Changes since 5.8:
5.8.3
4 security issues affect WordPress versions between 3.7 and 5.8. If you haven't yet updated to 5.8, all WordPress versions since 3.7 have also been updated to fix the following security issues:
* Props to Karim El Ouerghemmi and Simon Scannell of SonarSource for disclosing an issue with stored XSS through post slugs.
* Props to Simon Scannell of SonarSource for reporting an issue with Object injection in some multisite installations.
* Props to ngocnb and khuyenn from GiaoHangTietKiem JSC for working with Trend Micro Zero Day Initiative on reporting a SQL injection vulnerability in WP_Query.
* Props to Ben Bidner from the WordPress security team for reporting a SQL injection vulnerability in WP_Meta_Query.
More info on https://wordpress.org/support/wordpress-version/version-5-8-3/
5.8.2
1 security update and fixed 2 bugs.
More info on https://wordpress.org/support/wordpress-version/version-5-8-2/
5.8.1
3 security issues affects WordPress versions between 5.4 and 5.8. If you haven't yet updated to 5.8, all WordPress versions since 5.4 have also been updated to fix the following security issues:
* Props @mdawaffe, member of the WordPress Security Team for their work fixing a data exposure vulnerability within the REST API.
* Props to Michal Bentkowski of Securitum for reporting a XSS vulnerability in the block editor.
* The Lodash library has been updated to version 4.17.21 in each branch to incorporate upstream security fixes.
In addition to these issues, the security team would like to thank the following people for reporting vulnerabilities during the WordPress 5.8 beta testing period, allowing them to be fixed prior to release:
* Props Evan Ricafort for reporting a XSS vulnerability in the block editor discovered during the 5.8 release's beta period.
* Props Steve Henty for reporting a privilege escalation issue in the block editor.
More info on https://wordpress.org/support/wordpress-version/version-5-8-1/
2.5.0 (2020-07-12)
Fixed
* Socket adapter will now retry writing to socket rather than throw an
exception if `fwrite()` call returns zero written bytes
https://github.com/pear/HTTP_Request2/issues/23
Changed
* Socket adapter will use only TLS 1.2 and TLS 1.3 (the latter is
available on PHP 7.4+)
* Upgraded tests for PHPUnit 9 compatibility, PHPUnit Polyfills
package is used to run them on PHP 5.6 to PHP 8
* Test suite now runs on Github Actions rather than on Travis
* Updated Public Suffix List
2.5.1 (2021-01-06)
* The package runs under PHP 8.1 without `E_DEPRECATED` messages
https://github.com/pear/HTTP_Request2/issues/25
* Updated Public Suffix List
7.81.0
Changes:
mime: use percent-escaping for multipart form field and file names
Bugfixes:
asyn-ares: ares_getaddrinfo needs no happy eyeballs timer
azure: make the "w/o HTTP/SMTP/IMAP" build disable SSL proper
BINDINGS: add cURL client for PostgreSQL
BINDINGS: add one from Everything curl and update a link
checksrc: detect more kinds of NULL comparisons we avoid
CI: build examples for additional code verification
CI: bump job to use mbedtls 3.1.0
cmake: don't set _USRDLL on a static Windows build
cmake: prevent dev warning due to mismatched arg
cmake: private identifiers use CURL_ instead of CMAKE_ prefix
config.d: update documentation to match the path search
configure: add -lm to configure for rustls build.
configure: better diagnostics if hyper is built wrong
configure: don't enable TLS when --without-* flags are used
configure: fix runtime-lib detection on macOS
curl.1: require "see also" for every documented option
curl: improve error message for --head with -J
curl_easy_cleanup.3: remove from multi handle first
curl_easy_escape.3: call curl_easy_cleanup in example
curl_easy_unescape.3: call curl_easy_cleanup in example
curl_multi_init.3: fix EXAMPLE formatting
curl_multi_perform/socket_action.3: clarify what errors mean
curl_share_setopt.3: split out options into their own manpages
CURLOPT_STDERR.3: does not work with libcurl as a win32 DLL
digest: compute user:realm:pass digest w/o userhash
docs/checksrc: Add documentation for STRERROR
docs/cmdline-opts: do not say "protocols: all"
docs/examples: workaround broken -Wno-pedantic-ms-format
docs/HTTP3: describe how to setup a h3 reverse-proxy for testing
docs/INSTALL.md: typo fix : added missing "get" verb
docs/URL-SYNTAX.md: space is not fine in a given URL
docs: add known bugs list to HTTP3.md
docs: address proselint nits
docs: consistent manpage SYNOPSIS
docs: fix dead links, remove ECH.md
docs: fix typo in OpenSSL 3 build instructions
docs: Update the Reducing Size section
example/progressfunc: remove code for old libcurls
examples/multi-single.c: remove WAITMS()
FAQ: typo fix : "yout" ➤ "your"
ftp: disable warning 4706 in MSVC
gen.pl: improve example output format
github workflow: add wolfssl (removed from zuul)
github/workflows: add mbedtls and mbedtls-clang (removed from zuul)
gtls: check return code for gnutls_alpn_set_protocols
hash: lazy-alloc the table in Curl_hash_add()
http2:set_transfer_url() return early on OOM
HTTP3: update quiche build instructions
http: enable haproxy support for hyper backend
http: Fix CURLOPT_HTTP200ALIASES
http_proxy: don't close the socket (too early)
insecure.d: detail its use for SFTP and SCP as well
insecure.d: expand and clarify
libcurl-multi.3: "SOCKS proxy handshakes" are not blocking
libcurl-security.3: mention address and URL mitigations
libssh2: fix error message for sha256 mismatch
libtest: avoid "assignment within conditional expression"
lift: ignore is a deprecated config option, use ignoreRules
linkcheck.yml: add CI job that checks markdown links
m4/curl-compilers: tell clang -Wno-pointer-bool-conversion
Makefile.m32: rename -winssl option to -schannel and tidy up
mbedTLS: add support for CURLOPT_CAINFO_BLOB
mbedtls: fix CURLOPT_SSLCERT_BLOB
mbedtls: fix private member designations for v3.1.0
misc: remove unused doh flags when CURL_DISABLE_DOH is defined
misc: s/e-mail/email
multi: cleanup the socket hash when destroying it
multi: handle errors returned from socket/timer callbacks
multi: shut down CONNECT in Curl_detach_connnection
netrc.d: edit the .netrc example to look nicer
ngtcp2: verify the server cert on connect (quictls)
ngtcp2: verify the server certificate for the gnutls case
nss:set_cipher don't clobber the cipher list
openldap: implement STARTTLS
openldap: process search query response messages one by one
openldap: several minor improvements
openldap: simplify ldif generation code
openssl: check the return value of BIO_new()
openssl: define HAVE_OPENSSL_VERSION for OpenSSL 1.1.0+
openssl: remove `RSA_METHOD_FLAG_NO_CHECK` handling if unavailable
openssl: remove usage of deprecated `SSL_get_peer_certificate`
openssl: use non-deprecated API to read key parameters
page-footer: add a mention of how to report bugs to the man page
page-footer: document more environment variables
request.d: refer to 'method' rather than 'command'
retry-all-errors.d: make the example complete
runtests: make the SSH library a testable feature
rustls: read of zero bytes might be okay
rustls: remove comment about checking handshaking
rustls: remove incorrect EOF check
sha256/md5: return errors when init fails
socks5: use appropriate ATYP for numerical IP address host names
test1156: enable for hyper
test1156: fixup the stdout check for Windows
test1525: tweaked for hyper
test1526: enable for hyper
test1527: enable for hyper
test1528: enable for hyper
test1554: adjust for hyper
test1556: adjust for hyper
test302[12]: run only with the libssh2 backend
test661: enable for hyper
tests/CI.md: add more information on CI environments
tests/data/test302[12]: fix MSYS2 path conversion of hostpubsha256
tftp: mark protocol as not possible to do over CONNECT
tool_findfile: updated search for a file in the homedir
tool_operate: only set SSH related libcurl options for SSH URLs
tool_operate: warn if too many output arguments were found
url.c: fix the SIGPIPE comment for Curl_close
url: check ssl_config when re-use proxy connection
url: reduce ssl backend count for CURL_DISABLE_PROXY builds
urlapi: accept port number zero
urlapi: if possible, shorten given numerical IPv6 addresses
urlapi: provide more detailed return codes
urlapi: reject short file URLs
version_win32: Check build number and platform id
vtls/rustls: adapt to the updated rustls_version proto
writeout: fix %{http_version} for HTTP/3
x509asn1: return early on errors
zuul.d: update rustls-ffi to version 0.8.2
zuul: fix quiche build pointing to wrong Cargo
1.26.8 (2022-01-07)
-------------------
* Added extra message to``urllib3.exceptions.ProxyError`` when urllib3 detects that
a proxy is configured to use HTTPS but the proxy itself appears to only use HTTP.
* Added a mention of the size of the connection pool when discarding a connection due to the pool being full.
* Added explicit support for Python 3.11.
* Deprecated the ``Retry.MAX_BACKOFF`` class property in favor of ``Retry.DEFAULT_MAX_BACKOFF``
to better match the rest of the default parameter names. ``Retry.MAX_BACKOFF`` is removed in v2.0.
* Changed location of the vendored ``ssl.match_hostname`` function from ``urllib3.packages.ssl_match_hostname``
to ``urllib3.util.ssl_match_hostname`` to ensure Python 3.10+ compatibility after being repackaged
by downstream distributors.
* Fixed absolute imports, all imports are now relative.
Fixes build failure on Linux when PKG_DEVELOPER due to substitution
not having any effect on that platform otherwise.
Also backport some mozilla-common.mk changes to firefox91.
0.14.4
- Support HTTP/2 on HTTPS tunnelling proxies.
- Fix proxy headers missing on HTTP forwarding.
- Only instantiate SSL context if required.
- More robust HTTP/2 handling.
0.9.2
594e1c2 Merge pull request #68 from danielgtaylor/go-1.17
80d65fd fix: build/release using Go 1.17 to support arm64
0.9.1
817166b Merge pull request #62 from exoscale/load-with-authentication
0b4a77f Merge pull request #65 from danielgtaylor/normalize-numbers
3cdf6b3 Merge pull request #66 from danielgtaylor/decode-fix
cfdc3e0 Merge pull request #67 from danielgtaylor/external-refs
66d87ff fix: Use API profile when loading definition
f6d6c3d fix: allow external refs in OpenAPI loader
31fbbde fix: decode after MakeRequest
4d98487 fix: dependency updates
0cca88c fix: normalize numbers when filtering with JMESPath
This flag should be set for packages that import pkg_resources
and thus need setuptools after the build step.
Set this flag for packages that need it and bump PKGREVISION.
- Rework from scratch
- Instead of separate directories for regular files and gzipped content,
use one directory for all (as publicfile did)
- Add manual page
# Changes in HTMLDOC v1.9.14
- BMP image support is now deprecated and will be removed in a future
release of HTMLDOC.
- Fixed a potential stack overflow bug with GIF images.
- Fixed the PDF creation date (Issue #455)
- Fixed a potential stack overflow bug with BMP images (Issue #456)
- Fixed a compile issue when libpng was not available (Issue #458)
What's Changed
-Rewrite theme structs in #54
-Tweak application UI in #55
-[#51] add font highlight for CommentView and StoryView in #56
-Add story tag navigation commands in #57
-Add font highlighting for ArticleView in #58
-Update documentation and configuration structures in #59
-Integrate comfy_table in #60
-Pre-release v0.9.0 in #61
Breaking changes
-There are a lot of breaking changes regarding the config options and the
corresponding default values. It's highly recommended to read the config
documentation or the example config file to migrate from the old versions.
upstream changes:
-----------------
8.3.3 (2021-12-10)
Features and enhancements
o BarChart: Use new data error view component to show actions in panel edit. #42474, @torkelo
o CloudMonitor: Iterate over pageToken for resources. #42546, @iwysiu
o Macaron: Prevent WriteHeader invalid HTTP status code panic. #42973, @bergquist
Bug fixes
o AnnoListPanel: Fix interpolation of variables in tags. #42318, @francoisdtm
o CloudWatch: Allow queries to have no dimensions specified. #42800, @sunker
o CloudWatch: Fix broken queries for users migrating from 8.2.4/8.2.5 to 8.3.0. #42611, @sunker
o CloudWatch: Make sure MatchExact flag gets the right value. #42621, @sunker
o Dashboards: Fix so that empty folders can be deleted from the manage dashboards/folders page. #42527, @ashharrison90
o InfluxDB: Improve handling of metadata query errors in InfluxQL. #42500, @gabor
o Loki: Fix adding of ad hoc filters for queries with parser and line_format expressions. #42590, @ivanahuckova
o Prometheus: Fix running of exemplar queries for non-histogram metrics. #42749, @ivanahuckova
o Prometheus: Interpolate template variables in interval. #42637, @ivanahuckova
o StateTimeline: Fix toolitp not showing when for frames with multiple fields. #42741, @dprokop
o TraceView: Fix virtualized scrolling when trace view is opened in right pane in Explore. #42480, @autoric
o Variables: Fix repeating panels for on time range changed variables. #42828, @hugohaggmark
o Variables: Fix so queryparam option works for scoped variables. #42742, @hugohaggmark
8.3.2 (2021-12-10)
o Security: Fixes CVE-2021-43813 and CVE-2021-43815. For more information, see our [blog](https://grafana.com/blog/2021/12/10/grafana-8.3.2-and-7.5.12-released-with-moderate-severity-security-fix/
Changelog:
Version 23.0.0 November 30 2021
Nextcloud Hub II is here!
The biggest improvements Nextcloud Hub II (Nextcloud 23) introduces are:
* Nextcloud Files: 10x syncing performance improvements,delegate limited
administration from admins to users; automatic user status setting
* Nextcloud Groupware: external appointment booking, advanced room and
resource search in Calendar and Mail improvements
* Nextcloud Talk: background blur, device check screen and advanced
permission management
* Nextcloud Office: developed in collaboration with Collabora Productivity
* Docker-All-In-One: easy installation and update
* Nextcloud Backup: a peer-to-peer backup solution designed for private
users
* Nextcloud Clients: updates available for Desktop, Android and iOS clients
There are many more new features and changes like integration of Unified
Search, User Profile and User status in our mobile apps, emoji picker in Text,
updates to Deck and much more.
