Contao 3.5.32 is available 2018/01/18 09:48 by Leo Feyer
Contao version 3.5.32 is available. The bugfix release fixes an XSS
vulnerability in the newsletter extension (CVE-2018-5478).
CVE-2018-5478
The vulnerability is in the "unsubscribe" module of the newsletter extension
and can easily be exploited by anyone in the front end. We therefore strongly
recommend you to update.
The problem affects Contao 2.0.0 to 3.5.31 and the Contao newsletter bundle
4.0.0 to 4.0.3.
If you are not using the newsletter extension or the "unsubscribe" module,
your installation is not affected by the vulnerability.
0.7.0:
skip_row override example
Testing against Django 2.0 should not fail
Refactor transaction handling
Resolves 703 fields shadowed
discourage installation as a zipped egg
Fixed middleware settings in test app for Django 2.x
Version 2.5.3:
This is a maintenance release that reverts undesired API-breaking changes that slipped into 2.5.2
Version 2.5.2:
Bugfixes
* Revert the unnecessary PyInstaller fixes from 2.5.0 and 2.5.1
4.0.1
No code changes - this release fixes how the docs display on PyPI.
4.0.0
New itertools:
* consecutive_groups (Based on the example in the Python 2.4 docs)
* seekable (If you're looking for how to "reset" an iterator, you're in luck!)
* exactly_n
* run_length.encode and :func:run_length.decode
* difference
Improvements to existing itertools:
The number of items between filler elements in * intersperse can now be specified
* distinct_permutations and :func:peekable got some minor adjustments
* always_iterable now returns an iterator object. It also now allows different types to be considered iterable
* bucket can now limit the keys it stores in memory
* one now allows for custom exceptions
Other changes:
A few typos were fixed
All tests can now be run with python setup.py test
The package provides macros for typesetting math formulas in
mixed horizontal and vertical mode, automatically as best fit.
It provides an environment mathpar that behaves much as a loose
centered paragraph where words are math formulas, and spaces
between them are larger and adjustable. It also provides a
macro \inferrule for typeseting fractions where both the
numerator and denominator may be sequences of formulas that
will be also typeset in a similar way. It can typically be used
for typeseting sets of type inference rules or typing
derivations. A macro inferrule for typesetting type inference
rules.
This package allows you to put your document under a license
and include a link to read about the license or include an icon
or image of the license. Currently, only Creative Commons is
supported, but this package is designed to handle all kinds of
licenses.
fvextra provides several extensions to fancyvrb, including
automatic line breaking and improved math mode. It also patches
some fancyvrb internals. Parts of fvextra were originally
developed as part of pythontex and minted.
> This README gives references for one of three mitigation strategies
> for Meltdown.
> This series is a first-class migitation pagetable isolation series for
> Xen. It is available for Xen 4.6 to Xen 4.10 and later.
bump PKGREVISION
This is a bundle of lua scripts and LaTeX packages for
conversion of LaTeX files to ebook formats such as epub, mobi
and epub3. tex4ht is used as conversion engine.
FreeType 2.9
FreeType version 2.9, the first release of a new ‘minor’ series, is now available for download. The main reason for starting a new series is Ewald Hew's GSoC contribution of making Adobe's CFF engine handle Type 1 fonts also, greatly improving the rendering quality of this ancient but still important font format.
Upstream changes:
1.705 2018-01-17 13:49:22-06:00 America/Chicago
[Fixed]
- Fixed the `binmode` attribute of the File adapter not working
properly. Thanks @MadLord80! [Github #71]
1.2.1:
[orm] [bug] Fixed bug where an object that is expunged during a rollback of a nested or subtransaction which also had its primary key mutated would not be correctly removed from the session, causing subsequent issues in using the session.
[orm] [bug] Fixed regression where pickle format of a Load / _UnboundLoad object (e.g. loader options) changed and __setstate__() was raising an UnboundLocalError for an object received from the legacy format, even though an attempt was made to do so. tests are now added to ensure this works.
[orm] [bug] Fixed regression caused by new lazyload caching scheme in 3954 where a query that makes use of loader options with of_type would cause lazy loads of unrelated paths to fail with a TypeError.
[orm] [bug] Fixed bug in new “selectin” relationship loader where the loader could try to load a non-existent relationship when loading a collection of polymorphic objects, where only some of the mappers include that relationship, typically when PropComparator.of_type() is being used.
sql
[sql] [bug] Fixed bug in Insert.values() where using the “multi-values” format in combination with Column objects as keys rather than strings would fail. Pull request courtesy Aubrey Stark-Toller.
mssql
[mssql] [bug] Fixed regression in 1.2 where newly repaired quoting of collation names in 3785 breaks SQL Server, which explicitly does not understand a quoted collation name. Whether or not mixed-case collation names are quoted or not is now deferred down to a dialect-level decision so that each dialect can prepare these identifiers directly.
oracle
[oracle] [bug] Fixed regression where the removal of most setinputsizes rules from cx_Oracle dialect impacted the TIMESTAMP datatype’s ability to retrieve fractional seconds.
[oracle] [bug] Fixed regression in Oracle imports where a missing comma caused an undefined symbol to be present. Pull request courtesy Miroslav Shubernetskiy.
misc
[bug] [ext] Fixed regression in association proxy due to 3769 (allow for chained any() / has()) where contains() against an association proxy chained in the form (o2m relationship, associationproxy(m2o relationship, m2o relationship)) would raise an error regarding the re-application of contains() on the final link of the chain.
[bug] [tests] Removed an oracle-specific requirements rule from the public test suite that was interfering with third party dialect suites.
[bug] [tests] Added a new exclusion rule group_by_complex_expression which disables tests that use “GROUP BY <expr>”, which seems to be not viable for at least two third party dialects.
