Changes since 5.1.9:
- fix gh#247 when a NUL char is used as key, apcu_fetch(array) truncates the key
- fix gh#248 apcu_fetch may return values causing zend_mm_corruption or segfaults
when custom serializer is used
- fix gh#260 apcu.serializer=default results in segfault
- fix gh#274 non-portable shell == in config.m4
- fix crash when passing bad array to apcu_delete
- improve fix gh#266 refcounting errors in APCIterator
- fix for PHP 7.3 compatibility
2.0.2:
* SyncConsumer now terminates old database connections, and there is a new
database_sync_to_async wrapper to allow async connections to do the same.
2.0.1:
* AsyncWebsocketConsumer and AsyncJsonWebsocketConsumer classes added
* OriginValidator and AllowedHostsOriginValidator ASGI middleware is now available
* URLRouter now correctly resolves long lists of URLs
2.0.0:
* Major backwards-incompatible rewrite to move to an asyncio base and remove
the requirement to transport data over the network, as well as overhauled
generic consumers, test helpers, routing and more.
2.0.3:
* Unix socket listening no longer errors during startup (introduced in 2.0.2)
* ASGI Applications are now not immediately killed on disconnection but instead
given --application-close-timeout seconds to exit (defaults to 10)
2.0.2:
* WebSockets are no longer closed after the duration of http_timeout
2.0.1:
* Updated logging to correctly route exceptions through the main Daphne logger
2.0.0:
* Major rewrite to the new async-based ASGI specification and to support
Channels 2. Not backwards compatible.
v14.0.0
* Officially deprecated basic_auth and digest_auth
tools and the httpauth module, triggering DeprecationWarnings
if they're used. Applications should instead adapt to use the
more recent auth_basic and auth_digest tools.
This deprecated functionality will be removed in a subsequent
release soon.
* Removed DeprecatedTool and the long-deprecated and disabled
tidy and nsgmls tools.
aiohttp 3.0 release:
Major release, many already deprecated things are removed
Minimal supported Python version is 3.5.3.
aiohttp uses shiny async/await syntax everywhere internally (while old yield from is still supported).
Read https://docs.aiohttp.org/en/stable/whats_new_3_0.html for brief information about most important changes.
Changes with nginx 1.13.8:
*) Feature: now nginx automatically preserves the CAP_NET_RAW capability
in worker processes when using the "transparent" parameter of the
"proxy_bind", "fastcgi_bind", "memcached_bind", "scgi_bind", and
"uwsgi_bind" directives.
*) Feature: improved CPU cache line size detection.
Thanks to Debayan Ghosh.
*) Feature: new directives in vim syntax highlighting scripts.
Thanks to Gena Makhomed.
*) Bugfix: binary upgrade refused to work if nginx was re-parented to a
process with PID different from 1 after its parent process has
finished.
*) Bugfix: the ngx_http_autoindex_module incorrectly handled requests
with bodies.
*) Bugfix: in the "proxy_limit_rate" directive when used with the
"keepalive" directive.
*) Bugfix: some parts of a response might be buffered when using
"proxy_buffering off" if the client connection used SSL.
Thanks to Patryk Lesiewicz.
*) Bugfix: in the "proxy_cache_background_update" directive.
*) Bugfix: it was not possible to start a parameter with a variable in
the "${name}" form with the name in curly brackets without enclosing
the parameter into single or double quotes.
1.30.0:
lib:
This release fixes the bug so that PING frame can be sent after GOAWAY.
nghttpx:
This release fixes the bug that set_header method in mruby script wrongly overwrites other header fields.
upgrade-scheme parameter has been added to backend option to workaround the issue that a backend server requires that HTTP/2 :scheme pseudo header field value should be https.
This release fixes the bug that ALPN validation does not occur if client does not send TLS ALPN extension.
To more compliant to RFC 8297, nghttpx now remembers which resource is pushed per a single request.
uWSGI 2.0.16
Security
[CVE-2018-6758] Stack-based buffer overflow in core/utils.c:uwsgi_expand_path()
Changes
Backported early_post_jail plugin hook (Bjørnar Ness)
Fixed ipv6 suupport for http-socket (James Brown)
Enable execinfo on DragonFly BSD (Aaron LI)
Fix inet_ntop buffer size (Orivej Desh)
Add worker running time metrics (Serge/yasek)
Backported safe-pidfile, safe-pidfile2 (Nate Coraor)
Stop using libxml2 by default on osx
Fixed uwsgi_kvlist_parse signature
Backport http range fixes from master (Curtis Maloney, Sokolov Yura)
relicensed mod_proxy_uwsgi to Apache 2.0
logging: Add ${millis} support to json encode
plugins/router_xmldir: fixup invalid locale check (Riccardo Magliocchetti)
Add ssl-verify-depth flag to set the max Client CA chain length (Paul Tagliamonte)
Allow to override build date (Bernhard M. Wiedemann)
Python 3 plugin: improved thread names handling (Jyrki Muukkonen, Mark Meyer)
Added uwsgi_resolve_ip for redis host (ahmbas)
plugins/gevent: Fix signal handlers (Maslov Alexander)
Write x509 DER to the uwsgi buffer (Paul Tagliamonte)
plugin/http: Fix compilation (Melvyn Sopacua)
Fixed emperor throttling system (Jeremy Hiatt)
Fix application loading without Plack after excluding “.” from @INC in new Perl versions (Anton Petrusevich)
Fix MULE MSG QUEUE IS FULL message hint (Eugene Tataurov)
Build System: support k_minor has a _xxx suffix (TOGO Li)
Fixed drop-after-* options (Robert DeRose)
Add mule_send_msg success indicator (Josh Tiras)
Properly check item size in uwsgi_queue_push (Josh Tiras)
FastRouter / HTTP Router can now have a ‘fallback’ key configured
HTTP Router now supports post-buffer, just like FastRouter
Fix handling of env in embedded dict in Python plugin (could cause segfaults in single thread mode)
Add support for Brotli (.br) with –static-gzip
Back-ported HTTP/1.1 support (–http11-socket) from 2.1
2.1.4:
* Values are now correctly returned from sync_to_async and async_to_sync
* ASGI_THREADS environment variable now works correctly
2.1.3:
* Add an ApplicationCommunicator.wait() method to allow you to wait for an
application instance to exit before seeing what it did.
2.1.2:
* Allow AsyncToSync to work if called from a non-async-wrapped sync context.
2.1.1:
* Allow AsyncToSync constructor to be called inside SyncToAsync.
Sat Jan 13 18:55:20 GMT 2018 - surfraw 2.3.0
* We are moving! This is the last release on Debian's platform.
For all future development, please check out
https://gitlab.com/surfraw/Surfraw
* All elvi now use HTTPS
+ Elvi for sites that don't work with HTTPS have left the building:
- cablesearch
- dmoz
- openports
- opensearch
- pasearch
- rhyme
- rpmsearch
- scicom
- scirus
- wetandwild
- yacy
- yubnub
* Select Perl version at buildtime (Mark Meyer)
* Remove lynx-cur (closes#882286)
* Fix segfault on netbsd-7
Changelog:
Fix
Avoid a signature validation issue during update on macOS
Blocklisted graphics drivers related to off main thread painting crashes
Tab crash during printing
Fix clicking links and scrolling emails on Microsoft Hotmail and Outlook
(OWA) webmail
Selenium 3.9.0
* Add docstrings to WebElement find methods
* Additional data in unexpected alert error is now handled for w3c drivers
* Allow service_args to be passed into Firefox WebDriver
* Fix bug introduced with response logging in 3.8.1
"google-apitools" is a collection of utilities to make it easier to build
client-side tools, especially those that talk to Google APIs.
Part of PR pkg/52941.
Django is a high-level Python Web framework that encourages rapid development
and clean, pragmatic design. Django was designed to make common Web-development
tasks fast and easy.
Version 1.1:
* Add Deprecations for 2.0
* Improve IsoDateTimeField test clarity
* Fix form attr references in tests
* Simplify tox config, drop python 3.3 & django 1.8
* Make get_filter_name a classmethod, allowing it to be overriden for each FilterClass
* Support active timezone
* Docs Typo: django_filters -> filters in docs
* Add Polish translations for some messages
* Remove support for Django 1.9 (EOL)
* Use required attribute from field when getting schema fields
* Prevent circular ImportError hiding for rest_framework sub-package
* Deprecate 'extra' field attrs on Filter
* Add SuffixedMultiWidget
* Fix null filtering for *Choice filters
* Use isort on imports
* Use urlencode from django.utils.http
* Remove OrderingFilter.help_text
* Update DRF test dependency to 3.6
3.5.0
* Allow for object uploads > 5GB from stdin.
When uploading from standard input, swiftclient will turn the upload
into an SLO in the case of large objects. By default, input larger
than 10MB will be uploaded as an SLO with 10MB segment sizes. Users
can also supply the --segment-size option to alter that
threshold and the SLO segment size. One segment is buffered in
memory (which is why 10MB default was chosen).
* The --meta option can now be set on the upload command.
* Updated PyPy test dependency references to be more accurate
on different distros.
* Various other minor bug fixes and improvements.
1.11.10:
CVE-2018-6188: Information leakage in AuthenticationForm
A regression in Django 1.11.8 made AuthenticationForm run its confirm_login_allowed() method even if an incorrect password is entered. This can leak information about a user, depending on what messages confirm_login_allowed() raises. If confirm_login_allowed() isn’t overridden, an attacker enter an arbitrary username and see if that user has been set to is_active=False. If confirm_login_allowed() is overridden, more sensitive details could be leaked.
This issue is fixed with the caveat that AuthenticationForm can no longer raise the “This account is inactive.” error if the authentication backend rejects inactive users (the default authentication backend, ModelBackend, has done that since Django 1.10). This issue will be revisited for Django 2.1 as a fix to address the caveat will likely be too invasive for inclusion in older versions.
Bugfixes:
Fixed incorrect foreign key nullification if a model has two foreign keys to the same model and a target model is deleted.
Fixed a regression where contrib.auth.authenticate() crashes if an authentication backend doesn’t accept request and a later one does.
Fixed crash when entering an invalid uuid in ModelAdmin.raw_id_fields
Upstream changes:
The following important issues are resolved in 8.4.4 (in addition to the dozens of other fixes listed at the end of this post):
[PHP 7.2] count() parameter must be an array or an object that implements Countable. Drupal 8.4.4 still has one remaining critical bug on PHP 7.2 which will be fixed by Drupal 8.5.0, to be released March 7 2018.
Concurrently editing two translations of a node may result in data loss for non-translatable fields
Known issues
There are no known regressions in this release.
Important: If you have not already upgraded to 8.4.0, read the Drupal 8.4.0 release notes before upgrading to 8.4.4. Drupal 8.4 includes major version updates for Symfony, jQuery, and jQuery UI and is no longer compatible with older versions of Drush.
Drupal 8 currently has one remaining critical bug on PHP 7.2 which will be fixed by Drupal 8.5.0, to be released March, 7 2018.
Search the issue queue for all known issues.
All changes since the last release
#2894068 by Jo Fitzgerald, davidsickmiller, alexpott, heddn, Yogesh Pawar, quietone, xjm: datetime_type is not set correctly when migrating datetime fields from D7
#2930715 by alexpott, dawehner: Recursive rebuild caused by installing admin_toolbar_tools module
#2837022 by hchonov, xjm, vlad.dancer, plach, matsbla, Gábor Hojtsy: Concurrently editing two translations of a node may result in data loss for non-translatable fields
#2933125 by Tessa Bakker: Case mismatch in ExportForm.php
#2323459 by harsha012, jhodgdon, joachim: Change wording of annotation keys to properties
#2840257 by kiamlaluno: The documentation makes reference to a function that doesn't exist
#2779921 by kiamlaluno, alexpott: hook_field_widget_form_alter() still reference a hook that is not used anymore
#2931294 by claudiu.cristea, Wim Leers: Timestamp field type misses schema for value
#2923884 by mfernea: Fix 'Squiz.WhiteSpace.SemicolonSpacing' coding standard
#2899708 by gaurav.kapoor, tan33sh, tedbow, droplet, Wim Leers: `quote` should be `blockquote` in off-canvas.base.css
#2932154 by jhedstrom: ModerationInformation::getLatestRevisionId returns access-specific results
#2932551 by jeqq: Error when calling ModerationStateFieldItemList::updateModeratedEntity() if the entity doesn't have workflow
#2346893 by lauriii, idebr, slashrsm, RavindraSingh, Rade, Fabianx, alexpott, swentel, gauravjeet, darrenwh, deepak_zyxware, joelpittet, Wim Leers, Yogesh Pawar, Vj, ivan.chavarro, josephdpurcell, josmera01, rloos289, kattekrab, Tanvish Jha, csakiistvan, xjm, larowlan, akalata: Duplicate AJAX wrapper around a file field
#2921033 by Jo Fitzgerald, masipila, phenaproxima, xjm, Wim Leers: Improve API documentation of DrupalSqlBase source plugin
#2862671 by masipila, Jo Fitzgerald, kleog, phenaproxima, quietone: Add documentation to SqlBase source plugin
#2930072 by vaplas, Lendude: Module: Convert system functional tests to phpunit
#2913864 by Jo Fitzgerald, chiranjeeb2410, matslats, phenaproxima: badly constructred link in drupal_set_message
#2928846 by alexpott, Berdir: [PHP 7.2] count() parameter must be an array or an object that implements Countable
#1489692 by Liam Morland, pfrenssen, YesCT, geekinpink, sudishth, josmera01, David_Rothstein: Incorrect handling of file upload limit exceeded - file widget disappears
#2914938 by timmillwood, RajabNatshah, xjm, Manuel Garcia, amateescu, Wim Leers: Preview of content - Notice: Undefined offset: 0 in _quickedit_entity_is_latest_revision() (line 196 of core/modules/quickedit/quickedit.module)
#2880445 by pjcdawkins, japerry, gargsuchi, q0rban: Config sync should not throw a warning when not being writable
#2927636 by alexpott, Mile23, Mixologic: Backport --supress-deprecations to run-tests.sh 8.4.x
#2928778 by plach: Exception when trying to save a new revision after manually setting the original revision ID
#2929464 by tedbow, mpdonadio: Tests under "core/modules/ckeditor/tests/modules/src/Kernel" are in the wrong folder and do not get tested
#2795317 by hswong3i, alexpott, Lendude, bircher, dawehner, martin107, Jo Fitzgerald, mondrake: Allow PHPUnit 6+ support for object mocking
#2862745 by masipila, quietone: Add documentation to EntityFieldInstance destination plugin
#2862746 by masipila, quietone, phenaproxima: Add documentation to EntityFieldStorageConfig destination plugin
#2927844 by Jo Fitzgerald, quietone, heddn: Correct references to 'iterator' plugin to be 'sub_process'
#2927563 by tstoeckler, amateescu: Aggregator feed "refresh" field should have a default value
#2927569 by tstoeckler, amateescu: Various tests do not set values for required field when creating entities
#2862207 by kalpaitch, jmmarquez, jeetendrakumar: Config import change profile message
#2923886 by mfernea: Fix 'Squiz.WhiteSpace.LanguageConstructSpacing' coding standard
Revert "Issue #2929076 by marcoscano: Fix wrong \Drupal\Core\Entity\EntityTypeInterface::getBundleLabel() docblock"
#2929076 by marcoscano: Fix wrong \Drupal\Core\Entity\EntityTypeInterface::getBundleLabel() docblock
#2927758 by Wim Leers, dagmar: Update DbLogResourceTest to use the ResourceTestBase base class instead of the deprecated RESTTestBase
#2717965 by Yogesh Pawar, pguillard, alexpott, Liam Morland, skylord, oxy86, cilefen, balagan, Anthony Fok: Site name is not UTF-8 encoded in email headers
Changes:
- Fix potential memory bug in curl() when doubling the buffer is
insufficient.
- Added unit test for curl_echo() to post large multipart data.
- Fix IDN unit test error "string has forbidden bi-directional
properties"
Notable changes:
- Use a loop to preload anonymous inner classes when running under a SecurityManager, to be safe for future changes in the code or using a different compiler. (kkolinko)
- Implement a small optimisation to how JAR URLs are processed to reduce the storage of duplicate String objects in memory. Patch provided by Dmitri Blinov. (markt)
Full changelog:
https://tomcat.apache.org/tomcat-7.0-doc/changelog.html
Notable changes:
- Correct a regression in the previous fix for 61916 that meant that any call to addHeader() would have been replaced with a call to setHeader() for all requests mapped to the AddDefaultCharsetFilter. (markt)
- Improve handling for ByteChunk and CharChunk instances that grow close to the maximum size allowed by the JRE. (markt)
Full changelog:
https://tomcat.apache.org/tomcat-8.5-doc/changelog.html
* Fix build under netbsd-7, PR pkg/52956
Changelog:
Fix Mozilla Foundation Security Advisory 2018-05:
Arbitrary code execution through unsanitized browser UI
When using certain non-default security policies on Windows (for
example with Windows Defender Exploit Protection or Webroot security
products), Firefox 58.0 would fail to load pages (bug 1433065).
Version 0.9:
Fix: TypeError: 'NamesConsumer' object does not support indexing
Fix: resolve ForeignKey models specified as strings instead of class names
(Based on wip/*passenger.)
Phusion Passenger is a web server and application server,
designed to be fast, robust and lightweight. It supports Ruby,
Python, Node.js and Meteor.
