively expired, in a configurable store of your
choosing. Several common caching stores are supported out of the box.
= Padrino (padrino-core)
Padrino is the godfather of Sinatra.
== Preface
Padrino is a ruby framework built upon the excellent Sinatra Microframework
[http://www.sinatrarb.com].
Sinatra is a DSL for creating simple web applications in Ruby with speed and
minimal effort.
This framework tries hard to make it as fun and easy as possible to code much
more advanced web applications by building upon the Sinatra philosophies and
foundation.
UrlMount is a universal mount point designed for use in rack applications.
It provides a simple way to pass a url mounting point to the mounted
application.
This means that when you mount an application in the url space, it's a simple
call to url to get the mount point of where the application is.
# rack-rewrite
A rack middleware for defining and applying rewrite rules. In many cases you
can get away with rack-rewrite instead of writing Apache mod_rewrite rules.
Collection of common Sinatra extensions, semi-officially supported.
# Goals
* For every future Sinatra release, have at least one fully compatible release
* High code quality, high test coverage
* Include plugins people usually ask for a lot
= 1.3.4 / 2012-01-26
* Improve documentation. (Kashyap, Stanislav Chistenko, Konstantin Haase,
ymmtmsys, Anurag Priyam)
* Adjustments to template system to work with Tilt edge. (Konstantin Haase)
* Fix streaming with latest Rack release. (Konstantin Haase)
* Fix default content type for Sinatra::Response with latest Rack release.
(Konstantin Haase)
* Fix regression where + was no longer treated like space. (Ross Boucher)
* Status, headers and body will be set correctly in an after filter when using
halt in a before filter or route. (Konstantin Haase)
# HTTP Router
## What is it?
This is an HTTP router for use in either a web framework, or on it's own using
Rack. It takes a set of routes and attempts to find the best match for
it. Take a look at the examples directory for how you'd use it in the Rack
context.
## Features
* Ordered route resolution.
* Supports variables, and globbing, both named and unnamed.
* Regex support for variables.
* Request condition support.
* Partial matches.
* Supports interstitial variables (e.g.
/my-:variable-brings.all.the.boys/yard) and unnamed variable /one/:/two
* Very fast and small code base (~1,000 loc).
* Sinatra via https://github.com/joshbuddy/http_router_sinatra
Fixed in 7.29.0 - February 6 2013
Release contains security-related bug fix
(already fixed in pkgsrc)
Changes:
test: offer "automake" output and check for perl better
always-multi: always use non-blocking internals
imap: Added support for sasl digest-md5 authentication
imap: Added support for sasl cram-md5 authentication
imap: Added support for sasl ntlm authentication
imap: Added support for sasl login authentication
imap: Added support for sasl plain text authentication
imap: Added support for login disabled server capability
mk-ca-bundle: add -f, support passing to stdout and more
writeout: -w now supports remote_ip/port and local_ip/port
Bugfixes:
SECURITY ADVISORY: SASL buffer overflow vulnerability
nss: prevent NSS from crashing on client auth hook failure
darwinssl: Fixed inability to disable peer verification on Snow Leopard and Lion
curl_multi_remove_handle: fix memory leak triggered with CURLOPT_RESOLVE
SCP: relative path didn't work as documented
setup_once.h: HP-UX issue workaround
configure: fix cross pkg-config detection
runtests: Do not add undefined values to @INC
build: fix compilation with CURL_DISABLE_CRYPTO_AUTH flag
multi: fix re-sending request on early connection close
HTTP: remove stray CRLF in chunk-encoded content-free request bodies
build: fix AIX compilation and usage of events/revents
VC Makefiles: add missing hostcheck
nss: clear session cache if a client certificate from file is used
nss: fix error messages for CURLE_SSL_{CACERT,CRL}_BADFILE
fix HTTP CONNECT tunnel establishment upon delayed response
--libcurl: fix for non-zero default options
FTP: reject illegal port numbers in EPSV 229 responses
build: use per-target '_CPPFLAGS' for those currently using default
configure: fix automake 1.13 compatibility
curl: ignore SIGPIPE
pop3: Added support for non-blocking SSL upgrade
pop3: Fixed default authentication detection
imap: Fixed usernames and passwords that contain escape characters
packages/DOS/common.dj: remove COFF debug info generation
imap/pop3/smtp: Fixed failure detection during TLS upgrade
pop3: Fixed no known authentication mechanism when fallback is required
formadd: reject trying to read a directory where a file is expected
formpost: support quotes, commas and semicolon in file names
docs: update the comments about loading CA certs with NSS
docs: fix typos in man pages
darwinssl: Fix bug where packets were sometimes transmitted twice
winbuild: include version info for .dll .exe
schannel: Removed extended error connection setup flag
VMS: fix and generate the VMS build config
The most important of these new features are:
* SQL Database logging helper
* Time-Quota session helper
* SSL-Bump Server First
* Server Certificate Mimic
* Custom HTTP request headers
* Remove or modify some patches that is obsolete or fixed in another way
like devel/xulrunner.
Changelog:
Fixes in 2.15.2
Applications could not be removed from the "Application details" dialog under Preferences, Helper Applications (bug 826771).
View / Message Body As could show menu items out of context (bug 831348).
Fixes in 2.15.1
Problems involving HTTP proxy transactions have been fixed (bug list).
The Unity player crashed on Mac OS X (bug 828954).
This relase contains fix for CVE-2012-6112(TinyMCE), too.
Version 2.11.9 (2013-02-05)
---------------------------
### Fixed
Support numeric front end dates in the form generator (see #5238).
### Fixed
Support whitespace characters when parsing simple tokens (see #5323).
### Fixed
Allow to run multiple TinyMCE instances with different configurations on the
same page (thanks to Andreas Schempp) (see #4453).
### Fixed
Correctly trigger the "saveNewPassword" hook (see #5247).
### Fixed
Consider the `save_callback` of the password field in `tl_user` when a back end
user is forced to change his password (see #5138).
### Fixed
Do not group standalone lightbox elements on HTML5 pages (see #3742).
### Fixed
Anonymize IP addresses in `Form::processFormData()` (see #5255).
### Fixed
Replaced the 1200 pixel limit when resizing images with the values defined in
the system settings (see #5268).
### Fixed
Make sure there is an array in `Controller::generateMargin()` (see #5217).
### Fixed
More robust input validation in the back end filter menu and no more absolute
paths in error messages printed to the screen (thanks to aulmn) (see #4971).
### Fixed
Unset non-existing fields when restoring versions (see #5219).
Fri Feb 1 10:19:44 CET 2013
Handle case where POST data contains "key=" without value
at the end and is not new-line terminated by invoking the
callback with the "key" during MHD_destroy_post_processor (#2733). -CG
Wed Jan 30 13:09:30 CET 2013
Adding more 'const' to allow keeping of reason phrases in ROM.
(see mailinglist). -CG/MV
Tue Jan 29 21:27:56 CET 2013
Make code work with PlibC 0.1.7 (which removed plibc_init_utf8).
Only relevant for W32. Fixes#2734. -CG
Sat Jan 26 21:26:48 CET 2013
Fixing regression introduced Jan 6 (test on data_size instead
of total_size. -CG
Fri Jan 11 23:21:55 CET 2013
Also return MHD_YES from MHD_destroy_post_processor if
we did not get '\r\n' in the upload. -CG
Sun Jan 6 21:10:13 CET 2013
Enable use of "MHD_create_response_from_callback" with
body size of zero. -CG
*) Feature: the $request_time and $msec variables can now be used not
only in the "log_format" directive.
*) Bugfix: cache manager and cache loader processes might not be able to
start if more than 512 listen sockets were used.
*) Bugfix: in the ngx_http_dav_module.
+ Under NetBSD 5.1_STABLE, a large number of included vhosts led to SEGV, this
does not occur with nginx 1.2.6.
Opera 12.13 is a recommended upgrade offering security and stability
enhancements.
Fixes and Stability Enhancements since Opera 12.12
General and User Interface
* Fixed an issue where Opera gets internal communication errors on Facebook
* Fixed an issue where no webpages load on startup, if Opera is disconnected
from the Internet
* Fixed an issue where images will not load after back navigation, when a site
uses the HTML5 history API (deviantart.com)
Linux and Windows
* A new stand-alone update-checker, as part of a planned upgrade of the
auto-update system
Windows
* Improved protection against hijacking of the default search, including
a one-time reset
Security
* Fixed an issue where DOM events manipulation might be used to execute
arbitrary code, as reported by Arthur Gerkis; see our advisory:
http://www.opera.com/support/kb/view/1042/
* Fixed an issue where use of SVG clipPaths could allow execution of arbitrary
code, as reported by anonymous via the iSIGHT Partners GVP Program; see our
advisory:
http://www.opera.com/support/kb/view/1043/
* Fixed a low severity security issue; details will be disclosed at a later
date
* Fixed an issue where CORS requests could omit the preflight request, as
reported by webpentest; see our advisory:
http://www.opera.com/support/kb/view/1045/
Upstream changes:
1.0016 Thu Jan 31 13:21:14 PST 2013
[SECURITY]
- Fixed directory traversal bug in Plack::App::File on win32 environments
[INCOMPATIBLE CHANGES]
- Updated Plack::Builder OO interface to be more natural. Still keeps backward
compatible to the old ->mount() and ->to_app() interface.
[NEW FEATURES]
- Static middleware 'path' callback now takes $env as a 2nd argument (avar)
- Static middleware takes 'content_type' callback to determine custom MIME (pstadt)
[IMPROVEMENTS]
- Fixed regexp warning for blead (doy)
- Documentation update for AccessLog::Timed to suggest Runtime (ether)
- Ignore vim swap files on restarter (nihen)
- Major doucmentation overhaul on Apache2 startup files (rkitover, avar)
Features:
* Drag&Drop reordering of photos in the plugin admin
* Unlimited, auto-discovered custom templates - you can change template of
given gallery at anytime, use javascript galleries etc.
based on a source image. So whenever a thumbnail does not exist or if the
source was modified more recently than the existing thumbnail, a new thumbnail
is generated (and saved).
* `6753235d`: Return bounded output from `rcs_diff()` when asked, as
the API states.
* `e45175d5`: Always explicitly set CVS keyword substitution behavior.
Fixes behavior when a text file is added under a name formerly
used for a binary file.
* `b30cacdf`: If the previous working directory no longer exists after
a CVS operation, don't try to `chdir()` back to it afterward.
Bump PKGREVISION.
- added a sitemap.xml.
- added some templatetags.
- started using Sphinx for managing documentation.
- started using Transifex for managing translations.
- started using Travis CI.
- added 12 new translations and improved some of the existing translations.
- fixed issue 29 (quote URL of resized image properly).
- misc improvements to clarity of unit tests.
- added Django 1.4 timezone support.
Version 1.0.3
-------------
Released January 24, 2013
- Tests complete in python 3.2/3.3.
- Localization for ru, fr.
- Minor fixes in documentation for clarity.
- FieldList now can take validators on the entire FieldList.
- ext.sqlalchemy model_form:
* Fix issue with QuerySelectField
* Fix issue in ColumnDefault conversion
* Support Enum type
- Field class now allows traversal in Django 1.4 templates.
Changes:
0.3006 Wed Dec 19 09:55:05 JST 2012
- Clear out @ARGV, rather than restoring it, to avoid messing with Net::Server internals
0.3005 Wed Nov 14 19:46:31 PST 2012
- Added a warning in runtime/documentation to NOT use -r/-R with Starman
0.3004 Thu Nov 8 19:40:45 PST 2012
- Added --interval option to the sample start_server command
- Makefile.PL fix
0.3003 Thu Sep 27 09:39:56 JST 2012
- Fixed the test hang in some environments, introduced in 0.3002 [RT:79865]
0.3002 Tue Sep 25 15:26:43 JST 2012
- Added a documentation for --signal-on-term for Server::Starter 0.12 (kazuho, ether)
- Set REMOTE_PORT PSGI environment variable #50 (dex4er)
- Fix a test failure with a directory containing whitespace (clkao)
0.3001 Mon Jun 25 10:57:20 PDT 2012
- Fix SERVER_NAME and SERVER_PORT not exist on UNIX socket mode #24
- Improved documentation
- Ensure that chunk buffer contains terminating HTTP newline (Peter Makholm)
0.3000 Mon Feb 20 16:31:44 PST 2012
- This be a 0.3 release
0.29_90 Thu Dec 1 19:40:52 PST 2011
- Changed the way server handles HUP and QUIT signals
HUP will just restart all the workers gracefully
QUIT will gracefully shutdown workers and the master
See `man 1 starman` and look for SIGNALS section.
Changes:
1.50 Jul 11, 2012
[ DISTRIBUTION ]
- Switch to Dist::Zilla
- Eliminate HTML docs from distribution, available on web
- Move live Apache tests to author-only
1.49 Feb 27, 2012
[ DOCS ]
- Fixed misspellings in docs. RT #74676. Reported by Salvatore Bonaccorso.
1.48 Feb 3, 2012
[ BUG FIXES ]
- Calling a subcomponent from inside an anonymous component (created via
$interp->make_component) caused an uninitialized value warning. Reported by
Javier Amor Garcia.
Changes:
2.5 June 10th, 2012
New features, thanks to Michael Peters (RT#46258):
- Support for using an alternative HTML::FillInForm class
via param dfv_fif_class.
- Support for supplying defaults for HTML::FillInForm->fill
via param dfv_fif_defaults.
ChangeLog:
0.12 Thu Aug 4 23:56:00 BST 2011
- Changed a test case to be less picky about the actual text captured
from warnings. This was done to support some changes introduced by
the Catalyst -> PSGI port.
ChangeLog:
0.10022 08 Jan 2013
- Fix NoPasswd store (skaufman)
0.10021 30 June 2012
- Change all classes to Moose and MooseX::Emulate::Class::Accessor::Fast,
fixing undeclared dependency on Class::Accessor::Fast.
- Change Catalyst::Authentication::Realm to use String::RewritePrefix
rather than doing namespace mangling manually.
- Fix whitespace and tabs, add Test::EOL and Test::NoTabs
- Document optional methods in stores needed for auto_create_user
and auto_update_user in realms.
- Clarify support channels
- Note primary maintainer in docs.
- Add x_authority metadata.
- Get the NAME right by making it 1 line, due to crappy parsing
in EU::MM (RT#77028)
0.10020 05 May 2012
- Allow user_class to be configured for Catalyst::Authentication::Store::Minimal
(Jochen Lutz <jlu@akk.org>)
0.10019 14 April 2012
- Upgrade code to use Moose compatibility layer (jnap)
- Added some rules to .gitignore for people using macs (jnap)
- Updated copyright info
- Catalyst::Plugin::Authentication::Credential::NoPassword added
(Okko)
- Convert repository to git (fREW Schmidt)
ChangeLog:
- Fixed 'application/x-www-form-urlencoded' for AJAX POSTs post
Firefox 3.x
+ First sourceforge.net hosted version
+ Incremented version number to actually match SVN branch tag
+ Switched to Big-endian date format in the documentation.
Less chance of misunderstandings
