6.31 2017-12-11 01:55:53Z
- fix version numbering (RT#123841)
6.30 2017-12-07
- Use tr/// instead of s/// where appropriate (Ville Skyttä) (GH #265)
- Use parent -norequire instead of base to not look for external
dependencies (Fabian Zeindler) (GH #259)
- Fix run_handlers to allow assigning to the request / response (Gianni
Ceccarelli) (GH #274)
7.59 2017-12-15
- Moved home and ua attributes from Mojo to Mojolicious.
- Changed Mojo::IOLoop::Client to only start a thread pool with
Net::DNS::Native on demand. (Grinnz)
- Improved subprocess method in Mojo::IOLoop to allow for easier role
composition.
- Fixed RFC 7230 compliance bug in Mojo::Message::Response. (jberger)
6.14 2017-12-20 22:28:48Z
- Add some useful examples in HTTP::Request (GH #92) (Chase Whitener).
Batch requests are now explained.
- PUT and PATCH docs updated (GH #84) (saturdaywalkers)
- Trim trailing \r from status line so message() doesn't return it (GH #87) (Felipe Gasper)
- Bring test coverage of HTTP::Config to 100% (GH #85) (Pete Houston)
- Add 103 Early Hints to HTTP::Status (GH #94) (Tatsuhiko Miyagawa)
Version 4.2.3:
* Test MultiChoiceField.validate when invalid. For the record, this raises a TypeError prior to Simen's commit
* Test MultiChoiceField.validate when valid. Also, I realized that the choices kwarg needs to be a nested list
* Ensure createdb command passes on the exepcted options to base class
* Workaround for Django bug with templates field and empty values
* Update travis django versions.
* Subclass Django's redirect admin to filter by site
* Remove "Overriding vs. Extending" Docs. I know we discussed this a little bit somewhere and rewriting this. section was suggested. However, I don't see any reason to keep it. around. This was always a django issue but we provided a. mezzanine-specific solution. Now that there's a django solution, why. clutter our docs with it?
* Fix SSLRedirectMiddleware.__init__ signature. As reported on the mailing list. (https://groups.google.com/d/msg/mezzanine-users/d5mcAMOVcnk/uqw61LyjAwAJ),. this raised a TypeError because the get_response argument is optional
* Move “required” from field help text to template. The forms app used to set “required” as the help text for fields that. are required and didn’t have a help text already. Move this text into. the template instead, making it easier to override
* Use call_command() instead of execute()
* Remove the no_color handling in createdb management command
* Fix example in profile docs
* Remove outdated message regarding auto-reload. Since local_settings.py is added to sys.modules, the autoreload is working as expected.
* Document static_lazy's purpose.
* Update contributing guidelines to reflect practice. The language here is too broad and has caused several users to submit. high quality bug reports or patches to the mailing list when it's. actually easier to deal with them in the tracker
* Fix TinyMCE support in dynamic inlines.
* Fix TinyMCE support in dynamic inlines. Use TinyMCE’s jQuery plugin to initialise our editors, and handle. Django’s formset:added event to initialise editors in dynamically added. forms. * Tidy up TinyMCE initialisation code. * Call out changes to jquery.tinymce.min.js more visibly
* Warn when editing admin users without permissions.
* Move contributing guidelines to CONTRIBUTING.rst. This will present itself before people open issues which should cut down. on a lot of the erroneous ones
* Fix short URL generation
* Add support for importing via blogml
* Clean up blogml importer
* Added python 3.6
* Deprecate as_tag templatetag shortcut. It isn't documented but folks may be using it anyway. We can't switch. over to simple_tag internally yet until we drop support for django-1.8
* Restore tinymce support in front-end editing.
* Fix caching editable settings forever when no request
* Blog RSS feed - set length property for images (enclosure)
* Blog RSS - add mime_type for images (enclosure)
* Blog Atom feed - add "updatedate" property
* Fix issue with PyPy2. Under PyPy2 you can't do u"foo" == lazy(static, str)("bar") because the. code assumes dir(str) is a strict subset of dir(unicode), which isn't. true on PyPy2. The other way around is no problem however, and the. other strings in the static assets lists are unicode anyway
* Fix issue 1710. During user validation, only save POST data in session if it is a POST. request, otherwise saved comment may be overwritten by GET request that. results from redirect if user verification is required
* Re-order JavaScript loading to ensure TinyMCE has access to correct variables.
* Nicer way to import and register checks. The previous way meant every check gets mentioned 3 times (def, import,. register), with this way it is just once, and all the django.core.checks. are together
* Converted SitePermissionMiddleware warning to a Django check.
* Added hashbangs/permission bits to make scripts more easily runnable
* Made it easier to run individual tests
* Documented how to run tests
* Fixed pyflakes errors for .checks imports
* Fixed login form to not use request.REQUEST. This is not available in Django 1.9 and greater, so without this fix the. forms are (slightly) broken. There doesn't seem to be any reason to use. REQUEST instead of POST - the form is a POST one, and the parameters are not. used elsewhere in the code base to construct a querystring
* Fixed search forms to use request.GET instead of request.REQUEST. request.REQUEST is not available in Django 1.9 and greater
* Support latest bleach, BS, html5lib.
Upstream changes:
MediaWiki 1.30.0
Changes since MediaWiki 1.30.0-rc.0
Upgraded Moment.js from v2.15.0 to v2.19.3.
Add ip_changes to postgres/tables.sql.
Skip null shell parameters.
Add wfWaitForSlaves() to maintenance/migrateComments.php.
(T182245) Fix join conditions in ImageListPager.
(T178626) Revert #contentSub and #jump-to-nav margin changes.
MySQL version requirement in 1.30
As of 1.30, MediaWiki now requires MySQL 5.5.8 or higher (see Compatibility section).
Configuration changes in 1.30
The "C.UTF-8" locale should be used for $wgShellLocale, if available, to avoid unexpected behavior when code uses locale-sensitive string comparisons. For example, the Scribunto extension considers "bar" < "Foo" in most locales since it ignores case.
$wgShellLocale now affects LC_ALL rather than only LC_CTYPE. See documentation of $wgShellLocale for details.
$wgShellLocale is now applied for all requests. wfInitShellLocale() is deprecated and a no-op, as it is no longer needed.
$wgJobClasses may now specify callback functions as an alternative to plain class names. This is intended for extensions that want control over the instantiation of their jobs, to allow for proper dependency injection.
$wgResourceModules may now specify callback functions as an alternative to plain class names, using the 'factory' key in the module description array. This allows dependency injection to be used for ResourceLoader modules.
$wgExceptionHooks has been removed.
(T163562) $wgRangeContributionsCIDRLimit was introduced to control the size of IP ranges that can be queried at Special:Contributions.
(T45547) $wgUsePigLatinVariant added (off by default).
(T152540) MediaWiki now supports a section ID escaping style that allows to display non-Latin characters verbatim on many modern browsers. This is controlled by the new configuration setting, $wgFragmentMode.
$wgExperimentalHtmlIds is now deprecated and will be removed in a future version, use $wgFragmentMode to migrate off it to a modern alternative.
$wgExternalInterwikiFragmentMode was introduced to control how fragments in sinterwikis going outside of current wiki farm are encoded.
(T120333) Soft-deprecated the use of PHP extension 'mysql' in favor of 'mysqli'. This PHP extension was deprecated in PHP 5.5 and removed in PHP 7.0. MediaWiki auto-selects the 'mysqli' driver since MediaWiki 1.22, except if explicitly requested through the configuration parameter $wgDBservers. However some maintenance scripts (bitnami?) still may rely on "mysql".
$wgOOUIEditPage was removed, as it is now the default. This was documented as a temporary variable during the migration period.
New features in 1.30
(T37247) Output from Parser::parse() will now be wrapped in a div with class="mw-parser-output" by default. This may be changed or disabled using ParserOptions::setWrapOutputClass().
(T163562) Added ability to search for contributions within an IP ranges at Special:Contributions.
Added 'ChangeTagsAllowedAdd' hook, enabling extensions to allow software- specific tags to be added by users.
Added a 'ParserOptionsRegister' hook to allow extensions to register additional parser options.
(T45547) Included Pig Latin, a language game in English, as a LanguageConverter variant. This allows English-speaking developers to develop and test LanguageConverter more easily. Pig Latin can be enabled by setting $wgUsePigLatinVariant to true.
Added RecentChangesPurgeRows hook to allow extensions to purge data that depends on the recentchanges table.
Added JS config values wgDiffOldId/wgDiffNewId to the output of diff pages.
(T2424) Added direct unwatch links to entries in Special:Watchlist (if the 'watchlistunwatchlinks' preference option is enabled). With JavaScript enabled, these links toggle so the user can also re-watch pages that have just been unwatched.
Added $wgParserTestMediaHandlers, where mock media handlers can be passed to MediaHandlerFactory for parser tests.
Edit summaries, block reasons, and other "comments" are now stored in a separate database table. Use the CommentFormatter class to access them.
This is currently gated by $wgCommentTableSchemaMigrationStage. Most wikis can set this to MIGRATION_NEW and run maintenance/migrateComments.php as soon as any necessary extensions are updated.
(T138166) Added ability for users to prohibit other users from sending them emails with Special:Emailuser. Can be enabled by setting $wgEnableUserEmailBlacklist to true.
(T67297) $wgBrowserBlackList is deprecated, and changing it will have no effect. Instead, users using browsers that do not support Unicode will be unable to edit and should upgrade to a modern browser instead.
External library changes in 1.30
Upgraded external libraries
Updated justinrainbow/json-schema from v3.0 to v5.2.
Updated mediawiki/mediawiki-codesniffer from v0.7.2 to v0.12.0.
Updated wikimedia/composer-merge-plugin from v1.4.0 to v1.4.1.
Updated wikimedia/relpath from v1.0.3 to v2.0.0.
Updated OOjs from v2.0.0 to v2.1.0.
Updated OOUI from v0.21.1 to v0.23.0.
Updated QUnit from v1.23.1 to v2.4.0.
Updated phpunit/phpunit from v4.8.35 to v4.8.36.
Upgraded Moment.js from v2.15.0 to v2.19.3.
New external libraries
The class \TestingAccessWrapper has been moved to the external library wikimedia/testing-access-wrapper and renamed \Wikimedia\TestingAccessWrapper.
Purtle, a fast, lightweight RDF generator.
Removed and replaced external libraries
…
Bug fixes in 1.30
(T151633) Ordered list items use now Devanagari digits in Nepalese (thanks to Sfic)
Action API changes in 1.30
(T37247) action=parse output will be wrapped in a div with class="mw-parser-output" by default. This may be changed or disabled using the new 'wrapoutputclass' parameter.
When errorformat is not 'bc', abort reasons from action=login will be formatted as specified by the error formatter parameters.
action=compare can now handle arbitrary text, deleted revisions, and returning users and edit comments.
(T164106) The 'rvdifftotext', 'rvdifftotextpst', 'rvdiffto', 'rvexpandtemplates', 'rvgeneratexml', 'rvparse', and 'rvprop=parsetree' parameters to prop=revisions are deprecated, as are the similarly named parameters to prop=deletedrevisions, list=allrevisions, and list=alldeletedrevisions. Use action=compare, action=parse, or action=expandtemplates instead.
Action API internal changes in 1.30
ApiBase::getDescriptionMessage() and the "apihelp-*-description" messages are deprecated. The existing message should be split between "apihelp-*-summary" and "apihelp-*-extended-description".
(T123931) Individual values of multi-valued parameters can now be marked as deprecated.
Languages updated in 1.30
MediaWiki supports over 350 languages. Many localisations are updated regularly. Below only new and removed languages are listed, as well as changes to languages because of Phabricator reports.
Added: kbp (Kabɩyɛ / Kabiyè)
Added: skr (Saraiki, سرائیکی)
Added: tay (Tayal / Atayal)
Removed: tokipona (Toki Pona)
Pig Latin added
(T45547) Added Pig Latin, a made-up English variant (en-x-piglatin), for easier variant development and testing. Disabled by default. It can be enabled by setting $wgUsePigLatinVariant to true.
Other changes in 1.30
The use of an associative array for $wgProxyList, where the IP address is in the key instead of the value, is deprecated (e.g. [ '127.0.0.1' => 'value' ]). Please convert these arrays to indexed/sequential ones (e.g. [ '127.0.0.1' ]).
mw.user.bucket (deprecated in 1.23) was removed.
LoadBalancer::getServerInfo() and LoadBalancer::setServerInfo() are deprecated. There are no known callers.
File::getStreamHeaders() was deprecated.
MediaHandler::getStreamHeaders() was deprecated.
Title::canTalk() was deprecated. The new Title::canHaveTalkPage() should be used instead.
MWNamespace::canTalk() was deprecated. The new MWNamespace::hasTalkNamespace() should be used instead.
The ExtractThumbParameters hook (deprecated in 1.21) was removed.
The OutputPage::addParserOutputNoText and ::getHeadLinks methods (both deprecated in 1.24) were removed.
wfMemcKey() and wfGlobalCacheKey() were deprecated. BagOStuff::makeKey() and BagOStuff::makeGlobalKey() should be used instead.
(T146304) Preprocessor handling of LanguageConverter markup has been improved. As a result of the new uniform handling, '-{' may need to be escaped (for example, as '-<nowiki/>{') where it occurs inside template arguments or wikilinks.
(T163966) Page moves are now counted as edits for the purposes of autopromotion, i.e., they increment the user_editcount field in the database.
Two new hooks, LogEventsListLineEnding and NewPagesLineEnding, were added for manipulating Special:Log and Special:NewPages lines.
The OldChangesListRecentChangesLine, EnhancedChangesListModifyLineData, PageHistoryLineEnding, ContributionsLineEnding and DeletedContributionsLineEnding hooks have an additional parameter, for manipulating HTML data attributes of RC/history lines. EnhancedChangesListModifyBlockLineData can do that via the $data['attribs'] subarray.
(T130632) The OutputPage::enableTOC() method was removed.
WikiPage::getParserOutput() will now throw an exception if passed ParserOptions that would pollute the parser cache. Callers should use WikiPage::makeParserOptions() to create the ParserOptions object and only change options that affect the parser cache key.
Article::viewRedirect() is deprecated.
IP::isValidBlock() was deprecated. Use the equivalent IP::isValidRange().
DeprecatedGlobal no longer supports passing in a direct value, it requires a callable factory function or a class name.
The $parserMemc global, wfGetParserCacheStorage(), and ParserCache::singleton() are all deprecated. The main ParserCache instance should be obtained from MediaWikiServices instead. Access to the underlying BagOStuff is possible through the new ParserCache::getCacheStorage() method.
.mw-ui-constructive CSS class (deprecated in 1.27) was removed.
Sanitizer::escapeId() was deprecated, use escapeIdForAttribute(), escapeIdForLink() or escapeIdForExternalInterwiki() instead.
Title::escapeFragmentForURL() was deprecated, use one of the aforementioned Sanitizer functions or, if possible, Title::getFragmentForURL().
Second parameter to Sanitizer::escapeIdReferenceList() ($options) now does nothing and is deprecated.
mw.util.escapeId() was deprecated, use escapeIdForAttribute() or escapeIdForLink().
MagicWord::replaceMultiple() (deprecated in 1.25) was removed.
WikiImporter now requires the second parameter to be an instance of the Config, class. Prior to that, the Config parameter was optional (a behavior deprecated in 1.25).
Removed 'jquery.mwExtension' module. (deprecated since 1.26)
mediawiki.ui: Deprecate greys, which are not part of WikimediaUI color palette any more.
CdbReader, CdbWriter, CdbException classes (deprecated in 1.25) were removed. The namespaced classes in the Cdb namespace should be used instead.
IPSet class (deprecated in 1.26) was removed. The namespaced IPSet\IPSet should be used instead.
RunningStat class (deprecated in 1.27) was removed. The namespaced RunningStat\RunningStat should be used instead.
MWMemcached and MemCachedClientforWiki classes (deprecated in 1.27) were removed. The MemcachedClient class should be used instead.
EditPage underwent some refactoring and deprecations:
EditPage::isOouiEnabled() is deprecated and will always return true.
EditPage::getSummaryInput() and ::getSummaryInputOOUI() are deprecated. Please use ::getSummaryInputWidget() instead.
EditPage::getCheckboxes() and ::getCheckboxesOOUI() are deprecated. Please use ::getCheckboxesWidget() instead.
Creating an EditPage instance without calling EditPage::setContextTitle() should be avoided and will be deprecated in a future release.
EditPage::safeUnicodeInput() and ::safeUnicodeOutput() are deprecated and no-ops.
EditPage::$isCssJsSubpage, ::$isCssSubpage, and ::$isJsSubpage are deprecated. The corresponding methods from Title should be used instead.
EditPage::$isWrongCaseCssJsPage is deprecated. There is no replacement.
EditPage::$mArticle and ::$mTitle are deprecated for public usage. The getters ::getArticle() and ::getTitle() should be used instead.
Trying to control or fake EditPage context by overriding $wgUser, $wgRequest, $wgOut, and $wgLang is no longer supported and won't work. The IContextSource returned from EditPage::getContext() must be modified instead.
Parser::getRandomString() (deprecated in 1.26) was removed.
Parser::uniqPrefix() (deprecated in 1.26) was removed.
Parser::extractTagsAndParams() now only accepts three arguments. The fourth, $uniq_prefix was deprecated in 1.26 and has now been removed.
(T172514) The following tables have had their UNIQUE indexes turned into proper PRIMARY KEYs for increased maintainability: categorylinks, imagelinks, iwlinks, langlinks, log_search, module_deps, objectcache, pagelinks, query_cache, site_stats, templatelinks, text, transcache, user_former_groups, user_properties.
IDatabase::nextSequenceValue() is no longer needed by any database backends (formerly it was needed by PostgreSQL and Oracle), and is now deprecated.
(T146591) The lc_lang_key index on the l10n_cache table has been changed into a PRIMARY KEY.
(T157227) bot_password.bp_user, change_tag.ct_log_id, change_tag.ct_rev_id, page_restrictions.pr_user, tag_summary.ts_log_id, tag_summary.ts_rev_id and user_properties.up_user have all been made unsigned on MySQL.
DB_SLAVE is deprecated. DB_REPLICA should be used instead.
wfUsePHP() is deprecated.
wfFixSessionID() was removed.
wfShellExec() and related functions are deprecated, use Shell::command(). This also slightly changes the behavior of how execution time limits are calculated when only some of defaults are overridden per-call. When in doubt, always override both wall clock and CPU time.
(T138166) SpecialEmailUser::getTarget() now requires a second argument, the sending user object. Using the method without the second argument is deprecated.
(T67297) Browsers that don't support Unicode will have their edits rejected.
(T178450) The module 'jquery.badge' is deprecated and will be removed in a future release. For notifying the user of an event, the Notifications ("Echo") system should be used instead.
(T178451) SECURITY: Potential XSS when $wgShowExceptionDetails = false and browser sends non-standard url escaping.
(T165846) SECURITY: BotPassword login attempts weren't throttled
Compatibility
MediaWiki 1.30 requires PHP 5.5.9 or later. There is experimental support for HHVM 3.6.5 or later.
MySQL/MariaDB is the recommended DBMS. PostgreSQL or SQLite can also be used, but support for them is somewhat less mature. There is experimental support for Oracle and Microsoft SQL Server.
The supported versions are:
MySQL 5.5.8 or later
PostgreSQL 8.3 or later
SQLite 3.3.7 or later
Oracle 9.0.1 or later
Microsoft SQL Server 2005 (9.00.1399)
Upgrading
1.30 has several database changes since 1.29, and will not work without schema updates. Note that due to changes to some very large tables like the revision table, the schema update may take a long time (minutes on a medium sized site, many hours on a large site).
Don't forget to always back up your database before upgrading!
See the file UPGRADE for more detailed upgrade instructions, including important information when upgrading from versions prior to 1.11.
For notes on 1.29.x and older releases, see HISTORY.
filebrowser_safe is a permanent fork of FileBrowser asset manager for Django,
to be referenced as a dependency for the Mezzanine CMS for Django.
At the time of filebrowser_safe's creation, FileBrowser was incorrectly
packaged on PyPI, and had also dropped compatibility with Django 1.1 -
filebrowser_safe was therefore created to address these specific issues.
grappelli_safe is a permanent fork of Grappelli admin skin for Django, to be
referenced as a dependency for the Mezzanine CMS for Django.
At the time of grappelli_safe's creation, Grappelli was incorrectly packaged
on PyPI, and had also dropped compatibility with Django 1.1 - grappelli_safe
was therefore created to address these specific issues.
3.7.7:
Fix typo to include *.mo locale files to packaging.
3.7.6:
Add missing *.ico icon files to packaging.
3.7.5
Add missing *.woff2 font files to packaging.
Add missing *.mo locale files to packaging.
nghttp2 v1.29.0:
lib
* NGHTTP2_REFUSED_STREAM is now used as an error code passed to nghttp2_on_stream_close_callback for streams which are closed by GOAWAY to indicate that they are safely retried.
build
* SPDY related code was completely removed.
nghttpx
* The commit which breaks load balancing among HTTP/2 backend in some situations has been reverted.
* The default value of --api-max-request-body option has been increased to 32MiB.
* The time to load the large number of backend options has been greatly improved.
* The crash with --backend-http-proxy-uri option has been fixed.
3.7.4:
Schema: Extract method for manual_fields processing
Allows for easier customisation of manual_fields processing, for example to provide per-method manual fields. AutoSchema adds get_manual_fields, as the intended override point, and a utility method update_fields, to handle by-name field replacement from a list, which, in general, you are not expected to override.
When using Microsoft Office with a WebDAV share, Office programs
will prompt for authentication each time they are started, even if
the share is already mounted.
The only way to prevent all behavior implement Microsoft Office
Forms Based Authentication (OFBA) protocol. This is what this
modules implements.
MS-OFBA is documented here
https://msdn.microsoft.com/en-us/library/office/cc313069%28v=office.12%29.aspx
Version 4.5.24:
Bugs Fixed
Using mod_wsgi in daemon mode on Solaris would cause a process hang or max out CPU usage. Caused by change of variable type to unsigned to get rid of compiler warnings, without fixing how condition check using variable was done.
Problem could also affect non Solaris systems if total number of HTTP headers and other variables passed in WSGI environ was greater than 1024. Affected Solaris all the time due to it having a limit of only 16 in operating system for same code, meaning hit problem immediately.
0.9.0:
Add support for Django 1.11 and 2.0
Drop unsupported django versions from test matrix (1.9, 1.10)
Add Danish and Ukrainian translations
Rollup the last year worth of minor bug fixes
Bugs Fixed
Incorrect check around whether apxs was present on system would result in pip install failing on Windows, and possibly also when using latest Xcode on MacOS X.
Version 0.6.2:
* Add support for OS chosen port in LiveServerTestCase
* Better error messages when missing required modules
* assertRedirects now supports all valid redirect codes as specified in the HTTP protocol
* Fixed bug that caused TypeError instead of AssertionError when testing against used templates
* Fixed bug in assertRedirects where the location was not being checked properly
Version 2.3.2
- Don't mask the parent table for single-table inheritance models.
Version 2.3.1
- If a model has a table name that matches an existing table in the metadata,
use that table. Fixes a regression where reflected tables were not picked up
by models.
- Raise the correct error when a model has a table name but no primary key.
- Fix repr on models that don't have an identity because they have not been
flushed yet.
- Allow specifying a max_per_page limit for pagination, to avoid users
specifying high values in the request args.
- For paginate with error_out=False, the minimum value for page is
1 and per_page is 0.
Version 2.3.0
- Multiple bugs with __tablename__ generation are fixed. Names will be
generated for models that define a primary key, but not for single-table
inheritance subclasses. Names will not override a declared_attr.
PrimaryKeyConstraint is detected.
- Passing an existing declarative_base() as model_class to
SQLAlchemy.__init__ will use this as the base class instead of creating
one. This allows customizing the metaclass used to construct the base.
- The undocumented DeclarativeMeta internals that the extension uses for
binds and table name generation have been refactored to work as mixins.
Documentation is added about how to create a custom metaclass that does not
do table name generation.
- Model and metaclass code has been moved to a new models module.
_BoundDeclarativeMeta is renamed to DefaultMeta; the old name will be
removed in 3.0.
- Models have a default repr that shows the model name and primary key.
- Fixed a bug where using init_app would cause connectors to always use the
current_app rather than the app they were created for. This caused issues
when multiple apps were registered with the extension.
Version 0.4.1:
- New config option USE_SESSION_FOR_NEXT to enable storing next url in session
instead of url.
- Accept int seconds along with timedelta for REMEMBER_COOKIE_DURATION.
- New config option FORCE_HOST_FOR_REDIRECTS to force host for redirects.
Version 7.43.0.1:
* WRITEHEADER/WRITEFUNCTION and WRITEDATA/WRITEFUNCTION can now
be set on the same handle. The last call will take precedence over
previous calls. Previously some combinations were not allowed.
* Fixed a crash when using WRITEDATA with a file-like object followed
by WRITEDATA with a real file object.
* Fixed a theoretical memory leak in module initialization.
* Added support for CURL_SSLVERSION_MAX_* constants.
* Added support for CURLSSH_AUTH_AGENT.
* Added support for CURLOPT_CONNECT_TO.
* Added support for CURLINFO_HTTP_VERSION.
* Fixed build against OpenSSL l.1 on Windows.
* Added set_ca_certs method to the Easy object to set CA certificates
from a string.
* Python 3.6 is now officially supported.
* Added support for CURLOPT_PROXY_CAPATH.
* C-Ares updated to 1.12.0 in Windows builds, fixing DNS resolution
issues on Windows.
* Added --openssl-lib-name="" option to support building against
OpenSSL 1.1.0 on Windows.
* Fixed a possible double free situation in all Curl objects
due to a misuse of the trashcan API.
* High level Curl objects can now be reused.
* LARGE options fixed under Windows and Python 3 (INFILESIZE,
MAX_RECV_SPEED_LARGE, MAX_SEND_SPEED_LARGE, MAXFILESIZE,
POSTFILESIZE, RESUME_FROM).
* Fixed compilation on Solaris.
* ENCODING option can now be unset
In django-registration 2.3, the new validators :func:`~registration.validators.validate_confusables` and :func:`~registration.validators.validate_confusables_email` were added, and are applied by default to the username field and email field, respectively, of registration forms. This may cause some usernames which previously were accepted to no longer be accepted, but like the reserved-name validator this change was made because its security benefits significantly outweigh the edge cases in which it might disallow an otherwise-acceptable username or email address. If for some reason you need to allow registration with usernames or email addresses containing potentially dangerous use of Unicode, you can subclass the registration form and remove these validators, though doing so is not recommended.
2.0.12:
Fixed MySQL error in get_deleted()
2.0.11:
Dramatically improved performance of get_deleted() over large datasets
Ukranian translation
Bugfixes
From upstream's changelog:
>From the Release Notes
(https://wiki.davical.org/index.php/Release_Notes/1.1.6):
Bug Fixes
=========
* Only one set of angle brackets around cannot-modify-protected-property error tag (#112)
* Fix sync of deleted events when hide_todo is set (#100)
* Modify hide_older_than logic to allow through recurring events (#103)
* Fix modified mapping in the LDAP driver (#108)
* Do not output unescaped XML special characters in if-match error message (#113)
* Don't crash on principal-property-search REPORT without a proper match clause (#114)
* Various CardDAV and CalDAV fixes highlighted by caldav-tester
* Fix $SERVER variable names used when operating behind a proxy (!38)
* Use modern class constructors that even work with PHP7 (fixes: #119)
* Card search invalid when negate-condition="no" (#126)
* Propagate database error to client (#127)
* Add a log entry for login failures (#105)
Other Changes
=============
* Updates to the test suites, which are mostly passing now
* Improved logging in certain error conditions
* Set $c->external_ua_string to fetch external calendars posing as a certain user-agent (#115)
* Improve parsing of RFC5545 durations
* Improve support for /principals/users/..., /principals/resources/...
and /__uids__/... URLs
* Improve use of create-database.sh and update-davical-database with non-default values (see #124)
* Experimental $c->enable_attendee_group_resolution will resolve
attendee group names to a list of individual users (from !21)
* Add support for calendar-user-type (!39)
* Update caldav_functions.sql for Postgresql 10 (#129)
Database Upgrade
================
* Run dba/upgrade-davical-database to get Postgresql-10-compatible functions
Upgrades of Other Software
==========================
* AWL 0.58 is required for best PHP7 compatibility
0.7.0:
Fixed a bug where trigger_events didn't actually trigger events in async create_server
Changed strict_slashes to be True by default
Changed Unauthorized exception __init__ to be more like the rest of the exceptions
Added an option to define a name for a route
Made the prefixes for the environment variables configurable
Fixed windows support where syslog raises an ImportError
Added support for vhosts in static routes
Split RequestTimeout, ResponseTimeout, and KeepAliveTimeout into different timeouts
Fixed Connection lost before response written
SanicTestClient now gets its own port
0.6.17:
Fixes 171: Adhere to Content Security Policy best practices by removing inline scripts.
Adopted to Django-2.0 keeping downwards compatibility until Django-1.9.
Changelog:
Fixed
Fix a video color distortion issue on YouTube and other video sites
with some AMD devices (bug 1417442)
Fix an issue with prefs.js when the profile path has non-ascii
characters (bug 1420427)
Various security fixes
Google map crashes on OSX with Intel HD Graphics 3000
Changed
Block injection of a client library associated with the RealPlayer
Free player which is known to cause performance problems in Firefox.
(Bug 1418535)
Security fixes:
Not available
Django 1.11.8 fixes several bugs in 1.11.7:
* Reallowed, following a regression in Django 1.10, AuthenticationForm to raise the inactive user error when using ModelBackend.
* Added support for QuerySet.values() and values_list() for union(), difference(), and intersection() queries.
* Fixed incorrect index name truncation when using a namespaced db_table.
* Made QuerySet.iterator() use server-side cursors on PostgreSQL after values() and values_list().
* Fixed crash on SQLite and MySQL when ordering by a filtered subquery that uses nulls_first or nulls_last.
* Made query lookups for CICharField, CIEmailField, and CITextField use a citext cast.
* Fixed a regression in caching of a GenericForeignKey when the referenced model instance uses multi-table inheritance.
* Fixed “Cannot change column ‘x’: used in a foreign key constraint” crash on MySQL with a sequence of AlterField and/or RenameField operations in a migration
Selenium 3.8.0
* Firefox options can now be imported from selenium.webdriver as FirefoxOptions
* Headless mode can now be set in Chrome Options using `set_headless`
* Headless mode can now be set in Firefox Options using `set_headless`
* Add the WebKitGTK WebDriver and options class
* Browser options can now be passed to remote WebDriver via the `options` parameter
* Browser option parameters are now standardized across drivers as `options`. `firefox_options`,
`chrome_options`, and `ie_options` are now deprecated
* Added missing W3C Error Codes
* Support has been removed for Python versions 2.6 and 3.3
2.0.1:
* Bugfix release to have HTTP response content message as the correct
"http.response.content" not the older "http.response.chunk".
2.0.0:
* Complete rewrite for new async-based ASGI mechanisms and removal of
channel layers.
2.3.5:
Fix compatibility with pytest 3.3+
2.3.4:
Make request.app point to proper application instance when using nested applications (with middlewares).
Change base class of ClientConnectorSSLError to ClientSSLError from ClientConnectorError.
Return client connection back to free pool on error in connector.connect().
v12.0.1
* Fixed issues importing cherrypy.test.webtest (by creating
a module and importing classes from cheroot) and added a
corresponding DeprecationWarning.
Mon Nov 27 22:24:00 MSK 2017
Releasing GNU libmicrohttpd 0.9.57. -EG
Mon Nov 27 21:36:00 MSK 2017
Updated README. -EG
Mon Nov 27 18:37:00 MSK 2017
Corrected names in W32 DLL resources.
Reordered and clarified configure summary message.
Additional compiler warning mutes for builds with various configure
parameters.
Fixed tests on Cygwin.
Used larger SETSIZE for Cygwin (same value as for native W32).
Minor fixes for Cygwin.
Added configure parameter to force disable usage of sendfile().
Minor testsuite fixes.
Really fixed builds with optimisation for size. -EG
Sat Nov 25 18:37:00 MSK 2017
Fixed build with optimisation for size. -EG
Fri Nov 24 20:14:02 CET 2017
Releasing GNU libmicrohttpd 0.9.56. -CG
Thu Nov 23 17:40:00 MSK 2017
Added MHD_FEATURE_SENDFILE enum value and report. -EG
Thu Nov 23 08:56:00 MSK 2017
Fixed receiving large requests in TLS mode with epoll.
Improved GnuTLS and libgcrypt detection in configure, do not ignore
flags in GNUTLS_{CFLAGS,LIBS} variables.
Added special trick for Solaris/Openindiana to find GnuTLS-3 with
right bitness.
Added support for Solaris sendfile(3) function.
Fixed dataraces with thread ID on W32 and pthread. Now check for
correct thread in MHD_queue_response() works correctly.
Fixed and silenced compiler warnings in tests and examples.
Removed usage of TLS flags in examples where TLS is not required.
Added support for MultiSSL in https tests with libcurl >= 7.56.0.
Improved detection of OFF_T_MAX, SIZE_MAX. Added macros for
SSIZE_MAX in mhd_limits.h. There are some platforms that really
require those macros.
Added support for Darwin's sendfile() function.
Updated .gitignore files.
Reworked mhd_sys_extentions.m4 with better support of modern
platforms, more reliable detection of required macros, and
detection of disabling of system-specific features by
_XOPEN_SOURCE macro. -EG
Wed Nov 1 20:43:00 MSK 2017
Mixed and muted many compiler warnings. Now GCC's flags
-Wall -Wextra could be used for building.
Fixed compilation of examples without libmagic.
Better detection of libgnutls in configure.
Reworked launch of nested configure in "po" directory to
prevent useless reconfiguration.
Fixed some wrong asserts.
Enabled "test_options" test.
Use "test_start_stop" without libcurl.
Use chunks with sendfile() to prevent locking thread for
single connection with large file.
Added support for FreeBSD's sendfile with additional
optimisations for FreeBSD 11.
Refactoring and improvements for MHD_start_daemon_va() and
MHD_stop_daemon().
Fixed testing with GnuTLS >= 3.6.0. -EG
Mon Oct 9 22:38:07 CEST 2017
Add MHD_free() to allow proper free()-ing of username/password
data returned via MHD_digest_auth_get_username() or
MHD_basic_auth_get_username_password() on Windows. -CG
Tue Sep 26 14:00:58 CEST 2017
Fixing race involving setting "at_limit" flag. -CG
Tue Sep 08 21:39:00 MSK 2017
Fixed build of examples when MHD build with non-pthread lib.
MHD_queue_response(): added check for using in correct thread.
Fixed sending responses larger 16 KiB in TLS mode with epoll.
Improved doxy for MHD_get_timeout() and related functions.
Minor internal refactoring. -EG
Tue Jul 23 11:32:00 MSK 2017
Updated chunked_example.c to provide real illustration of usage of
chunked encoding. -EG
Thu Jul 13 21:41:00 MSK 2017
Restored SIGPIPE suppression in TLS mode.
Added new value MHD_FEATURE_AUTOSUPPRESS_SIGPIPE so application could
check whether SIGPIPE handling is required.
Used GNUTLS_NONBLOCK for TLS sessions. -EG
Tue Jun 20 23:52:00 MSK 2017
Libgcrypt is now optional and required only for old GnuTLS versions. -EG
Wed Jun 14 21:42:00 MSK 2017
Added support for debug assert() and new configure parameter
--enable-asserts for debug builds.
Removed non-functional Symbian support. -EG
Mon Jun 05 23:34:00 MSK 2017
More internal refactoring:
merged MHD_tls_connection_handle_read/write() with non-TLS version,
reduced and unified number of layers for network processing (before
refactoring MHD_tls_connection_handle_read->MHD_connection_handle_read->
do_read->recv_tls_adapter->GnuTLS->recv_param_adapter - 5 MHD layers;
after refactoring MHD_connection_handle_read->recv_tls_adapter->GnuTLS -
2 MHD layers),
simplified and removed dead code from
MHD_connection_handle_read/write() without functional change. -EG
Mon Jun 05 22:20:00 MSK 2017
Internal refactoring:
used TCP sockets directly with GnuTLS (performance improvement),
moved some connection-related code from daemon.c to
connection.c/connection_https.c,
removed hacks around sendfile() and implemented correct support of
sendfile(),
removed do_read() and do_write() to reduce number of layer around send()
and recv() and to improve readability and maintainability of code,
implemented separate tracking of TLS layer state, independent of HTTP
connection stage. -EG
Sun Jun 04 15:02:00 MSK 2017
Improved thread-safety of MHD_add_connection() and
internal_add_connection(), minor optimisations. -EG
Curl and libcurl 7.57.0
o auth: add support for RFC7616 - HTTP Digest access authentication [12]
o share: add support for sharing the connection cache [31]
o HTTP: implement Brotli content encoding [28]
This release includes the following bugfixes:
o CVE-2017-8816: NTLM buffer overflow via integer overflow [47]
o CVE-2017-8817: FTP wildcard out of bounds read [48]
o CVE-2017-8818: SSL out of buffer access [49]
o curl_mime_filedata.3: fix typos [1]
o libtest: Add required test libraries for lib1552 and lib1553 [2]
o fix time diffs for systems using unsigned time_t [3]
o ftplistparser: memory leak fix: free temporary memory always [4]
o multi: allow table handle sizes to be overridden [5]
o wildcards: don't use with non-supported protocols [6]
o curl_fnmatch: return error on illegal wildcard pattern [7]
o transfer: Fix chunked-encoding upload too early exit [8]
o curl_setup: Improve detection of CURL_WINDOWS_APP [9]
o resolvers: only include anything if needed [10]
o setopt: fix CURLOPT_SSH_AUTH_TYPES option read
o appveyor: add a win32 build
o Curl_timeleft: change return type to timediff_t [11]
o cmake: Export libcurl and curl targets to use by other cmake projects [13]
o curl: in -F option arg, comma is a delimiter for files only [14]
o curl: improved ";type=" handling in -F option arguments
o timeval: use mach_absolute_time() on MacOS [15]
o curlx: the timeval functions are no longer provided as curlx_* [16]
o mkhelp.pl: do not generate comment with current date [17]
o memdebug: use send/recv signature for curl_dosend/curl_dorecv [18]
o cookie: avoid NULL dereference [19]
o url: fix CURLOPT_POSTFIELDSIZE arg value check to allow -1 [20]
o include: remove conncache.h inclusion from where its not needed
o CURLOPT_MAXREDIRS: allow -1 as a value [21]
o tests: Fixed torture tests on tests 556 and 650
o http2: Fixed OOM handling in upgrade request
o url: fix CURLOPT_DNS_CACHE_TIMEOUT arg value check to allow -1
o CURLOPT_INFILESIZE: accept -1 [22]
o curl: pass through [] in URLs instead of calling globbing error [23]
o curl: speed up handling of many URLs [24]
o ntlm: avoid malloc(0) for zero length passwords [25]
o url: remove faulty arg value check from CURLOPT_SSH_AUTH_TYPES [26]
o HTTP: support multiple Content-Encodings [27]
o travis: add a job with brotli enabled
o url: remove unncessary NULL-check
o fnmatch: remove dead code
o connect: store IPv6 connection status after valid connection [29]
o imap: deal with commands case insensitively [30]
o --interface: add support for Linux VRF [32]
o content_encoding: fix inflate_stream for no bytes available [33]
o cmake: Correctly include curl.rc in Windows builds [34]
o cmake: Add missing setmode check [35]
o connect.c: remove executable bit on file [36]
o SMB: fix uninitialized local variable
o zlib/brotli: only include header files in modules needing them [37]
o URL: return error on malformed URLs with junk after IPv6 bracket [38]
o openssl: fix too broad use of HAVE_OPAQUE_EVP_PKEY [39]
o macOS: Fix missing connectx function with Xcode version older than 9.0 [40]
o --resolve: allow IP address within [] brackets [41]
o examples/curlx: Fix code style [42]
o ntlm: remove unnecessary NULL-check to please scan-build [43]
o Curl_llist_remove: fix potential NULL pointer deref [43]
o mime: fix "Value stored to 'sz' is never read" scan-build error [43]
o openssl: fix "Value stored to 'rc' is never read" scan-build error [43]
o http2: fix "Value stored to 'hdbuf' is never read" scan-build error [43]
o http2: fix "Value stored to 'end' is never read" scan-build error [43]
o Curl_open: fix OOM return error correctly [43]
o url: reject ASCII control characters and space in host names [44]
o examples/rtsp: clear RANGE again after use [45]
o connect: improve the bind error message [46]
o make: fix "make distclean" [50]
o connect: add support for new TCP Fast Open API on Linux [51]
o metalink: fix memory-leak and NULL pointer dereference [52]
o URL: update "file:" URL handling [53]
o ssh: remove check for a NULL pointer [54]
o global_init: ignore CURL_GLOBAL_SSL's absense [55]
0.6.0:
Refactor import_row call by using keyword arguments
Added {{ block.super }} call in block bodyclass in admin/base_site.html
Add support for the Django DurationField with DurationWidget
GitHub bmihelac -> django-import-export Account Update
Add intersphinx links to documentation
Add Resource.get_import_fields()
Fixed readme mistake
Bugfix/fix m2m widget clean
Allow injection of context data for template rendered by import_action() and export_action()
Bugfix/fix exception in generate_log_entries()
Process import dataset and result in separate methods
Bugfix/fix error in converting exceptions to strings
Fix admin integration tests for the new "Import finished..." message, update Czech translations to 100% coverage.
Make import form type easier to override
Add saves_null_values attribute to Field to control whether null values are saved on the object
Add Bulgarian translations
Add django 1.11 to TravisCI
Make Signals code example format correctly in documentation
Add Django as requirement to setup.py
Update import of reverse for django 2.x
Add Django-version classifiers to setup.py’s CLASSIFIERS
Some fixes for Django 2.0
Strip whitespace when looking up ManyToMany fields
Fix all ResourceWarnings during tests in Python 3.x
Remove downloads count badge from README since shields.io no longer supports it for PyPi
Add coveralls support and README badge
Highlights:
- The new Postgres Data Source
- Create your own Annotations for the Graph panel
- Cloudwatch Alerting Support
- Prometheus query editor enhancements
Raven is a Python client for Sentry (https://sentry.io/). It provides full
out-of-the-box support for many of the popular frameworks, including Django,
Flask, and Pylons. Raven also includes drop-in support for any WSGI-compatible
web application.
Changes with nginx 1.13.7:
*) Bugfix: in the $upstream_status variable.
*) Bugfix: a segmentation fault might occur in a worker process if a
backend returned a "101 Switching Protocols" response to a
subrequest.
*) Bugfix: a segmentation fault occurred in a master process if a shared
memory zone size was changed during a reconfiguration and the
reconfiguration failed.
*) Bugfix: in the ngx_http_fastcgi_module.
*) Bugfix: nginx returned the 500 error if parameters without variables
were specified in the "xslt_stylesheet" directive.
*) Workaround: "gzip filter failed to use preallocated memory" alerts
appeared in logs when using a zlib library variant from Intel.
*) Bugfix: the "worker_shutdown_timeout" directive did not work when
using mail proxy and when proxying WebSocket connections.
nghttp2 v1.28.0
lib: Add nghttp2_error_callback2
build: Add deprecation warning when spdylay support is enabled
Switch to clang-format-5.0
examples: Make client and server work with libevent-2.1.8
third-party: Update neverbleed
integration: Fix issues reported by the go vet tool.
nghttpx: Fix affinity retry
nghttpx: Fix stalled backend connection on retry
nghttpx: Cookie based session affinity
nghttpx: Expose additional TLS related variables to mruby and accesslog
0.38 2017-11-23 19:02:15Z
- Make UA aware of base URLs which are defined in the <head> of an HTML
document (Olaf Alders)
- Ensure that handlers run in the expected order (Olaf Alders)
Update the minimum php version to 7.0.0
Update my email
Upstream changes:
Moodle 3.4:
Server requirements
These are just the minimum supported versions. We recommend keeping all of your software up-to-date.
Moodle upgrade: Moodle 3.0 or later (if upgrading from earlier versions, you must upgrade to 3.0.10 as a first step)
PHP version: minimum PHP 7.0.0 Note: minimum PHP version has increased since Moodle 3.3. PHP 7.1.x and 7.2.x are supported too. PHP 7.x could have some engine limitations.
PHP extension intl is now required in Moodle 3.4 (it was recommended in 2.0 onwards)
Database requirements
Moodle supports the following database servers. Again, version numbers are just the minimum supported version. We recommend running the latest stable version of any software.
Database Minimum version Recommended
PostgreSQL 9.3 Latest
MySQL 5.5.31 Latest
MariaDB 5.5.31 Latest
Microsoft SQL Server 2008 Latest
Oracle Database 10.2 Latest
Client requirements
Browser support
Moodle is compatible with any standards compliant web browser. We regularly test Moodle with the following browsers:
Desktop:
Chrome
Firefox
Safari
Edge
Internet Explorer
Mobile:
MobileSafari
Google Chrome
For the best experience and optimum security, we recommend that you keep your browser up to date. https://whatbrowser.org
Note: Legacy browsers with known compatibility issues with Moodle 3.4:
Internet Explorer 10 and below
Safari 7 and below
Major features
Calendar improvements
MDL-59333 - Calendar Improvements
MDL-1322 - Calendar entries in monthly view should include course shortname
MDL-59382 - Create calendar event quick-add
MDL-59390 - Add navigation of all calendar views without page reload
MDL-59394 - Add support for drag and drop of calendar events
MDL-59386 - Add support for creation and update of calendar events using a modal dialogue
MDL-59890 - Add support for calendar events at the category level
Management of course participants
MDL-59290 - Merge Course Participants and Enrolled Users pages
MDL-59564 - Add bulk editing of enrolment status/dates for users in the course participants page
MDL-59364 - Remove the "Brief / User Details" functionality from the participants page
MDL-59365 - Enrol Users button on participants page
MDL-59366 - Add filter controls to the participants page to allow custom filtering
MDL-59367 - Add a roles column to participants page
MDL-59368 - Add a groups column to the participants page
MDL-59369 - Add a status column to the participants page
MDL-59436 - Remove the columns from the participants page that are not in showuseridentity
MDL-59821 - Add "Proceed to course content" to participants page
Other highlights
MDL-57791 - Implement analytics engine in Moodle
MDL-59313 - Add links and a drop down to navigate between activities
MDL-37361 - Allow teachers to mark activities as completed
Backup, restore and import
MDL-35429 - Correct the permissions required to download and restore course automated backups
MDL-9367 - Restore with roll forward changes dates for user data
MDL-59518 - Restore date should not roll for user created data - Core components
Global search
MDL-55356 - Index contents of the restored courses
MDL-59523 - Course reset doesn't always shift dates
MDL-58957 - Global search: Make it possible to search blocks
MDL-59039 - Global search: Allow partial indexing (in scheduled task)
Authentication
MDL-30634 - Assign arbitrary system roles via LDAP sync
MDL-58544 - Add option to trust email of an OAuth provider
MDL-59844 - Enable OAuth 2 token-based authentication for requests in webdav_client
MDL-59459 - Global Search: Increase file indexing coverage
MDL-59913 - Global search: Allow search of non-enrolled courses
Functional changes
MDL-55358 - LIS Group Variables support in LTI
MDL-36501 - Should have checkbox for extra credit when you add a grade item
MDL-28574 - Web services: Manage tokens page should show tokens for all users
MDL-26976 - Display space used in My Private Files
MDL-35668 - Performance improvement in Server files repository
MDL-49398 - Performance improvement due to Role definition caching & accesslib refactoring
MDL-60002 - Assignment grading: Adding back "Save and show next"
MDL-58889 - Make section titles and course titles more accessible in Boost
MDL-57455 - Allow to tag database entries
MDL-36985 - Assignment: automatically remove embedded files that are no longer linked from submission text. Reduce the size of "Download all submissions"
MDL-59702 - Lesson overview report does not respect value of showuseridentity setting
MDL-59460 - Forum: make Subscription mode setting configurable
For administrators
Please read carefully: Possible issues that may affect you in Moodle 3.4
MDL-42834 - Deprecate loginhttps. Sites that used to use this setting will now be served via https always
MDL-46269 - Tool to convert http embedded content to https where available
MDL-58388 - Let the admin control if the course end date form field in course settings is enabled by default
MDL-60211 - New filters for User Tours
MDL-59123 - Compile SCSS files on the command-line
MDL-58567 - Upgrade: Show upgrade times
MDL-55652 - Missing index on (timemodified) in grade_items_history table and several other grade history tables. This will increase performance of various reports but may also slow down Moodle upgrade
MDL-60094 - Add CLI script to kill all sessions
MDL-59495 - Register and publish courses with moodle.net only, remove support for alternative hubs
MDL-59206 - Trigger an event in add_to_config_log function
MDL-57115 - Move "Messages" block out from the standard Moodle distribution
MDL-57734 - SEO - Create admin setting to be able to enable or disable search engine indexing for sites with forcelogin
MDL-60309 - Boost: Add a setting for background image
MDL-56751 - Create new security setting to configure the expiration time of tokens created via login/token.php or tool/mobile/launch.php
Security issues
MSA-17-0021 Students can find out email addresses of other students in the same course
This list only includes security issues fixed after 3.3.2 release. Refer to other release notes for security issues fixed in earlier releases.
For developers
MDL-60611 - Upgrade PHPUnit to 6.4 to ensure compatibility with PHP 7.2 - may require changes in unittests.
MDL-58948 - Compatibility with chrome mink driver
MDL-53169 - Provide a way to retrieve all courses a user can potentially access.
MDL-59459 - Global Search: Increase file indexing coverage
MDL-59277 - navigation_node doesn't support TYPE_CONTAINER in get_css_type()
MDL-58957 - Global search: Make it possible to search blocks. See the new \core_search\base_block class.
MDL-53240 - Form element and admin setting type to choose file types and type groups
MDL-53848 - Formslib - add function to $mform that makes it possible to hide form elements dependent on selected values
MDL-60234 - Add possibility to disable admin warning if a development libs directory exists
MDL-57886 - Plagiarism: onlinetext submission should pass raw submissiontext to plagiarism get_links()
Allow to run httpbin on fixed port using environment variables (thanks @hroncok)
Allow server to be thread.join()ed (thanks @graingert)
Add support for Python 3.6 (thanks @graingert)
Add comment about test failure.
However, that is currently only packaged in wip.
Add a comment about this for someone else to fix.
Add a comment about an upstream bug report for a test failure.
7.57 2017-11-18
- Fixed installation problems with some versions of Perl on Windows.
7.56 2017-11-14
- Added num check to Mojolicious::Validator.
- Improved built-in templates with high resolution logos.
Upstream changes (from NEWS):
== Ruby-GNOME2 3.2.1: 2017-11-19
This is a memory related bug fix release.
=== Changes
==== Ruby/GLib2
* Improvements
* (({GLib::Bytes#initialize})): Stopped to copy data for frozen
(({String})).
==== Ruby/GObjectIntrospection
* Fixes
* Fixed memory leaks for output parameters.
[GitHub#1113][Reported by Will Bryant]
==== Ruby/GIO2
* Improvements
* (({Gio::InputStream#read_all})): Made workable.
[GitHub#1110][Reported by Paul van Tilburg]
* (({Gio::InputStream#read})): If the given size is (({nil})),
read until EOF or error. It's compatible with Ruby's IO objects.
==== Ruby/GTK3
* Improvements
* Marked top-level windows automatically.
[GitHub#1103][Reported by cedlemo]
=== Thanks
* Paul van Tilburg
* cedlemo
* Will Bryant
2.3.3:
Having a ; in Response content type does not assume it contains a charset anymore.
Use getattr(asyncio, ‘async’) for keeping compatibility with Python 3.7.
Ignore NotImplementedError raised by set_child_watcher from uvloop.
Fix warning in ClientSession.__del__ by stopping to try to close it.
Fixed typo’s in Third-party libraries page. And added async-v20 to the list
Upstream changes:
MediaWiki 1.29.2
This is a security and maintenance release of the MediaWiki 1.29 branch.
Changes since 1.29.1
(T166757) Avoid scoped lock errors in Category::refreshCounts() due to nesting.
(T175439) Unbreak Postgres Updater when setting defaults for a column.
(T160298) Remove use of implicitGroupBy() in ActiveUsersPager.
Fixed login button label to accept RawMessage.
Fixed case of SpecialRecentChanges class usage.
(T174255) Declare uploadCount property in importDump.php.
(T163646) Pass a string not an int to mysql_real_escape_string().
(T180143) Bump justinrainbow/json-schema development dependency to ~5.2.
Updated dev dependancy phpunit/phpunit from v4.8.35 to v4.8.36.
(T178451) SECURITY: Potential XSS when $wgShowExceptionDetails = false and browser sends non-standard url escaping.
(T165846) SECURITY: BotPassword login attempts weren't throttled.
(T128209) SECURITY: Reflected File Download from api.php.
(T134100) SECURITY: Do not reveal if user exists during login failure.
(T176247) SECURITY: Ensure Message::rawParams can't lead to XSS.
(T125163) SECURITY: Make anchor for headlines escape > and <.
(T180237) SECURITY: Protect vendor folder with .htaccess.
(T180231) SECURITY: Remove PHPUnit file with known RCE if exists in update.php.
(T124404) SECURITY: XSS in langconverter when regex hits pcre.backtrack_limit.
(T119158) SECURITY: Handle -{}- syntax in attributes safely.
(T180488) (T125177) "api.log contains passwords in plaintext" wasn't correctly fixed in all branches in the previous security release.
3.4.7:
Features
* Implement exponents for numbers
* Implement long file path support for Windows
Fixes
* Error on quoted string in simple selector parsing
* Do not compress colors in selectors
* Fix issue when passing restargs to call
* Fix issue with attribute selector unification
* Improve wrapped pseudo selector handling
* Improve extend of wrapped pseudo selectors
* Fix propagation of named rest arguments
* Do not output invisible support blocks
* Various build makefile and CI related fixes
Upstream says:
You'll find below the changes of this bugfixes version:
- Rework mail attachments for notifications (inline images are now handled, ...),
- Fix ticket reopening,
- Fix operating system update on sub-entities,
- Fix issues on knowledge base items removal and display,
- Unset autoclose delay on fresh install,
- Improve private saved searches (with entities),
- Fix carriage return issues on tickets,
- Fix massive actions on operating systems,
- Fix migration issues from 9.1 and 9.2,
- Add support for other cache methods than APCu,
- Fix linear amortize calculation,
- Fix mail collector attachments owner,
- And many more!
Full ChangeLog:
<https://github.com/glpi-project/glpi/milestone/21?closed=1>
Upstream changes:
Highlights
MDL-59798 - Assignment: Show Due Date in calendar for teachers and managers
MDL-36580 - External Tool: backup/restore consumer key and secret (on the same site only)
MDL-57560 - Show file upload progress bar in Boost theme
MDL-37810 - List custom roles in the filter on Participants page
Security issues
A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
Fixes and improvements
MDL-52131 - Respect comment format in questions manual comments when Plain text area editor is used
MDL-55849 - Assignment: Reopening a group assignment should not create additional attempts for each group member
MDL-59909 - Fixed error in ad-hoc refresh_mod_calendar_events_task that caused exceptions and very long cron run time
MDL-59780 - Restore MathJax filter settings that were lost in previous upgrades
MDL-54540 - External tool: Allow to switch to full screen mode
MDL-51892 - Better explaination of the reason for failed logins in the logs report
MDL-57055 - Label resource: allow to access "Label administration" without Administration block on the "Edit label" page
MDL-53244 - Show error message when incorrect CAPTCHA is entered on sign-up page
MDL-57477 - Fixed configuration of PHP 7 sessions using memcached (3.x.x)
MDL-59854 - Forum: Avoid creating duplicate subscriptions due to race conditions
MDL-60366 - Feedback: fixed upgrade script (introduced in 3.1.6 and 3.2.3) that deleted valid multiple anonymous attempts. If your site was affected, please follow MDL-60592 for the script that restores accidentally deleted data.
Changelog:
Security fixes:
#CVE-2017-7828: Use-after-free of PressShell while restyling layout
Reporter
Nils
Impact
critical
Description
A use-after-free vulnerability can occur when flushing and resizing
layout because the PressShell object has been freed while still
in use. This results in a potentially exploitable crash during
these operations.
References
Bug 1406750
Bug 1412252
#CVE-2017-7830: Cross-origin URL information leak through Resource Timing API
Reporter
Jun Kokatsu
Impact
high
Description
The Resource Timing API incorrectly revealed navigations in cross-origin
iframes. This is a same-origin policy violation and could allow for
data theft of URLs loaded by users.
References
Memory safety bugs fixed in Firefox 57
#CVE-2017-7826: Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5
Reporter
Mozilla developers and community
Impact
critical
Description
Mozilla developers and community members Christian Holler, David
Keeler, Jon Coppeard, Julien Cristau, Jan de Mooij, Jason Kratzer,
Philipp, Nicholas Nethercote, Oriol Brufau, André Bargull, Bob Clary,
Jet Villegas, Randell Jesup, Tyson Smith, Gary Kwong, and Ryan VanderMeulen
reported memory safety bugs present in Firefox 56 and Firefox ESR 52.4.
Some of these bugs showed evidence of memory corruption and we presume
that with enough effort that some of these could be exploited to
run arbitrary code.
References
Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5
Changelog: New
A completely new browsing engine, designed to take full advantage
of the processing power in modern devices
A redesigned interface with a clean, modern appearance, consistent
visual elements, and optimizations for touch screens
A unified address and search bar. New installs will see this
unified bar. Learn how to add the stand-alone search bar to
the toolbar
A revamped new tab page that includes top visited sites, recently
visited pages, and recommendations from Pocket (in the US,
Canada, and Germany)
An updated product tour to orient new and returning Firefox
users
AMD VP9 hardware video decoder support for improved video
playback with lower power consumption
An expanded section in preferences to manage all website
permissions
Fixed
Various security fixes
Changed
Firefox now exclusively supports extensions built using the
WebExtension API, and unsupported legacy extensions will no
longer work. Learn more about our efforts to improve the
performance and security of extensions
The browser's autoscroll feature, as well as scrolling by
keyboard input and touch-dragging of scrollbars, now use
asynchronous scrolling. These scrolling methods are now similar
to other input methods like mousewheel, and provide a smoother
scrolling experience
The content process now has a stricter security sandbox that
blocks filesystem reading and writing on Linux, similar to the
protections for Windows and macOS that shipped in Firefox 56
Middle mouse paste in the content area no longer navigates to
URLs by default on Unix systems
Removed the toolbar Share button. If you relied on this feature,
you can install the Share Backported extension instead.
Some older versions of the ATOK IME, including ATOK 2006, 2008,
2009 and 2010, can cause crashes and are therefore disabled on
the Windows 64-bit version of Firefox Quantum. To fix those
incompatibility issues, please use a newer version of ATOK or
one of other IMEs.
The default font for Japanese text is now Meiryo
Security fixes:
CVE-2017-7828: Use-after-free of PressShell while restyling layout
Reporter
Nils
Impact
critical
Description
A use-after-free vulnerability can occur when flushing and resizing
layout because the PressShell object has been freed while still in
use. This results in a potentially exploitable crash during these
operations.
References
Bug 1406750 Bug 1412252
#CVE-2017-7830: Cross-origin URL information leak through Resource
Timing API
Reporter
Jun Kokatsu
Impact
high
Description
The Resource Timing API incorrectly revealed navigations in
cross-origin iframes. This is a same-origin policy violation and
could allow for data theft of URLs loaded by users.
References
Bug 1408990
#CVE-2017-7831: Information disclosure of exposed properties on
JavaScript proxy objects
Reporter
Oriol Brufau
Impact
moderate
Description
A vulnerability where the security wrapper does not deny access to
some exposed properties using the deprecated exposedProps mechanism
on proxy objects. These properties should be explicitly unavailable
to proxy objects.
References
Bug 1392026
#CVE-2017-7832: Domain spoofing through use of dotless 'i' character
followed by accent markers
Reporter
Jonathan Kew
Impact
moderate
Description
The combined, single character, version of the letter 'i' with any
of the potential accents in unicode, such as acute or grave, can
be spoofed in the addressbar by the dotless version of 'i' followed
by the same accent as a second character with most font sets. This
allows for domain spoofing attacks because these combined domain
names do not display as punycode.
References
Bug 1408782
#CVE-2017-7833: Domain spoofing with Arabic and Indic vowel marker
characters
Reporter
Rayyan Bijoora
Impact
moderate
Description
Some Arabic and Indic vowel marker characters can be combined with
Latin characters in a domain name to eclipse the non-Latin character
with some font sets on the addressbar. The non-Latin character will
not be visible to most viewers. This allows for domain spoofing
attacks because these combined domain names do not display as
punycode.
References
Bug 1370497
#CVE-2017-7834: data: URLs opened in new tabs bypass CSP protections
Reporter
Jordi Chancel
Impact
moderate
Description
A data: URL loaded in a new tab did not inherit the Content Security
Policy (CSP) of the original page, allowing for bypasses of the
policy including the execution of JavaScript. In prior versions
when data: documents also inherited the context of the original
page this would allow for potential cross-site scripting (XSS)
attacks.
References
Bug 1358009
#CVE-2017-7835: Mixed content blocking incorrectly applies with
redirects
Reporter
Ben Kelly
Impact
moderate
Description
Mixed content blocking of insecure (HTTP) sub-resources in a secure
(HTTPS) document was not correctly applied for resources that
redirect from HTTPS to HTTP, allowing content that should be blocked,
such as scripts, to be loaded on a page.
References
Bug 1402363
#CVE-2017-7836: Pingsender dynamically loads libcurl on Linux and
OS X
Reporter
Ezra Caltum
Impact
moderate
Description
The "pingsender" executable used by the Firefox Health Report
dynamically loads a system copy of libcurl, which an attacker could
replace. This allows for privilege escalation as the replaced
libcurl code will run with Firefox's privileges. Note: This attack
requires an attacker have local system access and only affects OS
X and Linux. Windows systems are not affected.
References
Bug 1401339
#CVE-2017-7837: SVG loaded as <img> can use meta tags to set cookies
Reporter
Jun Kokatsu
Impact
moderate
Description
SVG loaded through <img> tags can use <meta> tags within the SVG
data to set cookies for that page.
References
Bug 1325923
#CVE-2017-7838: Failure of individual decoding of labels in
international domain names triggers punycode display of entire IDN
Reporter
Corey Bonnell
Impact
low
Description
Punycode format text will be displayed for entire qualified
international domain names in some instances when a sub-domain
triggers the punycode display instead of the primary domain being
displayed in native script and the sub-domain only displaying as
punycode. This could be used for limited spoofing attacks due to
user confusion.
References
Bug 1399540
#CVE-2017-7839: Control characters before javascript: URLs defeats
self-XSS prevention mechanism
Reporter
Eric Lawrence
Impact
low
Description
Control characters prepended before javascript: URLs pasted in the
addressbar can cause the leading characters to be ignored and the
pasted JavaScript to be executed instead of being blocked. This
could be used in social engineering and self-cross-site-scripting
(self-XSS) attacks where users are convinced to copy and paste text
into the addressbar.
References
Bug 1402896
#CVE-2017-7840: Exported bookmarks do not strip script elements
from user-supplied tags
Reporter
Hanno Bock
Impact
low
Description
JavaScript can be injected into an exported bookmarks file by
placing JavaScript code into user-supplied tags in saved bookmarks.
If the resulting exported HTML file is later opened in a browser
this JavaScript will be executed. This could be used in social
engineering and self-cross-scripting (self-XSS) attacks if users
were convinced to add malicious tags to bookmarks, export them,
and then open the resulting file.
References
Bug 1366420
#CVE-2017-7842: Referrer Policy is not always respected for <link>
elements
Reporter
Jun Kokatsu
Impact
low
Description
If a document's Referrer Policy attribute is set to "no-referrer"
sometimes two network requests are made for <link> elements
instead of one. One of these requests includes the referrer instead
of respecting the set policy to not include a referrer on requests.
References
Bug 1397064
#CVE-2017-7827: Memory safety bugs fixed in Firefox 57
Reporter
Mozilla developers and community
Impact
critical
Description
Mozilla developers and community members Boris Zbarsky, Carsten Book,
Christian Holler, Byron Campen, Jan de Mooij, Jason Kratzer,
Jesse Schwartzentruber, Marcia Knous, Randell Jesup, Tyson Smith,
and Ting-Yu Chou reported memory safety bugs present in Firefox 56.
Some of these bugs showed evidence of memory corruption and we presume
that with enough effort that some of these could be exploited to run
arbitrary code.
References
Memory safety bugs fixed in Firefox 57
#CVE-2017-7826: Memory safety bugs fixed in Firefox 57 and Firefox
ESR 52.5
Reporter
Mozilla developers and community
Impact
critical
Description
Mozilla developers and community members Christian Holler, David
Keeler, Jon Coppeard, Julien Cristau, Jan de Mooij, Jason Kratzer,
Philipp, Nicholas Nethercote, Oriol Brufau, André Bargull, Bob
Clary, Jet Villegas, Randell Jesup, Tyson Smith, Gary Kwong, and
Ryan VanderMeulen reported memory safety bugs present in Firefox
56 and Firefox ESR 52.4. Some of these bugs showed evidence of
memory corruption and we presume that with enough effort that some
of these could be exploited to run arbitrary code.
References
Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5
# Contao core bundle change log
### 4.4.8 (2017-11-15)
* Prevent SQL injections in the back end search panel (see CVE-2017-16558).
* Support class named services in System::import() and System::importStatic()
(see #1176).
* Only show pretty error screens on Contao routes (see #1149).
# Contao listing bundle change log
### 4.4.8 (2017-11-15)
* Prevent SQL injections in the listing module (see CVE-2017-16558).
0.14.2:
Restore strict parameter as no-op in quote/unquote
0.14.1:
Restore strict parameter as no-op for sake of compatibility with aiohttp 2.2
0.14.0:
Drop strict mode
Fix “ValueError: Unallowed PCT %” when there’s a “%” in the url
Changelog:
Based on Firefox 52.4.1
SeaMonkey-specific changes
SeaMonkey should no longer crash when you start it or try to use the mail feature on OS X 10.12 or greater.
You were not always prompted for authentication in SeaMonkey 2.48 under certain scenarios resulting in login failures. The problem, tracked in bug 1347857, has been fixed.
Mail and News: The way images are included in a compose window has changed. Images are now included as data URIs and not as references to parts of other messages or operating system files. This allows better interoperability with office packages such as MS Office or LibreOffice. Images linked from locations on the internet will no longer be downloaded and attached to the message automatically. This can be changed globally by setting the preference mail.compose.attach_http_images.
Language support for nb-NO has been re-added.
SeaMonkey now uses gtk3 on Linux. If you experience a problem because of this please file a bug and link it to Switch Linux builds to GTK3 with SeaMonkey 2.49. Pleae try another OS theme first. Some of them are buggy and cause problems with SeaMonkey, Thunderbird and Firefox.
Quotes are now colored differently in Mails bug 1374708.
Under OSX the left panes in Bookmarks Manager, MailNews and Address Book are now styled like finder panes. See bug 1095904.
Quotes are now colored differently in Mails up to 5 levels deep depending on your OS. See bug 1374708. This may break custom themes for email composition because a new style sheet named "messageQuotes.css" has been added.
6.29 2017-11-06
- Fix some version numbers
6.28 2017-11-06
- Remove last use of Geopt::Std (Sergey Remanov) (GH #267)
- Include unmatched connect error in status string (Patrik Lundin) (GH #269)
- Fix insecure open FILEHANDLE,EXPR (Takumi Akiyama) (GH #270)
0.18 2017-11-03T15:01:43Z
- Added URI::redshift to support db:redshift: URIs, thanks to a pull
request from Steve Caldwell (PR #12).
- Added URI::exasol, thanks to Johan Wärlander.
7.55 2017-11-06
- Added -role flag to Mojo::Base. (jberger)
- Improved tablify function in Mojo::Util to work with non-rectangular arrays.
(CandyAngel, jabberwok)
- Improved Windows compatibility of Mojo::Server::Daemon.
7.54 2017-11-05
- Fixed a bug in Mojo::Promise where promise chains could not recover from
rejections.
7.53 2017-11-04
- Added module Mojo::Promise.
- Improved Mojo::IOLoop::Delay to be a subclass of Mojo::Promise.
7.52 2017-11-02
- Added delete_p, get_p, head_p, options_p, patch_p, post_p, put_p and start_p
methods to Mojo::UserAgent.
7.51 2017-10-31
- Added -signatures flag to Mojo::Base and Mojolicious::Lite.
- Added support for new HTTP status code.
- Improved ojo to enable subroutine signatures automatically on Perl 5.20+.
7.50 2017-10-30
- Deprecated error and finish events in Mojo::IOLoop::Delay. Since there is no
good way to warn our users about this deprecation, it will be in effect
until the next major release. Where we will also change the base class from
Mojo::EventEmitter to Mojo::Base.
- Improved documentation browser with links to MetaCPAN.
7.49 2017-10-28
- Deprecated Mojo::IOLoop::Delay::data and Mojo::IOLoop::Delay::remaining.
- Added Promises/A+ support. Note that Mojo::IOLoop::Delay previously
inherited a catch method from Mojo::EventEmitter that was passed the error
message as second argument instead of the first, so you might have to change
$delay->catch(sub { my ($delay, $error) = @_; ... });
to
$delay->catch(sub { my ($error) = @_; ... });
- Added all, catch, finally, race and then methods to Mojo::IOLoop::Delay.
- Updated jQuery to version 3.2.1.
0.14 Sat, 28 Oct 2017 14:53:00 +0100
- Further improvements to the path handling to fix a bug with
specifying the base directory using a relative path. Closes:
https://rt.cpan.org/Public/Bug/Display.html?id=123428
Geckodriver provides the HTTP API described by the W3C WebDriver protocol to
communicate with Gecko browsers, such as Firefox. It translates calls into
the Firefox remote protocol by acting as a proxy between the local- and remote
ends. This is used by browser automation frameworks such as Selenium.
Version 3.7.3:
Fix AppRegistryNotReady error importing contrib.auth views
Version 3.7.2:
Fixed Django 2.1 compatibility due to removal of django.contrib.auth.login()/logout() views.
Add missing import for TextLexer.
Adding examples and documentation for caching
Include date and date-time format for schema generation
Use triple backticks for markdown code blocks
Interactive docs - make bottom sidebar items sticky
Clarify pagination system check
Stop JSONBoundField mangling invalid JSON
Have JSONField render as textarea in Browsable API
Schema: Exclude OPTIONS/HEAD for ViewSet actions
Fix ordering for dotted sources
Fix: Fields with allow_null=True should imply a default serialization value
Ensure Location header is strictly a 'str', not subclass.
Add import to example in api-guide/parsers
Catch OverflowError for "out of range" datetimes
Add djangorestframework-rapidjson to third party packages
Increase test coverage for drf_create_token command
Add trove classifier for Python 3.6 support.
Add pip cache support to the Travis CI configuration
Rename [wheel] section to [bdist_wheel] as the former is legacy
Fix invalid escape sequence deprecation warnings
Add interactive docs error template
Add rounding parameter to DecimalField
Fix all BytesWarning caught during tests
Use dict and set literals instead of calls to dict() and set()
Change ImageField validation pattern, use validators from DjangoImageField
Fix processing unicode symbols in query_string by Python 2
5.2.1
Add more border width to codemirror cursor.
Fix nbconvert handler.
Fix the prompt_area argument of the output area constructor.
Handle a compound extension in new_untitled.
Allow disabling offline message buffering
Drupal is a free web Content Management System (CMS) that allows an
individual or a community of users to easily publish, manage and organize a
wide variety of content on a website.
Drupal is ready to go from the moment you download it. It even has an
easy-to-use web installer! The built-in functionality, combined with dozens
of freely available add-on modules, will enable features such as: Content
Management Systems, Blogs, Collaborative authoring environments, Forums,
Peer-to-peer networking, Newsletters, Podcasting, Picture galleries, File
uploads/downloads and much more.
- Install bin/gunicorn and bin/gunicorn_paster with the PYVERSSUFFIX appended at
the end in order to be used by both Python 2 and a Python 3 package
- Adjust PLIST for bin/gunicorn{,_paster} and for all the files installed as
part of DOCDIR and EXAMPLESDIR
PKGREVISION++
4.0:
Warning: Version 4.0 enables compression with the permessage-deflate extension.
In August 2017, Firefox and Chrome support it, but not Safari and IE.
Compression should improve performance but it increases RAM and CPU use.
If you want to disable compression, add compression=None when calling :func:`~server.serve()` or :func:`~client.connect()`.
Warning: Version 4.0 removes the ``state_name`` attribute of protocols.
Use protocol.state.name instead of protocol.state_name.
Also:
:class:`~protocol.WebSocketCommonProtocol` instances can be used as asynchronous iterators on Python ≥ 3.6. They yield incoming messages.
Added :func:`~websockets.server.unix_serve` for listening on Unix sockets.
Added the :attr:`~websockets.server.WebSocketServer.sockets` attribute.
Reorganized and extended documentation.
Aborted connections if they don't close within the configured timeout.
Rewrote connection termination to increase robustness in edge cases.
Stopped leaking pending tasks when :meth:`~asyncio.Task.cancel` is called on a connection while it's being closed.
Reduced verbosity of "Failing the WebSocket connection" logs.
Allowed extra_headers to override Server and User-Agent headers.
WordPress versions 4.8.2 and earlier are affected by an issue where
$wpdb->prepare() can create unexpected and unsafe queries leading to potential
SQL injection (SQLi). WordPress core is not directly vulnerable to this issue,
but we’ve added hardening to prevent plugins and themes from accidentally
causing a vulnerability. Reported by Anthony Ferrara.
2.3.2:
Fix passing client max size on cloning request obj.
Fix ClientConnectorSSLError and ClientProxyConnectionError for proxy connector.
Drop generated _http_parser shared object from tarball distribution.
Fix connector convert OSError to ClientConnectorError.
Fix connection attempts for multiple dns hosts.
Fix ValueError for AF_INET6 sockets if a preexisting INET6 socket to the aiohttp.web.run_app function.
_SessionRequestContextManager closes the session properly now.
Rename from_env to trust_env in client reference.
2.3.1:
Relax attribute lookup in warning about old-styled middleware
0.3.6:
* Use html5-parser for parsing HTML, when available instead of html5lib
for a big performance boost.
* Fix error when trying to submit forms with non-ascii values on systems
where the default encoding is ascii.
* Fix errors on python environments with broken threading
v1.0.1
Added: Add dictionary representations of Path, Query, Fragment, and furl objects
via an asdict() method.
v1.0.0
Added: Test against Python 3.6.
Changed: Bumped the version number to v1.0 to signify that furl is a mature and
stable library. Furl has been marked Production/Stable in setup.py for a long
time anyhow -- it's high time for the version number to catch up.
1.11.7:
Bugfixes
* Prevented cache.get_or_set() from caching None if the default argument is a callable that returns None.
* Fixed the Basque DATE_FORMAT string.
* Made QuerySet.reverse() affect nulls_first and nulls_last.
* Fixed unquoted table names in Subquery SQL when using OuterRef
Notable changes:
- A fix for CVE-2017-12617.
- Add ExtractingRoot, a new WebResourceRoot implementation that extracts
JARs to the work directory for improved performance when deploying
packed WAR files.
- Update the packaged version of the Tomcat Native Library to 1.2.14
Full changelog:
https://tomcat.apache.org/tomcat-8.0-doc/changelog.html
Upstream changes:
1.58 2017-10-29
- Redid the release because of some dzil issues. 1.57 might be a little
wonky.
1.57 2017-10-29
[ BUG FIXES ]
- Fix test failures under 5.26.0+ due to "." no longer being in @INC. PR
By Kent Fredric. GH #6. Fixed RT #121443.
Changes with nginx 1.13.6 10 Oct 2017
*) Bugfix: switching to the next upstream server in the stream module
did not work when using the "ssl_preread" directive.
*) Bugfix: in the ngx_http_v2_module.
Thanks to Piotr Sikora.
*) Bugfix: nginx did not support dates after the year 2038 on 32-bit
platforms with 64-bit time_t.
*) Bugfix: in handling of dates prior to the year 1970 and after the
year 10000.
*) Bugfix: in the stream module timeouts waiting for UDP datagrams from
upstream servers were not logged or logged at the "info" level
instead of "error".
*) Bugfix: when using HTTP/2 nginx might return the 400 response without
logging the reason.
*) Bugfix: in processing of corrupted cache files.
*) Bugfix: cache control headers were ignored when caching errors
intercepted by error_page.
*) Bugfix: when using HTTP/2 client request body might be corrupted.
*) Bugfix: in handling of client addresses when using unix domain
sockets.
*) Bugfix: nginx hogged CPU when using the "hash ... consistent"
directive in the upstream block if large weights were used and all or
most of the servers were unavailable.
Changes with nginx 1.12.2:
*) Bugfix: client SSL connections were immediately closed if deferred
accept and the "proxy_protocol" parameter of the "listen" directive
were used.
*) Bugfix: client connections might be dropped during configuration
testing when using the "reuseport" parameter of the "listen"
directive on Linux.
*) Bugfix: incorrect response length was returned on 32-bit platforms
when requesting more than 4 gigabytes with multiple ranges.
*) Bugfix: switching to the next upstream server in the stream module
did not work when using the "ssl_preread" directive.
*) Bugfix: when using HTTP/2 client request body might be corrupted.
*) Bugfix: in handling of client addresses when using unix domain
sockets.
Changelog:
56.0.2:
fixed:
Disable Form Autofill completely on user request (Bug 1404531)
Fix for video-related crashes on Windows 7 (Bug 1409141)
Correct detection for 64-bit GSSAPI authentication (Bug 1409275)
Fix for shutdown crash (Bug 1404105)
56.0.1:
fixed:
Block D3D11 when using Intel drivers on Windows 7 systems
with partial AVX support (bug 1403353)
changed:
Users of 32-bit Firefox on 64-bit Windows are migrated to
64-bit Firefox for increased stability and security.
nghttp2 v1.27.0
build: Fixed accidental compiler flags concatenation for MSVC
build: Reduce libxml2 version requirement to 2.6.26
asio: Support for Windows / MinGW
h2load: Print out h2 header fields with --verbose option
nghttpx: Send non-final response to HTTP/1.1 or HTTP/2 client only
Changelog:
A fix for CVE-2017-12617.
Stricter validation of the HTTP Host header.
Add ExtractingRoot, a new WebResourceRoot implementation that extracts JARs to the work directory for improved performance when deploying packed WAR files.
Added support for the OpenSSL SSL_CONF API. To support this the minimum required Tomcat Native version is 1.2.14.
- 1.4.47
* [mod_authn_gssapi] needs -lcom_err under Darwin
* [core] stricter validation of request-URI begin
* [core] fix 1.4.46 regression in config match
* [core] normalize config addrs for != match
* [core] normalize config addrs for eq and ne
* [doc] use https:// URLs to .lighttpd.net resources
* [core] fix 1.4.46 regression in Last-Modified
Changes with Apache 2.4.29
*) mod_unique_id: Use output of the PRNG rather than IP address and
pid, avoiding sleep() call and possible DNS issues at startup,
plus improving randomness for IPv6-only hosts.
*) mod_rewrite, core: Avoid the 'Vary: Host' response header when HTTP_HOST
is used in a condition that evaluates to true.
*) mod_http2: v0.10.12, removed optimization for mutex handling in bucket
beams that could lead to assertion failure in edge cases.
*) mod_proxy: Fix regression for non decimal loadfactor parameter introduced
in 2.4.28.
*) mod_authz_dbd: fix a segmentation fault if AuthzDBDQuery is not set.
*) mod_rewrite: Add support for starting External Rewriting Programs
as non-root user on UNIX systems by specifying username and group
name as third argument of RewriteMap directive.
*) core: Rewrite the Content-Length filter to avoid excessive memory
consumption. Chunked responses will be generated in more cases
than in previous releases.
*) mod_ssl: Fix SessionTicket callback return value, which does seem to
matter with OpenSSL 1.1.
3.3.7.0
-------
* Most likely to be the last major Bootstrap 3 release (see
https://github.com/twbs/bootstrap/issues/20631). Make sure you pin
Flask-Bootstrap's version to `<4` to avoid inadvertent updates.
pkgsrc changes:
- Remove patches/patch-libsvgtiny_src_svgtiny__internal.h, fixed differently by
upstream
- Remove patches/patch-nsgenbind* all of them were from upstream and no more
needed
Changes:
3.7
---
NetSurf 3.7 features performance improvements, improved page layout, and many
fixes. Also new is a treeview search feature, which allows Hotlist (Bookmarks),
History and Cookies to be searched.
Curl and libcurl 7.56.1
This release includes the following bugfixes:
o imap: if a FETCH response has no size, don't call write callback
o ftp: UBsan fixup 'pointer index expression overflowed
o failf: skip the sprintf() if there are no consumers
o fuzzer: move to using external curl-fuzzer
o lib/Makefile.m32: allow customizing dll suffixes
o docs: fix typo in curl_mime_data_cb man page
o darwinssl: add support for TLSv1.3
o build: fix --disable-crypto-auth
o lib/config-win32.h: let SMB/SMBS be enabled with OpenSSL/NSS
o openssl: fix build without HAVE_OPAQUE_EVP_PKEY
o strtoofft: Remove extraneous null check
o multi_cleanup: call DONE on handles that never got that
o tests: added flaky keyword to tests 587 and 644
o pingpong: return error when trying to send without connection
o remove_handle: call multi_done() first, then clear dns cache pointer
o mime: be tolerant about setting twice the same header list in a part.
o mime: improve unbinding top multipart from easy handle.
o mime: avoid resetting a part's encoder when part's contents change.
o mime: refuse to add subparts to one of their own descendants
o RTSP: avoid integer overflow on funny RTSP responses
o curl: don't pass semicolons when parsing Content-Disposition
o openssl: enable PKCS12 support for !BoringSSL
o FAQ: s/CURLOPT_PROGRESSFUNCTION/CURLOPT_XFERINFOFUNCTION
o CURLOPT_NOPROGRESS.3: also refer to xferinfofunction
o CURLOPT_XFERINFODATA.3: fix duplicate see also
o test298: verify --ftp-method nowcwd with URL encoded path
o FTP: URL decode path for dir listing in nocwd mode
o smtp_done: fix memory leak on send failure
o ftpserver: support case insensitive commands
o test950; verify SMTP with custom request
o openssl: don't use old BORINGSSL_YYYYMM macros
o setopt: update current connection SSL verify params
o winbuild/BUILD.WINDOWS.txt: mention WITH_NGHTTP2
o curl: reimplement stdin buffering in -F option
o mime: keep "text/plain" content type if user-specified
o mime: fix the content reader to handle >16K data properly
o configure: remove the C++ compiler check
o memdebug: trace send, recv and socket
o runtests: use valgrind for torture as well
o ldap: silence clang warning
o makefile.m32: allow to override gcc, ar and ranlib
o setopt: avoid integer overflows when setting millsecond values
o setopt: range check most long options
o ftp: reject illegal IP/port in PASV 227 response
o mime: do not reuse previously computed multipart size
o vtls: change struct Curl_ssl `close' field name to `close_one'
o os400: add missing symbols in config file
o mime: limit bas64-encoded lines length to 76 characters
o mk-ca-bundle: Remove URL for aurora
o mk-ca-bundle: Fix URL for NSS
2.0.29:
- Bugfix: Preserve submit order for radio inputs.
- Fixed 186: avoid UnicodeDecodeError in linter with py2 when a header contain
non ascii chars
2.3.0:
Features
--------
Add SSL related params to ClientSession.request
Make enable_compression work on HTTP/1.0
Deprecate registering synchronous web handlers
Switch to multidict 3.0. All HTTP headers preserve casing now but compared in case-insensitive way.
Improvement for normalize_path_middleware. Added possibility to handle URLs with query string.
Use towncrier for CHANGES.txt build
Implement trust_env=True param in ClientSession.
Added variable to customize proxy headers
Implement router.add_routes and router decorators.
Deprecated BaseRequest.has_body in favor of BaseRequest.can_read_body Added BaseRequest.body_exists attribute that stays static for the lifetime of the request
Provide BaseRequest.loop attribute
Make _CoroGuard awaitable and fix ClientSession.close warning message
Responses to redirects without Location header are returned instead of raising a RuntimeError
Added get_client, get_server, setUpAsync and tearDownAsync methods to AioHTTPTestCase
Add automatically a SafeChildWatcher to the test loop
add ability to disable automatic response decompression
Add support for throttling DNS request, avoiding the requests saturation when there is a miss in the DNS cache and many requests getting into the connector at the same time.
Use request for getting access log information instead of message/transport pair. Add RequestBase.remote property for accessing to IP of client initiated HTTP request.
json() raises a ContentTypeError exception if the content-type does not meet the requirements instead of raising a generic ClientResponseError.
Make the HTTP client able to return HTTP chunks when chunked transfer encoding is used.
add append_version arg into StaticResource.url and StaticResource.url_for methods for getting an url with hash (version) of the file.
Fix parsing the Forwarded header. * commas and semicolons are allowed inside quoted-strings; * empty forwarded-pairs (as in for=_1;;by=_2) are allowed; * non-standard parameters are allowed (although this alone could be easily done in the previous parser).
Don’t require ssl module to run. aiohttp does not require SSL to function. The code paths involved with SSL will only be hit upon SSL usage. Raise RuntimeError if HTTPS protocol is required but ssl module is not present.
Accept coroutine fixtures in pytest plugin
Call shutdown_asyncgens before event loop closing on Python 3.6.
Speed up Signals when there are no receivers
Raise InvalidURL instead of ValueError on fetches with invalid URL.
Move DummyCookieJar into cookiejar.py
run_app: Make print=None disable printing
Support brotli encoding (generic-purpose lossless compression algorithm)
Add server support for WebSockets Per-Message Deflate. Add client option to add deflate compress header in WebSockets request header. If calling ClientSession.ws_connect() with compress=15 the client will support deflate compress negotiation.
Support verify_ssl, fingerprint, ssl_context and proxy_headers by client.ws_connect.
Added aiohttp.ClientConnectorSSLError when connection fails due ssl.SSLError
aiohttp.web.Application.make_handler support access_log_class
Build HTTP parser extension in non-strict mode by default.
Bugfixes
--------
Clear auth information on redirecting to other domain
Fix missing app.loop on startup hooks during tests
Fix issue with synchronous session closing when using ClientSession as an asynchronous context manager.
Fix issue with CookieJar incorrectly expiring cookies in some edge cases.
Force use of IPv4 during test, this will make tests run in a Docker container
Warnings about unawaited coroutines now correctly point to the user’s code.
Fix issue with IndexError being raised by the StreamReader.iter_chunks() generator.
Support HTTP 308 Permanent redirect in client class.
Fix FileResponse sending empty chunked body on 304.
Do not add Content-Length: 0 to GET/HEAD/TRACE/OPTIONS requests by default.
Fix parsing the Forwarded header according to RFC 7239.
Securely determining remote/scheme/host
Fix header name parsing, if name is split into multiple lines
Handle session close during connection, KeyError: <aiohttp.connector._TransportPlaceholder>
Fixes uncaught TypeError in helpers.guess_filename if name is not a string
Raise OSError on async DNS lookup if resolved domain is an alias for another one, which does not have an A or CNAME record.
Fix incorrect warning in StreamReader.
Properly clone state of web request
Fix C HTTP parser for cases when status line is split into different TCP packets.
Fix web.FileResponse overriding user supplied Content-Type
5.2.0
Allow setting token via jupyter_token env.
Fix some errors caused by raising 403 in get_current_user.
Register contents_manager.files_handler_class directly.
Ensure that keyboard shortcuts are disabled when editing them.
Make all files in the dashboard editable by default and provide a whitelist of viewable file extensions.
The root directory of the notebook server should never be hidden.
Fix notebook require config to match tools/build-main.
Give page constructor default arguments.
Fix codemirror.less to match codemirror's expected padding layout.
Addx-xsrftoken to access-control-allow-headers.
Buffer messages when websocket connection is interrupted.
Load locale dynamically only when not en-us.
Changed key strength to 2048 bits.
Resyncjsversion with python version.
Allow copy operation on modified, read-only notebook.
Update error handling on apihandlers.
Test python 3.6 on travis, drop 3.3.
Avoid base64-literals in image tests.
Upgrade xterm.js to 2.9.2.
Changed all python variables named file to file_name to not override built_in file.
Add more doc tests.
Typos fix.
Rename and update license.
Travis builds doc.
Pull request i18n.
Factor out output_prompt_function, as is done with input prompt.
Use rfc5987 encoding for filenames.
Added path to the resources metadata, the same as in from_filename(...) in nbconvert.exporters.py.
Make "extrakeys" consistent for notebook and editor.
Bidi support.
4.4.0:
- Explicitly state that metadata fields can be ignored.
- Introduce official jupyter namespace inside metadata (``metadata.jupyter``).
- Introduce ``source_hidden`` and ``outputs_hidden`` as official front-end
metadata fields to indicate hiding source and outputs areas. **NB**: These
fields should not be used to hide elements in exported formats.
- Fix ending the redundant storage of signatures in the signature database.
- :func:`nbformat.validate` can be set to not raise a ValidationError if
additional properties are included.
- Fix for errors with connecting and backing up the signature database.
- Dict-like objects added to NotebookNode attributes are now transformed to be
NotebookNode objects; transformation also works for `.update()`.
7.47 2017-10-05
- Added multipart content generator to Mojo::UserAgent::Transactor.
- Fixed a bug in Mojo::File where parts of a path could get accidentally
upgraded from bytes to characters.
This plugin is a generic drag-and-drop ordering module for sorting objects in
the List, the Stacked- and the Tabular-Inlines Views in the Django Admin
interface.
This module offers simple mixin classes which enrich the functionality of any
existing class derived from admin.ModelAdmin, admin.StackedInline or
admin.TabularInline.
Thus it makes it very easy to integrate with existing models and their model
admin interfaces. Existing models can inherit from models.Model or any other
class derived thereof. No special base class is required.
and exporting data with included admin integration.
Features:
* support multiple formats (Excel, CSV, JSON, ... and everything else that
tablib support)
* admin integration for importing
* preview import changes
* admin integration for exporting
* export data respecting admin filters
Version 3.7.1
Fix Interactive documentation always uses false for boolean fields in requests
Improve compatibility with Django 2.0 alpha.
Improved handling of schema naming collisions
Added additional docs and tests around providing a default value for dotted source fields
