ChangeLog:
- Fixed 'application/x-www-form-urlencoded' for AJAX POSTs post
Firefox 3.x
+ First sourceforge.net hosted version
+ Incremented version number to actually match SVN branch tag
+ Switched to Big-endian date format in the documentation.
Less chance of misunderstandings
* Editor: Prevent certain HTML elements from being unexpectedly removed or
modified in rare cases.
* Media: Fix a collection of minor workflow and compatibility issues in the new
media manager.
* Networks: Suggest proper rewrite rules when creating a new network.
* Prevent scheduled posts from being stripped of certain HTML, such as video
embeds, when they are published.
* Work around some misconfigurations that may have caused some JavaScript in
the WordPress admin area to fail.
* Suppress some warnings that could occur when a plugin misused the database or
user APIs.
Additionally: Version 3.5.1 fixes a few security issues:
* Server-side request forgery (SSRF) and remote port scanning via pingbacks.
Fixed by the WordPress security team.
* Cross-site scripting (XSS) via shortcodes and post content. Discovered by Jon
Cave of the WordPress security team.
* Cross-site scripting (XSS) in the external library Plupload. Plupload 1.5.5
was released to address this issue.
ChangeLog:
Revision history for Catalyst-Manual
- Fix minor typos RT 78545, thanks Joe Axford
- Update auth class name RT 77322 Thanks Joe Axford
- Fix typo RT #77247 Thanks John Deighan
5.9004 4th May 2012
- PSGI Compat changes
- Small code changes (thanks sockmonk)
- Small changes to Manual::Components
5.9003 17 Feb 2012
- Mention PSGI in Manual::Ingro RT 74872 (thanks William Blunn).
- Better docs of :Global inspired by RT 74869 (thanks William Blunn)
- Highlight the importance of uncommenting the template line in the
list action
- Clarify docs for nginx in non-root - a trailing slash on the
location block is very much needed.
- Clarified Data::Dumper usage. RT#71410 Thanks to Bill Corr
- Mention Chef deployment in Manual::Deployment (thanks to Alexey
Melezhik)
- Cleaned deps to match current Catalyst reqs.
ChangeLog:
5.90019 - 2012-12-04 21:31:00
- Fix for perl 5.17.6 (commit g7dc8663). RT#81601
- Fix for perl 5.8. RT#61122
- Remove use of MooseX::Types as MooseX::Types is broken on perl5.8
RT#77100 & RT#81121
5.90018 - 2012-10-23 20:55:00
- Changed code in test suite so it no longer trips up on recent changes to
HTTP::Message.
5.90017 - 2012-10-19 22:33:00
- Change Catalsyt _parse_attrs so that when sub attr handlers:
1) Can return multiple pairs of new attributes.
2) Get their returned attributes passed through the correct attribute handler.
e.g sub _parse_Whatever_attr { return Chained => 'foo', PathPart => 'bar' }
Will now work because both new attributes are respected, and the Chained
attribute is passed to _parse_Chained_attr and fixed up correctly by that.
- In Catalyst::Test, don't mangle headers of non-HTML responses. RT#79043
- Refactor request and response class construction to add methods
that roles can hook to feed extra parameters into the constructor
of request or response classes.
5.90016 - 2012-08-16 15:35:00
- prepare_parameters is no longer an attribute builder. It is now a method
that calls the correct underlying functionality (Bill Moseley++)
- Updated Makefile.PL to handle MacOXS tar
- Fix uri_for to handle a stringifiable object
- Fix model/view/controller methods to handle stringifiable objects
- Fix RT#78377 - IIS7 ignores response body for 3xx requests, which
causes (a different) response to be broken when using keepalive.
Fixed by applying Middleware which removes the response body and
content length that Catalyst supplies with redirects.
5.90015 - 2012-06-30 16:57:00
- Fix $c->finalize_headers getting called twice. RT#78090
- Fix test fails in Catalyst-Plugin-Session-State-Cookie. RT#76179
- Fix test fails in Catalyst-Plugin-StackTrace
- Fix test fails in Test-WWW-Mechanize-Catalyst
5.90014 - 2012-06-26 10:00:00
- Fix calling finalize_headers before writing body when using $c->write /
$c->res->write (fixes RT#76179).
5.90013 - 2012-06-21 10:40:00
- Release previous TRIAL as stable.
- We failed to note in the previous changelog that the Makefile.PL has been
improved to make it easier for authors to bootstrap a developer install
of Catalyst.
5.90013 - TRIAL 2012-06-07 20:21:00
New features:
- Merge Catalyst::Controller::ActionRole into Catalyst::Controller.
Bug fixes:
- Fix warnings in some matching cases for Action methods with
Args(), when using Catalyst::DispatchType::Chained
- Fix request body parameters to not be undef if no parameters
are supplied.
- Fix action_args config so that it can be specified in the
top level config.
- Fix t/author/http-server.t on Win32
- Fix use of Test::Aggregate to make tests faster.
5.90012 - 2012-05-16 09:59:00
Distribution META.yml changes:
- author key is now correct, rather than what Module::Install
mis-parses from the documentation.
- x_authority key added.
Bug fixes:
- Fix request body parameters being multiply rebuilt. Fixes both
RT#75607 and CatalystX::DebugFilter
- Make plugin de-duplication work as intended originally, as whilst
duplicate plugins are totally unwise, the C3 error given to the user
is less than helpful.
- Remove dependence on obscure behaviour in B::Hooks::EndOfScope
for backward compatibility. This fixes issues with behaviour changes
in bleadperl. RT#76437
- Work around Moose bug RT#75367 which breaks
Catalyst::Controller::DBIC::API.
Documentation:
- Fix documentation in Catalyst::Component to show attributes and
calling readers, rather than accessing elements in the $self->{} hash
directly.
- Add note in Catalyst::Component to strongly disrecommend $self->config
- Fix vague 'checkout' wording in Catalyst::Utils. RT#77000
- Fix documentation for the 'secure' method in Catalyst:Request. RT#76710
5.90011 - 2012-03-08 16:43:00
Bug fixes:
- Simplification of the previous changes to Catalyst::ScriptRunner
We now just push $FindBin::Bin/../lib to the @INC path again, but
only if one of the dist indicator files (Makefile.PL Build.PL or
dist.ini) can be found in $FindBin::Bin/../$_
This avoids heuristics when the app is unloaded and therefore
works better for extensions which have entire applications in
their test suites.
- Bug fix to again correctly detect checkouts in dist zilla using
applications.
- --background option for the server script now only closes
STDIN, STDOUT and STDERR. This fixes issues with Log::Dispatch
and other loggers which open a file handle when
- Change incorrect use of File::Spec->catdir to File::Spec->catfile
so that we work on platforms which care about this (VMS?)
- Make it more obvious if our PSGI server doesn't pass in a response
callback.
5.90010 - 2012-02-18 00:01:00
Bug fixes:
- Fix the previous fix to Catalyst::ScriptRunner which was resulting
in the lib directory not being pushed onto @INC.
This meant perl ./script/myapp_server.pl failed, however
perl -Ilib ./script/myapp_server.pl would succeed.
5.90009 - 2012-02-16 09:06:00
Bug fixes:
- Fix the debug page so that it works as expected with the latest
refactoring.
- The Catalyst::Utils::home function is used to find if the application
is a checkout in Catalyst::ScriptRunner. This means that a non-existant
lib directory that is relative to the script install location is not
included when not running from a checkout.
- Fix dead links to cpansearch.perl.org to point to metacpan.org.
- Require the latest version of B::Hooks::EndOfScope (0.10) to avoid an
issue with new versions of Module::Runtime (0.012) on perl 5.10
which stopped Catalyst::Controller from compiling.
- In Catalyst::Test, don't mangle headers of non-HTML responses. RT#79043
5.90008 - TRIAL 2012-02-06 20:49:00
New features and refactoring:
- Much of the Catalyst::Engine code has been moved into Catalyst::Request
and Catalyst::Response, to be able to better support asynchronous web
servers such as Twiggy, by making the application engine more reenterant.
This change is as a prequel to full asynchronous support inside Catalyst
for AnyEvent and IO::Async backends, which allow highly scaleable streaming
(for applications such as multi-part XML HTTPRequests, and Websockets).
Deprecations:
- This means that the $c->engine->env method to access the PSGI environment
is now deprecated. The accessor for the PSGI env is now on Catalyst::Request
as per applications which were using Catalyst::Engine::PSGI
Catalyst::Engine::PSGI is now considered fully deprecated.
- The private _dump method in Catalyst::Log is now deprecated. The dumper is
not pluggable and which dumper to use should be a user choice. Using
an imported Dump() or Dumper() function is less typing than $c->log->_dump
and as this method is unused anywhere else in Catalyst, it has been scheduled
for removal as a cleanup. Calling this method will now emit a stack trace
on first call (but not on subsequent calls).
Back compatibility fixes:
- Applications still using Catalyst::Engine::PSGI as they rely on
$c->request->env - this is now the provided (and recommended) way of
accessing the raw PSGI environment.
Tests:
- Spurious warnings have been removed from the test suite
Documentation:
- Fix the display of PROJECT FOUNDER and CONTRIBUTORS sections in the
documentation. These were erroneously being emitted when the Pod
was converted to HTML for search.cpan.org
- Fix documentation for the build_psgi_app app method. Previously the
documentation advised that it provided the psgi app already wrapped
in default middleware. This is not the case - it is the raw app psgi
Faraday is an HTTP client lib that provides a common interface over many
adapters (such as Net::HTTP) and embraces the concept of Rack middleware when
processing the request/response cycle.
Collection.
Tornado is an open source version of the scalable, non-blocking web server and
tools that power FriendFeed. The FriendFeed application is written using a web
framework that looks a bit like web.py or Google's webapp, but with additional
tools and optimizations to take advantage of the underlying non-blocking
infrastructure.
The framework is distinct from most mainstream web server frameworks (and
certainly most Python frameworks) because it is non-blocking and reasonably
fast. Because it is non-blocking and uses epoll or kqueue, it can handle
thousands of simultaneous standing connections, which means it is ideal for
real-time web services. We built the web server specifically to handle
FriendFeed's real-time features -- every active user of FriendFeed maintains
an open connection to the FriendFeed servers.
Changelog:
Tomcat 7.0.35 (markt)
Catalina
fix 54247: Prevent ClassNotFoundExceptions on stop when running as a service. (markt)
fix 54249: Ensure resource properties are available when the context path contains encoded characters such as a space. This triggered compilation issues in Jasper. Patch provided by Polina Genova. (markt)
fix 54256: Improve error reporting when a JAR file fails extension validation by including the name of the JAR file in the exception. (markt)
fix Allow web applications to be stopped cleanly even if filters throw exceptions when their destroy() method is called. (markt/kkolinko)
fix Fix memory leak of servlet instances when running with a SecurityManager and either init() or destroy() methods fail or the servlet is a SingleThreadModel one. (kkolinko)
code Cleanup method cache lookup code in SecurityUtil class. (kkolinko)
add Make the Tomcat 7 non-JSR356 WebSocket implementation non-blocking (where supported by the connector) between the HTTP upgrade and the first WebSocket message from the client to the server. (markt)
fix 54262: Ensure that an empty <absolute-ordering /> element in the main web.xml file disables scanning for web fragments. Based on a patch by Violeta Georgieva. (markt)
fix 54284: As per clarification from the Servlet EG, anonymous Filters and Servlets are not permitted. Patch by Violeta Georgieva. (markt)
fix 54371: Prevent exceptions when processing web fragments for unexpanded WAR files when the context path contains characters that need to be encoded in URLs such as spaces. Based on a patch by Polina Genova. (markt)
add 54372: Make HTTP Digest authentication header parsing tolerant of invalid headers sent by known buggy clients. (markt)
fix 54377: Correctly set request attributes for AccessLog in RemoteIpFilter. Patch by Violeta Georgieva. (markt)
fix 54379: Implement support for post-construct and pre-destroy elements in web.xml. Patch by Violeta Georgieva. (markt)
fix 54380: Do not try to register servlets or contexts into the mapper too early (which just caused a warning to be logged). (kkolinko)
fix Fix NPE in WebappLoader.stopInternal when stop is called after a failed start. (kkolinko)
add 54381: Add support for receiving WebSocket pong messages. (markt)
fix 54382: Fix NPE when SSI processing is enabled and an empty SSI directive is present. (markt)
fix Fix ArrayIndexOutOfBoundsException in HttpParser when parsing incorrect HTTP headers. (kkolinko)
fix 54387: Deployment must fail when multiple servlets are mapped to the same url-pattern. (markt)
fix 54391: Provide a value for the javax.servlet.context.orderedLibs attribute. (markt)
Coyote
fix 54248: Ensure that byte order marks are swallowed when using a Reader to read a request body with a BOM for those encodings that require byte order marks. (markt)
fix Fix release of processors in AjpNioProtocol. Wrong object was used as a key in the connections map. (kkolinko)
Jasper
add 54240: Add support for auto-detection and configuration of JARs on the classpath that provide tag plug-in implementations. Based on a patch by Sheldon Shao. (markt)
fix 54241: Revert the fix for 35410 as it was not compliant with the JSP specification, specifically that <%= obj %> must be translated to out.print(obj) which in turn becomes out.write(String.valueOf(obj)). This will trigger a NullPointerException if obj.toString() returns null. The fix for 35410 incorrectly suppressed the NullPointerException in this case. (markt)
fix 54242: Correct handle null iterations with in the JSTL ForEach tag plug-in implementation. Patch provided by Sheldon Shao. (markt)
fix 54260: Avoid NullPointerException when using JSP unloading and tag files. (markt)
fix 54370: Improve handling of nulls when trying to match sets of parameters to a method in EL. (markt)
fix 54338: Correctly coerce the value to the expected type when using the tag plug-in for the JSTL set tag. Patch provided by Sheldon Shao. (markt)
Web applications
fix 54244: Clarify the documentation for the BIO and NIO SSL configuration attributes sslEnabledProtocols and sslProtocol within the documentation web application. (markt)
add Integrate documentation of Tomcat 7 with Apache Comments System. People can leave their comments when reading documentation online at the tomcat.apache.org site. (rjung)
Other
fix 54390: Use 'java_home' on Mac OS X to auto-detect JAVA_HOME. (schultz)
* Add PostgreSQL support, not tested.
Changelog:
Version 4.5.6 Jan 22th 2013
Improved language detection
Improved translations
Fix link to bugtracker
Several IE 6/7/8 fixes
SabreDAV updated to 1.6.6
Improved error reporting
Support special characters in mountpoint
Interpret http 403 and 401 as not authorized in user_webdavauth
Several fixes for special characters in files and folders
Improved PostgreSQL support
Check database names for valid characters
Fix default email address calculation
Remove debug output on send password page
Add SMTP port configuration option
Only show the max possible upload of 2GB on a 32 bit system
Show progress during file downloads
Security: Fix multiple XSS problems: CVE-2013-0201, CVE-2013-0202, CVE-2013-0203
Security: Fix Code execution in external storage: CVE-2013-0204
Security: Removed remoteStorage app because of unfixed security problems.
Also bump PKGREVISION for a few packages using it.
The packages I did this for:
net/yaz
lang/parrot
misc/openoffice3 (where I noticed the run-time failure due to missing shared library)
www/webkit-gtk
sysutils/open-vm-tools
inputmethod/ibus-qt
I didn't do this recursively or for all packages using icu
since I didn't know if they used the shared library directly,
some use was optional. The list of packages I didn't touch:
devel/devhelp
databases/idzebra
databases/sqlite3
devel/gnustep-base/
finance/gnucash
games/openttd
graphics/shotwell
lang/mono
meta-pkgs/boost
misc/calibre
misc/libreoffice
news/tin
textproc/php-intl
www/deforaos-surfer
www/epiphany
www/liferea-current
www/midori
Upstream changes:
Highlights
MDL-32880 - Make 1.9 blocks restorable in 2.3 onwards
MDL-34791 - Activity quick title edit updates name in gradebook
MDL-35653 - Wiki module works if you activate the force format option
Functional changes
MDL-35422 - To start writing their Workshop submissions, students now click a button labelled 'Start preparing your submission' instead of 'Submit'
API changes
MDL-30700 - There is a new function "text_sorting($columnname)" for the class flexible_table which allows you to specify which columns are of type "text" so they can be sorted correctly in all databases.
MDL-35593 - core_webservice_get_site_info returns version number as PARAM_TEXT
MDL-30961 - get_course_contents web service's name value is now PARAM_RAW
MDL-36795 - In the default course settings, numsections is not limited to maxsections
Security issues
MSA-13-0001 - Security issue in Google Spellchecker in TinyMCE
MSA-13-0002 - Capability issue with Outcome editing
MSA-13-0003 - Potential server file access through backup restoration
MSA-13-0004 - Information leak through activity report
MSA-13-0005 - Potential phishing attack through URL redirects
MSA-13-0006 - Potential information leak in Assignment module
MSA-13-0007 - Potential exploit in messaging
MSA-13-0008 - Information leak through Blog RSS
MSA-13-0009 - Information leak through Blog RSS
Fixes and improvements
MDL-36680 - Overview report now gives correct course total by not including hidden item grades
MDL-35717 - Quiz cron not closing old attempts after quiz close date (also MDL-36842)
MDL-37165 - Assignment summary displays on Oracle
MDL-36668 - Performance issue resolved in viewing pages in Database activity
MDL-36760 - Numerical type quiz questions now work with frozen elements changes
MDL-36551 - Database presets retain advanced search template
MDL-33863 - Importing quiz questions into new course happens without error
MDL-36683 - It is now possible to duplicate a quiz when course question bank contains matching questions
Trac-1.0.ja1 (Oct 4, 2012)
* Based on Trac 1.0 'Cell'
* Change document and parameters for this distribution.
- *.trac-ja
- setup.py
- trac/templates/about.html
- trac/templates/theme.html
* Translate default Wiki pages into Japanese.
- trac/wiki/default-pages/*
* Translate default reports into Japanese.
- trac/db_default.py
* Translate default workflow display into Japanese.
* trac/ticket/templates/report.rss
* trac/ticket/templates/report_view.html
* [Patch] Add formatting for report using Japanese column name.
- trac/ticket/report.py
- trac/ticket/templates/report.rss
- trac/ticket/templates/report_view.html
* [Patch] Fix a bug that local time will not be applied
when downloading repository files as Zip.
- trac/versioncontrol/web_ui/changeset.py
* [Patch] Small patch for Unicode
- trac/about.py
* [Patch] Fix based on ticket #10877.
-trac/util/text.py
-trac/util/test/text.py
Trac 1.0 'Cell' (September 7, 2012)
http://svn.edgewall.org/repos/trac/tags/trac-1.0
Trac 1.0 is a major release adding refreshed user interface and
improved DVCS repository support as the most visible changes.
The following list contains only a few highlights:
- The default theme looks more modern, especially on recent browsers
(no effort has been made to make it look better on older browsers
like IE6 or 7)
- The TracHacks GitPlugin has been donated by Herbert Valerio Riedel
to the Trac project (many thanks!) and is now maintained here as an
optional component
- As a consequence, the Subversion support has been moved below
`tracopt.versioncontrol` as well
- The Git and Mercurial log view feature a visualization of the
branching structure
- Usability improvements for the tickets, with a better support for
conflict detection and resolution
- Integration of the TracHacks BatchModifyPlugin, contributed by
Brian Meeker (many thanks!) and is now maintained there as a
default component
- jQuery/UI integration, featuring a date picker for date fields
- Improved integration with Pygments syntax highlighting
- ... and numerous smaller features added and bugs fixed since 0.12!
* Use Lightning in seamonkey tar ball, 2.0pre.
Changelog:
SeaMonkey-specific changes
SeaMonkey can be set as default client/browser on Mac and Linux now.
See the changes page for minor changes.
Mozilla platform changes
The new IonMonkey compiler improves JavaScript performance.
Preliminary support for WebRTC has been added.
Image quality has been improved through a new HTML scaling algorithm.
CSS3 Flexbox has been implemented.
Support for new DOM property window.devicePixelRatio has been added.
Support for @supports has been added (disabled for now).
Startup time has been improved through smart handling of signed extension certificates.
HTML5: Support for W3C touch events has been implemented, taking the place of MozTouch events
Insecure content loading has been disabled on HTTPS pages (see bug 62178).
Responsiveness for users on proxies has been improved.
Fixed several stability issues.
Fixed in SeaMonkey 2.15
MFSA 2013-20 Mis-issued TURKTRUST certificates
MFSA 2013-19 Use-after-free in Javascript Proxy objects
MFSA 2013-18 Use-after-free in Vibrate
MFSA 2013-17 Use-after-free in ListenerManager
MFSA 2013-16 Use-after-free in serializeToStream
MFSA 2013-15 Privilege escalation through plugin objects
MFSA 2013-14 Chrome Object Wrapper (COW) bypass through changing prototype
MFSA 2013-13 Memory corruption in XBL with XML bindings containing SVG
MFSA 2013-12 Buffer overflow in Javascript string concatenation
MFSA 2013-11 Address space layout leaked in XBL objects
MFSA 2013-10 Event manipulation in plugin handler to bypass same-origin policy
MFSA 2013-09 Compartment mismatch with quickstubs returned values
MFSA 2013-08 AutoWrapperChanger fails to keep objects alive during garbage collection
MFSA 2013-07 Crash due to handling of SSL on threads
MFSA 2013-06 Touch events are shared across iframes
MFSA 2013-05 Use-after-free when displaying table with many columns and column groups
MFSA 2013-04 URL spoofing in addressbar during page loads
MFSA 2013-03 Buffer Overflow in Canvas
MFSA 2013-02 Use-after-free and buffer overflow issues found using Address Sanitizer
MFSA 2013-01 Miscellaneous memory safety hazards (rv:18.0/ rv:10.0.12 / rv:17.0.2)
Upstream changes:
1.0015 Thu Jan 10 15:19:17 PST 2013
[BUG FIXES]
- Fixed Lint complaining about Latin-1 range characters stored internally with
utf8 flag on (Mark Fowler)
- HTTP::Message::PSGI::res_from_psgi now always returns empty string
for an empty response body, so streamed responses are consistent with
non-streamed (ether)
1.0014 Mon Dec 3 10:27:43 PST 2012
[BUG FIXES]
- Fixed Hash order in tests for perl 5.17 (doy)
- Fixed StackTrace tests to run with Devel::StackTrace
[IMPROVEMENTS]
- Plack::Middleware::AccessLog can now log the worker pid and server
port (ether)
1.0013 Wed Nov 14 19:46:49 PST 2012
[BUG FIXES]
- Make sure psgi.input is seeked even when the input is buffered (Getty, leedo)
- Delete invalid (empty) CONTENT_LENGTH and CONTENT_TYPE in FCGI (Getty, leedo)
1.0012 Wed Nov 14 12:00:17 PST 2012
[IMPROVEMENTS]
- Make conditional middleware work with initialization without an app (doy)
- Added force option to BufferedStreaming
1.0011 Sun Nov 11 11:05:30 PST 2012
[BUG FIXES]
- Fix bad Content-Length that could be caused with mod_perl (avar)
- Allow an empty PATH_INFO in Lint per PSGI spec
1.0010 Fri Nov 2 13:30:50 PDT 2012
[IMPROVEMENTS]
- Added vim .swp files to the default ignore list in Restarter
- Check if PATH_INFO begins with / in Lint
1.0009 Tue Oct 23 00:57:16 PDT 2012
[BUG FIXES]
- Correct fix to address drive letters for Win32
1.0008 Mon Oct 22 18:52:29 PDT 2012
[BUG FIXES]
- Allow drive letters for absolute paths for plackup and load_psgi #343
1.0007 Sat Oct 20 23:20:20 PDT 2012
[IMPROVEMENTS]
- Fix test failures with HTTP::Message 6.06. #345
- relaxed plackup -R ignore files and directoris. #260
1.0006 Thu Oct 18 16:06:15 PDT 2012
[INCOMPATIBLE CHANGES]
- plackup foo.psgi will not search the file in @INC anymore before the current directory
See https://github.com/plack/Plack/pull/343 for details (miyagawa)
[NEW FEATURES]
- plackup --path /foo will mount the application under /path (mattn)
[BUG FIXES]
- AccessLog: Fix the timezon offset for certain timezones
- ErrorDocument: support streaming interface
1.0005 Tue Oct 9 13:33:47 PDT 2012
[NEW FEATURES]
- Support psgix.cleanup handlers in Apache2 (avar)
- Added REMOTE_PORT environment variable to HTTP::Server::PSGI (dex4er)
[IMPROVEMENTS]
- Documentation fix for multiple cookie values (miyagawa)
- Delete MOD_PERL environment variable for better compatibilities (avar)
- Split out Plack::TempBuffer as a standalone Stream::Buffered module (doy)
- Bump Test::TCP dep
1.0004 Thu Sep 20 08:36:11 JST 2012
[NEW FEATURES]
- Added psgix.harakiri support in HTTP::Server::PSGI
[IMPROVEMENTS]
- Preload TempBuffer modules (avar)
- Documentation fixes (autarch)
Upstream changes:
2.94 Thu Jan 17 2013
- Fixed bug where options were bleeding over into subsequent calls to new()
[Michael Peters]
2.93 Wed Jan 16 2013
- Feature: Added config() method to make setting global defaults
easy so that each call to new() has less boiler plate. [Michael
Peters]
- Bug Fix: t/05-force_untaint.t now passes when run with prove
[Michael Peters]
- Bug Fix: die_on_bad_params now controls whether we die if tmpl_vars
reuse names from tmpl_loops (which can be useful in some situations)
[Michael Peters]
www/py-werkzeug-docs.
Based on PR pkg/47381 by Richard PALO.
This package contains the HTML documentation for Werkzeug.
Werkzeug is a WSGI utility library for Python. It's widely used
and BSD licensed.
Werkzeug started as a simple collection of various utilities for
WSGI applications and has become one of the most advanced WSGI
utility modules. It includes a powerful debugger, fully featured
request and response objects, HTTP utilities to handle entity tags,
cache control headers, HTTP dates, cookie handling, file uploads,
a powerful URL routing system and a bunch of community contributed
addon modules.
It does Unicode and doesn't enforce a specific template engine,
database adapter or anything else. It doesn't even enforce a specific
way of handling requests and leaves all that up to the developer.
HTTP::Server::Simple::Authen is an HTTP::Server::Simple plugin to allow
HTTP authentication. Authentication scheme is pluggable and you can use
whatever Authentication protocol that Authen::Simple supports.
* January 13th, 2013: Thirty second public release 1.4.4, 1.3.9, 1.2.7, 1.1.5
* [SEC] Rack::Auth::AbstractRequest no longer symbolizes arbitrary strings
* Fixed erroneous test case in the 1.3.x series
* January 6th, 2013: Twenty eighth public release 1.3.7
* Add warnings when users do not provide a session secret
* Fix parsing performance for unquoted filenames
* Updated URI backports
* Fix URI backport version matching, and silence constant warnings
* Correct parameter parsing with empty values
* Correct rackup '-I' flag, to allow multiple uses
* Correct rackup pidfile handling
* Report rackup line numbers correctly
* Fix request loops caused by non-stale nonces with time limits
* Fix reloader on Windows
* Prevent infinite recursions from Response#to_ary
* Various middleware better conforms to the body close specification
* Updated language for the body close specification
* Additional notes regarding ECMA escape compatibility issues
* Fix the parsing of multiple ranges in range headers
* January 7th, 2013: Thirtieth public release 1.3.8
* Security: Prevent unbounded reads in large multipart boundaries
* January 13th, 2013: Thirty second public release 1.4.4, 1.3.9, 1.2.7, 1.1.5
* [SEC] Rack::Auth::AbstractRequest no longer symbolizes arbitrary strings
* Fixed erroneous test case in the 1.3.x series
* January 6th, 2013: Twenty seventh public release 1.2.6
* Add warnings when users do not provide a session secret
* Fix parsing performance for unquoted filenames
* January 13th, 2013: Thirty second public release 1.4.4, 1.3.9, 1.2.7, 1.1.5
* [SEC] Rack::Auth::AbstractRequest no longer symbolizes arbitrary strings
* Fixed erroneous test case in the 1.3.x series
