These releases address two cross-site scripting (XSS) vulnerabilities: one in a widget used by Django's admin interface, and one in a utility function used to validate redirects often used after login or logout.
While these issues are of limited impact and may not effect all Django users, we encourage all users to upgrade as soon as possible.
- trial now has an --exitfirst flag which stops the test run after
the first error or failure.
- twisted.internet.ssl.CertificateOptions now supports chain
certificates.
- twisted.internet.endpoints now provides ProcessEndpoint, a child
process endpoint.
- Factory now has a forProtocol classmethod that constructs an
instance and sets its protocol attribute.
- twisted.internet.endpoints.connectProtocol allows connecting to a
client endpoint using only a protocol instance, rather than
requiring a factory.
- twisted.trial.unittest.SynchronousTestCase.assertNoResult no longer
swallows the result, if the assertion succeeds.
- twisted.python.constants.FlagConstant implements __iter__ so that
it can be iterated upon to find the flags that went into a flag
set, and implements __nonzero__ to test as false when empty.
- assertIs and assertIsNot have now been added to
twisted.trial.unittest.TestCase.
- twisted.trial.unittest.TestCase.failureResultOf now takes an
optional expected failure type argument.
- The POSIX implementation of
twisted.internet.interfaces.IReactorProcess now does not change the
parent process UID or GID in order to run child processes with a
different UID or GID.
- Fixed a bug where a decorated method caused false positive failures on
``verifyClass()``.
Changes 4.0.4:
- Fixed a bug that was revealed by porting zope.traversing. During a loop, the
loop body modified a weakref dict causing a ``RuntimeError`` error.
Changes 4.0.3:
- Fleshed out PyPI Trove classifiers.
Changes 4.0.2:
- Added support for Python 3.3.
- Restored ability to install the package in the absence of ``setuptools``.
- LP 1055223: Fix test which depended on dictionary order and failed randomly
in Python 3.3.
Changes 4.0.1:
- Dropped explicit ``DeprecationWarnings`` for "class advice" APIS (these
APIs are still deprecated under Python 2.x, and still raise an exception
under Python 3.x, but no longer cause a warning to be emitted under
Python 2.x).
curl: allow timeouts to accept decimal values
OS400: add slist and certinfo EBCDIC support
OS400: new SSL backend GSKit
CURLOPT_XFERINFOFUNCTION: introducing a new progress callback
LIBCURL-STRUCTS: new document
Bugfixes:
dotdot: introducing dot file path cleanup
docs: fix typo in curl_easy_getinfo manpage
test1230: avoid using hard-wired port number
test1396: invoke the correct test tool
SIGPIPE: ignored while inside the library
darwinssl: fix crash that started happening in Lion
OpenSSL: check for read errors, don't assume
c-ares: improve error message on failed resolve
printf: make sure %x are treated unsigned
formpost: better random boundaries
url: restore the functionality of 'curl -u :'
curl.1: fix typo in --xattr description
digest: improve nonce generation
configure: automake 1.14 compatibility tweak
curl.1: document the --post303 option in the man page
curl.1: document the --sasl-ir option in the man page
setup-vms.h: sk_pop symbol tweak
tool_paramhlp: try harder to catch negatives
cmake: Fix for MSVC2010 project generation
asyn-ares: Don't blank ares servers if none configured
curl_multi_wait: set revents for extra fds
Reinstate "WIN32 MemoryTracking: track wcsdup() _wcsdup() and _tcsdup()
ftp_do_more: consider DO_MORE complete when server connects back
curl_easy_perform: gradually increase the delay time
curl: fix symbolic names for CURLUSESSL_* enum in --libcurl output
curl: fix upload of a zip file in OpenVMS
build: fix linking on Solaris 10
curl_formadd: CURLFORM_FILECONTENT wrongly rejected some option combos
curl_formadd: fix file upload on VMS
curl_easy_pause: on unpause, trigger mulit-socket handling
md5 & metalink: use better build macros on Apple operating systems
darwinssl: fix build error in crypto authentication under Snow Leopard
curl: make --progress-bar update the line less frequently
configure: don't error out on variable confusions (CFLAGS, LDFLAGS etc)
mk-ca-bundle: skip more untrusted certificates
formadd: wrong pointer for file name when CURLFORM_BUFFERPTR used
FTP: when EPSV gets a 229 but fails to connect, retry with PASV
mk-ca-bundle.1: don't install on make install
VMS: lots of updates and fixes of the build procedure
global dns cache: didn't work (regression)
global dns cache: fix memory leak
Upstream changes:
1.3117 31.07.2013
[ ENHANCEMENTS ]
* GH #836: Provide more information when an engine fails to load.
(Yanick Champoux, reported by Daniel Perrett)
[ BUG FIXES ]
* GH #794: Upload data was not kept for forwarded requests.
(reported by William Wolf)
* GH #898: calling halt() doesn't discard set headers anymore.
(Yanick Champoux, reported by Nicolas Franck)
* GH #842: embedded 'prefix' now properly localized.
(Yanick Champoux, reported by Jashank Jeremy)
[ DOCUMENTATION ]
* GH #938: fix doc typos in Dancer::Serializer. (Fabrice Gabolde)
* GH #712: add all status codes known to Dancer to Dancer::HTTP.
(Yanick Champoux, reported by Brian J Miller)
* Add warning that 'forward' doesn't preserver the session. (Alberto Sim玫es)
* GH #941: minor correction to code snippets in documentation.
(Grzegorz Ro偶niecki)
* GH #929: add warning on the use of Corona as underlying web server.
(issue reported by berekuk)
* GH #943: remove mention to 'Dancer::Plugin::Validation',
clean 'dancer -a' sample output. (Grzegorz Ro偶niecki)
Upstream changes:
version 2.01: Sat Aug 3 01:07:27 CEST 2013
Improvements:
- add dummy ::Types::create_type_index() because
Catalyst-Plugin-Static-Simple calls it :(
version 2.00: Fri Aug 2 17:44:53 CEST 2013
Changes:
- the mime information is now collected from various sources, amongst
them IANA. Therefore, some types may use different x-'s
#types up from 995 to 2096
- a separate table is built for the extension-to-type mapping.
#exts up from 734 to 1425
- the memory foot-print and start-up speed should have improved
considerably.
Improvements:
- added bin/collect_types
- 3 typos. rt.cpan.org#86847 [D Steinbrunner]
- add ::Type::isVendor(), ::isExperimental(), ::isPersonal on request
by rt.cpan.org#87062 [Lars]
- cleaned-up Exporter syntax of (very) old interface.
- added ::Types::listTypes()
version 1.38: Fri Jan 11 09:58:08 CET 2013
- add application/vnd.ms-excel.template.macroEnabled.12 and five
related from http://filext.com/faq/office_mime_types.php
rt.cpan.org#82616 [M Jemmeson]
version 1.37: Fri Dec 21 11:33:53 CET 2012:
- all mime.types files agree that perl scripts should use
application/x-perl. Hence removed text/x-perl
rt.cpan.org#82100 [Kent Fredric]
version 1.36: Wed Oct 31 20:34:42 CET 2012
- xlsx and friends had encoding 'binary' (since version 1.30),
but should have been 'base64'
rt.cpan.org#80529 [Douglas Wilson]
* not relevant to libnotify, drop dependency, fix COMMENTS and DESCR.
* fixes CATEGORY, `devel' is sufficient.
* let to register EGG-INFO.
Bump PKGREVISION.
Add two missing BUILD_DEPENDS
Upstream changes:
2.1005 Tue, Aug 06, 2013
[ENHANCEMENTS]
* add_method now accepts blessed subs (Graham Knop, PR#28)
[BUG FIXES}
* If a role consumed another role, we resolve method conflicts just like a
class consuming a role, but when metaclass compat tried to fix up
metaclass roles, we were putting all methods into one composite role and
allowing methods in the metaclass roles to conflict. Now we resolve them
as we should. (Jesse Luehrs, PR#27)
* Some edge cases in tests with base.pm and non-existent module files are
handled more strictly (see also perl RT#118561) (Graham Knop, PR#25)
