Summary of changes between 2.1.x and 2.3.x are listed below. For a more
readable version please see the following URLs:
http://docs.couchdb.org/en/latest/whatsnew/2.3.htmlhttp://docs.couchdb.org/en/latest/whatsnew/2.2.htmlhttp://docs.couchdb.org/en/latest/whatsnew/2.1.html
2.3.x Branch Upgrade Notes
#1602: To improve security, there have been major changes in the configuration
of query servers, SSL support, and HTTP global handlers:
Query servers are NO LONGER DEFINED in the .ini files, and can no longer be
altered at run-time.
The JavaScript and CoffeeScript query servers continue to be enabled by
default. Setup differences have been moved from default.ini to the couchdb and
couchdb.cmd start scripts respectively.
Additional query servers can now be configured using environment variables:
export COUCHDB_QUERY_SERVER_PYTHON="/path/to/python/query/server.py with args"
couchdb
where the last segment in the environment variable (_PYTHON) matches the usual
lowercase(!) query language in the design doc language field (here, python.)
Multiple query servers can be configured by using more environment variables.
You can also override the default servers if you need to set command- line
options (such as couchjs stack size):
export COUCHDB_QUERY_SERVER_JAVASCRIPT="/path/to/couchjs /path/to/main.js -S <STACKSIZE>"
couchdb
The mango query server continues to be enabled by default. The Erlang query
server continues to be disabled by default. This change adds a
[native_query_servers] enable_erlang_query_server = BOOL setting (defaults to
false) to enable the Erlang query server.
If the legacy configuration for enabling the query server is detected, that is
counted as a true setting as well, so existing configurations continue to work
just fine.
SSL Support
Enabling SSL support in the ini file is now easier:
[ssl]
enable = true
If the legacy httpsd configuration is found in your ini file, this will still
enable SSL support, so existing configurations do not need to be changed.
HTTP global handlers
These are no longer defined in the default.ini file, but have been moved to the
couch.app context. If you need to customize your handlers, you can modify the
app context using a couchdb.config file as usual.
#1602: Also to improve security, the deprecated os_daemons and
couch_httpd_proxy functionality has been completely removed ahead of the
planned CouchDB 3.0 release. We recommend the use of OS-level daemons such as
runit, sysvinit, systemd, upstart, etc. to launch and maintain OS daemons
instead, and the use of a reverse proxy server in front of CouchDB (such as
haproxy) to proxy access to other services or domains alongside CouchDB.
#1543: The node-local (default port 5986) /_restart endpoint has been replaced
by the clustered (default port 5984) endpoint /_node/$node/_restart and
/_node/_local/_restart endpoints. The node-local endpoint has been removed.
#1764: All python scripts shipped with CouchDB, including couchup and the
dev/run development cluster script, now specify and require Python 3.x.
#1396: CouchDB is now compatible with Erlang 21.x.
#1680: The embedded version of rebar used to build CouchDB has been updated to
the last version of rebar2 available. This assists in building on non-x86
platforms.
#1857: Refuse building with known bad versions of Erlang.
2.2.x Branch Upgrade Notes
The minimum supported version of Erlang is now 17, not R16B03. Support for
Erlang 21 is still ongoing and will be provided in a future release.
The CouchDB replication client can now use the /_session endpoint when
authenticating against remote CouchDB instances, improving performance since
re-authorization does not have to be performed with every request. Because of
this performance improvement, it is recommended to increase the PBKDF2 work
factor beyond the default 10 to a modern default such as 10000. This is done
via the local ini file setting [couch_httpd_auth] iterations = 10000.
Do not do this if an older version of CouchDB is replicating TO this instance
or cluster regularly, since CouchDB < 2.2.0 must perform authentication on
every request and replication performance will suffer.
A future version will make this increased number of iterations a default.
#820, #1032: Multiple queries can now be made at the POST
/{db}/_all_docs/queries, POST /{db}/_design_docs/queries and POST
/{db}/_local_docs/queries endpoints. Also, a new endpoint POST
/{db}/_design/{ddoc}/_view/{view}/queries has been introduced to replace the
?queries parameter formerly provided for making multiple queries to a view. The
old ?queries parameter is now deprecated and will be removed in a future
release of CouchDB.
The maximum http request limit, which had been lowered in 2.1.0, has been
re-raised to a 4GB limit for now. (#1446). Ongoing discussion about the path
forward for future releases is available in #1200 and #1253.
#1118: The least recently used (LRU) cache of databases is now only updated on
database write, not read. This has lead to significant performance enhancements
on very busy clusters. To restore the previous behaviour, your local ini file
can contain the block [couchdb] update_lru_on_read = true.
#1153: The CouchDB replicator can now make use of the /_session endpoint rather
than relying entirely on HTTP basic authentication headers. This can greatly
improve replication performance. We encourage you to upgrade any nodes or
clusters that regularly act as replication clients to use this new feature,
which is enabled by default (#1462).
#1283: The [couchdb] enable_database_recovery feature, which only soft-deletes
databases in response to a DELETE /{db} call, is now documented in default.ini.
#1330: CouchDB externals and OS daemons are now officially deprecated and no
longer documented. Support for these features will be completely removed in a
future release of CouchDB (probably 3.0.0).
#1436: CouchDB proxy authentication now uses a proper chttpd_auth module,
simplifying configuration in local ini files. While this is not a backward-
compatible breaking change, it is best to update your local ini files to
reference the new {chttpd_auth, proxy_authentication_handler} handler rather
than the couch_httpd_auth version, as couch_httpd is in the process of being
deprecated completely.
#1476, #1477: The obsolete update_notification feature, which was replaced by
/{db}/_changes feeds c. CouchDB 1.2, has been completely removed. This feature
never worked in 2.0 for databases, only for shards, making it effectively
useless.
This version has a real master site
and homepage at sourceforge.
Includes updates for buildling with
the latest png api and fixes to
debug.c (patch-ai).
Removed the patches for this.
Removed patch-ab, patch-ac and patch-ae
because we only build the lib.
Other updates upstream:
Support for utf-8 text and xft.
Function XmHTMLScrollToYPos added.
Fixes for crashes and various memory
leaks.
2.6.1:
- tested against pyasn1 0.4.7
- added eDirectory 9.1.4 (EDIR_9_1_4) to offline schemas
- added json converter for timedelta
- strip parameter defaults to False in utils.dn.parse_dn()
- escaped space is allowed as trailing character in attribute_value in utils.dn.parse_dn()
- connection.extend.standard.paged_search doesn't raise exceptions when raise_exceptions is False
- the Search operation returns the entries fetched by the server when size or time limits are reached even if raise_exceptions is set to True
- Handle the minimum value that can be stored in an Int64 in format_ad_timedelta
- EntryState: `entry_raw_attributes` is populated instead of `raw_attributes`
- Removed restriction to perform rename and move simultaneously in modify_dn
- fixed checking for hexdigits in parse_dn
- fixed escaping when multiple backslashes are present in parse_dn
- fixed multiple NoneType exceptions in entry_to_json()
- allowing Microsoft specific syntax (<WKGUID=xxx>) for WellKnownObjects in DN
- connection.extend.standard.paged_search() now follows referrals when auto_referrals=True
- fixed a bug in decoding replica list in connection.extend.novell.list_replicas()
- fixed a bug when adding duplicate alias in CaseInsensitiveWithAliasDict()
- added ignore_duplicates=False in set_aliases in CaseInsensitiveWithAliasDict() to ignore a duplicate alias (either in aliases or in keys)
- Schema info now uses CaseInsensitiveWithAlias dict as default so object and attributes can also be referentiated with OID
- added block mode and timeout parameters to next() method of persistent_search
- when using the pyasn1 decoder raw_dn is not returned as a pyasn1 object anymore but as bytes
- Return offset timezone aware datetime for max AD timestamp
* Use clang to compile all files. Mix of gcc and clang causes some errors in
Rust c++ command invocation (C++ header mismatches).
Changelog:
New
Enhanced Tracking Protection (ETP) rolls out stronger privacy protections:
The default standard setting for this feature now blocks third-party tracking cookies and cryptominers.
The optional strict setting blocks fingerprinters as well as the items blocked in the standard setting.
The Block Autoplay feature is enhanced to give users the option to block any video that automatically starts playing, not just those that automatically play with sound.
For our users in the US or using the en-US browser, we are shipping a new “New Tab” page experience that connects you to the best of Pocket’s content.
Support for the Web Authentication HmacSecret extension via Windows Hello now comes with this release, for versions of Windows 10 May 2019 or newer, enabling more passwordless experiences on the web.
Support for receiving multiple video codecs with this release makes it easier for WebRTC conferencing services to mix video from different clients.
For our users on Windows 10, you’ll see performance and UI improvements:
Firefox will give Windows hints to appropriately set content process priority levels, meaning more processor time spent on the tasks you're actively working on, and less processor time spent on things in the background (with the exception of video and audio playback).
For our existing Windows 10 users, you can easily find and launch Firefox from a shortcut on the Win10 taskbar.
For our users on macOS, battery life and download UI are both improved:
macOS users on dual-graphics-card machines (like MacBook Pro) will switch back to the low-power GPU more aggressively, saving battery life.
Finder on macOS now displays download progress for files being downloaded.
JIT support comes to ARM64 for improved performance of our JavaScript Optimizing JIT compiler.
Fixed
Various security fixes
Changed
As previously announced in the Plugin Roadmap for Firefox, the "Always Activate" option for Flash plugin content has been removed. Firefox will now always ask for user permission before activating Flash content on a website.
With the deprecation of Adobe Flash Player, there is no longer a need to identify users on 32-bit version of the Firefox browser on 64-bit version operating systems reducing user agent fingerprinting factors providing greater level of privacy to our users as well as improving the experience of downloading other apps.
Firefox no longer loads userChrome.css or userContent.css by default improving start-up performance. Users who wish to customize Firefox by using these files can set the toolkit.legacyUserProfileCustomizations.stylesheets preference to true to restore this ability.
Enterprise
For Enterprise system administrators that manage macOS computers, we begin shipping a Mozilla signed PKG installer to simplify your deployments.
Developer
For our mobile web developers, we have migrated remote debugging from the old WebIDE into a re-designed about:debugging, making debugging GeckoView on remote devices via USB rock solid.
The network panel will now show blocked resources to allow developers to best understand the impact of content blocking and ad blocking extensions given our ongoing expansion of Enhanced Tracking Protection to all users with this release.
The new event listener breakpoint feature allows developers to pause on a host of different event types, whether it be related to animations, DOM, media, mouse, touch, worker, and many other event types.
Firefox Developer Tools now offers an audit for the presence of text alternatives for non-text content, the a11y panel checks toolbar has been augmented to better help developers adhere to WCAG Guideline 1.1.
Security fixes:
#CVE-2019-11751: Malicious code execution through command line parameters
#CVE-2019-11746: Use-after-free while manipulating video
#CVE-2019-11744: XSS by breaking out of title and textarea elements using innerHTML
#CVE-2019-11742: Same-origin policy violation with SVG filters and canvas to steal cross-origin images
#CVE-2019-11736: File manipulation and privilege escalation in Mozilla Maintenance Service
#CVE-2019-11753: Privilege escalation with Mozilla Maintenance Service in custom Firefox installation location
#CVE-2019-11752: Use-after-free while extracting a key value in IndexedDB
#CVE-2019-9812: Sandbox escape through Firefox Sync
#CVE-2019-11741: Isolate addons.mozilla.org and accounts.firefox.com
#CVE-2019-11743: Cross-origin access to unload event attributes
#CVE-2019-11749: Camera information available without prompting using getUserMedia
#CVE-2019-5849: Out-of-bounds read in Skia
#CVE-2019-11750: Type confusion in Spidermonkey
#CVE-2019-11737: Content security policy directives ignore port and path if host is a wildcard
#CVE-2019-11738: Content security policy bypass through hash-based sources in directives
#CVE-2019-11747: 'Forget about this site' removes sites from pre-loaded HSTS list
#CVE-2019-11734: Memory safety bugs fixed in Firefox 69
#CVE-2019-11735: Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1
#CVE-2019-11740: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9
Changelog:
Notable Changes:
* The following CA certificates were Removed:
- 1574670 - Remove expired Class 2 Primary root certificate
- 1574670 - Remove expired UTN-USERFirst-Client root certificat
- 1574670 - Remove expired Deutsche Telekom Root CA 2 root certificate
- 1566569 - Remove Swisscom Root CA 2 root certificate
* Significant improvements to AES-GCM performance on ARM
Bugs fixed in NSS 3.46:
* 1572164 - Don't unnecessarily free session in NSC_WrapKey
* 1574220 - Improve controls after errors in tstcln, selfserv and vfyserv
cmds
* 1550636 - Upgrade SQLite in NSS to a 2019 version
* 1572593 - Reset advertised extensions in ssl_ConstructExtensions
* 1415118 - NSS build with ./build.sh --enable-libpkix fails
* 1539788 - Add length checks for cryptographic primitives
* 1542077 - mp_set_ulong and mp_set_int should return errors on bad values
* 1572791 - Read out-of-bounds in DER_DecodeTimeChoice_Util from
SSLExp_DelegateCredential
* 1560593 - Cleanup.sh script does not set error exit code for tests that
"Failed with core"
* 1566601 - Add Wycheproof test vectors for AES-KW
* 1571316 - curve25519_32.c:280: undefined reference to `PR_Assert' when
building NSS 3.45 on armhf-linux
* 1516593 - Client to generate new random during renegotiation
* 1563258 - fips.sh fails due to non-existent "resp" directories
* 1561598 - Remove -Wmaybe-uninitialized warning in pqg.c
* 1560806 - Increase softoken password max size to 500 characters
* 1568776 - Output paths relative to repository in NSS coverity
* 1453408 - modutil -changepw fails in FIPS mode if password is an empty
string
* 1564727 - Use a PSS SPKI when possible for delegated credentials
* 1493916 - fix ppc64 inline assembler for clang
* 1561588 - Remove -Wmaybe-uninitialized warning in p7env.c
* 1561548 - Remove -Wmaybe-uninitialized warning in
pkix_pl_ldapdefaultclient.c
* 1512605 - Incorrect alert description after unencrypted Finished msg
* 1564715 - Read /proc/cpuinfo when AT_HWCAP2 returns 0
* 1532194 - Remove or fix -DDEBUG_$USER from make builds
* 1565577 - Visual Studio's cl.exe -? hangs on Windows x64 when building nss
since changeset 9162c654d06915f0f15948fbf67d4103a229226f
* 1564875 - Improve rebuilding with build.sh
* 1565243 - Support TC_OWNER without email address in nss taskgraph
* 1563778 - Increase maxRunTime on Mac taskcluster Tools, SSL tests
* 1561591 - Remove -Wmaybe-uninitialized warning in tstclnt.c
* 1561587 - Remove -Wmaybe-uninitialized warning in lgattr.c
* 1561558 - Remove -Wmaybe-uninitialized warning in httpserv.c
* 1561556 - Remove -Wmaybe-uninitialized warning in tls13esni.c
* 1561332 - ec.c:28 warning: comparison of integers of different signs: 'int'
and 'unsigned long'
* 1564714 - Print certutil commands during setup
* 1565013 - HACL image builder times out while fetching gpg key
* 1563786 - Update hacl-star docker image to pull specific commit
* 1559012 - Improve GCM perfomance using PMULL2
* 1528666 - Correct resumption validation checks
* 1568803 - More tests for client certificate authentication
* 1564284 - Support profile mobility across Windows and Linux
* 1573942 - Gtest for pkcs11.txt with different breaking line formats
* 1575968 - Add strsclnt option to enforce the use of either IPv4 or IPv6
* 1549847 - Fix NSS builds on iOS
* 1485533 - Enable NSS_SSL_TESTS on taskcluster
Changes since b167:
Beta #168 - 04.09.2019
- Forgot to remove some Nibbles test code that resulted in your score being
set to 1234567 whenever you lost a life.
1.0.1
- Fixed a dict/set syntax typo that has no runtime effect.
- Test forward compatibility of derived props test files as Unicode version increases.
- Test Unicode 11.0 (Python 3.7).
- Update copyright year (2019).
Version 3.7.7.0:
Upgraded libastro to 3.7.7.
The internal star catalog now includes all 57 navigational stars.
The rise, culminate, and set returned by next_pass() are now consecutive values for a single pass. Pass singlepass=False to return the original next_rise, next_culminate, next_set even if next_set < next_rise (the satellite is already up).
ephem.delta_t('0') now returns the correct value, instead of misbehaving for that particular input.
1.5.17:
Fixes
fix strncpy call in stats conns to avoid ASAN violation
extstore: fix indentation
add error handling when calling dup function
add unlock when item_cachedump malloc failed
extstore: emulate pread(v) for macOS
fix off-by-one in logger to allow CAS commands to be logged.
use strdup for explicitly configured slab sizes
move mem_requested from slabs.c to items.c (internal cleanup)
New Features
add server address to the "stats conns" output
log client connection id with fetchers and mutations
Add a handler for seccomp crashes
CMake 3.15.3
* Flang: Implement MSVC runtime library abstraction
* CTest: Fix --show-only=json-v1 output with REQUIRED_FILES property
* cmGlobalGenerator: Fix CheckCompilerIdCompatibility local var lifetime
* cmAffinity: Add include for CPU_ZERO on Alpine Linux
* find_path: Fix crash on empty old-style list of names
* fileapi: Fix codemodel v2 target file name for CMP0037 OLD behavior
* FindBoost: Simplify conditional block for last known version
* FindBoost: Remove incorrect 1.70 timer dependency
* FindBoost: Unwrap compatibility INTERFACE targets for legacy variables
* FindBoost: Add support for Boost 1.71
* FindBoost: Clarify role of legacy variables in warning message
* FindBoost: Tolerate future Boost INTERFACE libraries
* CrayPrgEnv: Change default linking mode based on PE version
* ccmake: handle cache entries with empty STRINGS property
* libarchive: We now require at least version 3.3.3
* FindMPI: Restore MPI__COMPILE_FLAGS and MPI__COMPILE_OPTIONS
* Ninja: Add support for ADDITIONAL_CLEAN_FILES in custom targets
* Tests: Extend MakeClean test to test various target types
* Autogen: Fix AUTOUIC segfault, when file includes colliding ui_*.h file
Removed poppler-qt5 dependecy since it uses pdfium instead.
version 5.0.2 -> 5.0.3 :
- the bug about the bad highlighting on misspelled text before a \cite{} or
\label{} command has been fixed
- if no text is selected the "(un)comment" command will (un)comment the
current line
- the default size of the configuration dialog has been reduced (users request)
- Fold/Unfold/Fold All/Unfold All menu options has been added
(thanks to Robin Watts)
- a bug about completion when citing references that contain numbers has
been fixed
- a trouble in the "recent files" menu with names including an ampersand
has been fixed
- a typo in the documentation has been fixed
- a typo in the de translation has been fixed (thanks to Stéphane YVON)
version 5.0.1 -> 5.0.2 :
- a memory leak has been fixed in the internal pdf viewer
- the trouble about the "open terminal" command on windows has been fixed
version 5.0 -> 5.0.1 :
- a trouble with the MikTex's ps2pdf command has been fixed
- the "-dpiscale x" option has been added to the Texmaker command line : with
this option the environment variable QT_SCALE_FACTOR will be set to x before
building the GUI (same behavior than adding "export QT_SCALE_FACTOR=x" to
the environment variables). Can be used to adjust the interface if the
monitor dpi is not well detected.
- the cs translation has been updated
version 4.5 -> 5.0 :
- new and more modern interface look
- highdpi is now supported on windows and linux
- a spellcheck annoying trouble on kde5 has been fixed
- new pdf engine
- synctex updated to 1.18
- Qt4 support has been removed : Qt5 (>=5.7) is now required
- de, es, hu, pl, and zh_CN translations have been updated
note : Texmaker depends now only from the Qt toolkit to be compiled
This services package is very old and unmaintained.
Supposedly it doesn't work without -fno-stack-protector. Not a good sign.
If I have my IRC history right, chat/anope is a fork of epona, which was a
fork of this.
PR pkg/49014
SeaMonkey 2.49.5 contains (among other changes) the following major changes relative to SeaMonkey 2.49.4:
SeaMonkey 2.49.5 uses the same backend as Firefox and contains the relevant Firefox 52.9.0 ESR security fixes.
SeaMonkey 2.49.5 shares most parts of the mail and news code with Thunderbird. Please read the Thunderbird 52.9.1 release notes for specific changes and security fixes in this release.
Additional security fixes up to ESR 60.2 and a few enhancements have been backported.
SeaMonkey-specific changes
==========================
* Among the general platform and mail fixes this release contains backported fixes from Thunderbird for the EFAIL security vulnerability.
Changes:
- in kids mode brick regeneration is four times slower (2015/10/17 MS)
- in kids mode bonuses last four times longer (2015/10/17 MS)
- division by zero crash fixed in server (2014/02/03 Colin Tuckley)
- added danish translation (2013/07/29 Joe Dalton)
- updated a number of levelsets from OFT (2013/03/20 MS)
- use $docdir for document path in configure (2012/08/15 MS)
- added a bunch of new levelsets, removed OldGames (2012/08/15 MS)