From the release announcement:
* Hide closed tasks on central,
* Quick search in saved searches panel,
* Fix image in FAQ for anonymous users,
* Possibility to add an analytics javascript,
* Various fixes on components,
* And many more!
The full changelog is available here for more details:
https://github.com/glpi-project/glpi/milestone/24?closed=1
6.7.0:
[Sanic] Added support for sanic.
[Core] Disabled dill logger by default
[Core] Added SENTRY_NAME, SENTRY_ENVIRONMENT and SENTRY_RELEASE environment variables
[Core] DSN secret is now optional
[Core] Added fix for cases with exceptions in repr
[core] Fixed bug with mutating record.data
v14.2.0
* :issue:1680 via :pr:1683: HTTP Basic Auth supports :rfc:7617 UTF-8
charset decoding where possible. Uses latin1 as a fallback.
v14.1.0
* :cr-pr:37: Add support for peercreds lookup over UNIX domain socket.
This enables app to automatically identify "who's on the other
end of the wire".
This is how you enable it::
server.peercreds: True
server.peercreds_resolve: True
The first option will put remote numeric data to WSGI env vars:
app's PID, user's id and group.
Second option will resolve that into user and group names.
To prevent expensive syscalls, data is cached on per connection
basis.
v6.2.4
- Fix missing resolve_peer_creds argument in
:py:class:cheroot.wsgi.Server being bypassed into
:py:class:cheroot.server.HTTPServer.
- :pr:85: Revert conditional dependencies. System packagers should
honor the dependencies as declared by cheroot, which are defined
intentionally.
5.3:
Iterating a Countries object now returns named tuples. This makes things nicer when using {% get_countries %} or using the country list elsewhere in your code.
Contao 4.5.7 (2018-04-04)
Contao version 4.5.7 is available. The bugfix release fixes a few minor
issues including a problem with validating the request token and a problem
with rendering custom layout sections.
Contao 4.5.8 (2018-04-18)
Contao version 4.5.8 is available. The bugfix release fixes an XSS
vulnerability in the system log of the back end (CVE-2018-10125).
CVE-2018-10125
With a manipulated request, an attacker can implant a script which is executed
when a logged in back end user opens the system log. The attacker themselves
does not have to be logged in.
The problem affects Contao 3.0.0 to 3.5.34, 4.0.0 to 4.4.17 and 4.5.0 to
4.5.7. We highly recommend you to update.
Contao 4.4.17 (2018-04-04)
Contao version 4.4.17 is available. The bugfix release fixes a few minor
issues including a problem with rendering custom layout sections.
Contao 4.4.18 (2018-04-18)
Contao version 4.4.18 is available. The bugfix release fixes an XSS
vulnerability in the system log of the back end (CVE-2018-10125).
CVE-2018-10125
With a manipulated request, an attacker can implant a script which is executed
when a logged in back end user opens the system log. The attacker themselves
does not have to be logged in.
The problem affects Contao 3.0.0 to 3.5.34, 4.0.0 to 4.4.17 and 4.5.0 to
4.5.7. We highly recommend you to update.
Version 3.5.35 (2018-04-18)
---------------------------
### Fixed
Fix an XSS vulnerability in the system log (see CVE-2018-10125).
CVE-2018-10125
With a manipulated request, an attacker can implant a script which is executed
when a logged in back end user opens the system log. The attacker themselves
does not have to be logged in.
The problem affects Contao 3.0.0 to 3.5.34, 4.0.0 to 4.4.17 and 4.5.0 to
4.5.7. We highly recommend you to update.
Upstream changes:
0.206000 2018-04-19 22:09:46-04:00 America/New_York
[ BUG FIXES ]
* GH #1090, #1406: Replace HTTP::Body with HTTP::Entity::Parser in
Dancer2::Core::Request. (Russell @veryrusty Jenkins)
* GH #1292: Fix multiple attribute definitions within Plugins
(Nigel Gregoire)
* GH #1304: Fix the order by which config files are loaded, independently
of their filename extension (Alberto Simões, Russell @veryrusty Jenkins)
* GH #1400: Fix infinite recursion with exceptions that use circular
references. (Andre Walker)
* GH #1430: Fix `dancer2 gen` from source directory when Dancer2 not
installed. (Tina @perlpunk Müller - Tina)
* GH #1434: Add `validate_id` method to verify a session id before
requesting the session engine fetch it from its data store.
(Russell @veryrusty Jenkins)
* GH #1435, #1438: Allow XS crush_cookie methods to return an arrayref
of values. (Russell @veryrusty Jenkins)
* GH #1443: Update copyright year (Joseph Frazer)
* GH #1445: Use latest HTTP::Headers::Fast (Russell @veryrusty Jenkins)
* PR #1447: Fix missing build requires (Mohammad S Anwar)
[ ENHANCEMENTS ]
* PR #1354: TemplateToolkit template engine will log (at debug level)
if a template is not found. (Kiel R Stirling, Russell @veryrusty Jenkins)
* GH #1432: Support Content-Disposition of inline in
send_file() (Dave Webb)
* PR #1433: Verbose testing in AppVeyor (Graham Knop)
[ DOCUMENTATION ]
* GH #1314: Documentation tweaks (David Precious)
* GH #1317: Document serializer configuration (sdeseille)
* GH #1386: Add Hello World example (Gabor Szabo)
* PR #1408: List project development resources (Steve Dondley)
* PR #1426: Move performance improvement information from Migration guide
to Deployment (Pedro Melo)
0.206000_02 2018-04-09 21:48:24-04:00 America/New_York (TRIAL RELEASE)
[ BUG FIXES ]
* GH #1090, #1406: Replace HTTP::Body with HTTP::Entity::Parser in
Dancer2::Core::Request. (Russell @veryrusty Jenkins)
* GH #1304: Fix the order by which config files are loaded, independently
of their filename extension (Alberto Simões, Russell @veryrusty Jenkins)
* GH #1400: Fix infinite recursion with exceptions that use circular
references. (Andre Walker)
* GH #1430: Fix `dancer2 gen` from source directory when Dancer2 not
installed. (Tina @perlpunk Müller - Tina)
* GH #1434: Add `validate_id` method to verify a session id before
requesting the session engine fetch it from its data store.
(Russell @veryrusty Jenkins)
* GH #1435, #1438: Allow XS crush_cookie methods to return an arrayref
of values. (Russell @veryrusty Jenkins)
* GH #1443: Update copyright year (Joseph Frazer)
* GH #1445: Use latest HTTP::Headers::Fast (Russell @veryrusty Jenkins)
[ ENHANCEMENTS ]
* PR #1354: TemplateToolkit template engine will log (at debug level)
if a template is not found. (Kiel R Stirling, Russell @veryrusty Jenkins)
* GH #1432: Support Content-Disposition of inline in
send_file() (Dave Webb)
* PR #1433: Verbose testing in AppVeyor (Graham Knop)
[ DOCUMENTATION ]
* GH #1317: Document serializer configuration (sdeseille)
* PR #1426: Move performance improvement information from Migration guide
to Deployment (Pedro Melo)
Upstream changes:
1.74 2018-04-22 12:30:44Z
- avoid 'uninitialized' warning in URI::File when host has no domain name
set (PR#53, thanks Shoichi Kaji!)
Upstream changes:
2.06 2018-04-09 20:23:54+00:00 UTC
- New JSON Constraint
- Improve email tests, so that MX tests are only run if internet access
- Tests improved to ensure all locales pass
- Corrected Email Validation so that spaces in the address cause failures
- add new auto_error_field_class() method to add classes directly
to field tag
- constraints_from_dbic() can now be called on Blocks,
handles 'nested_name', and support added for BOOL and DECIMAL columns
- remove bundled/renamed MooseX::Attribute::Chained and depend on the
fixed version
- Remove out-of-date reference to lacunaexpanse.
Version 0.14.1
Resolved a regression with status code handling in the integrated development server.
Version 0.14
HTTP exceptions are now automatically caught by Request.application.
Added support for edge as browser.
Added support for platforms that lack SpooledTemporaryFile.
Add support for etag handling through if-match
Added support for the SameSite cookie attribute.
Added werkzeug.wsgi.ProxyMiddleware
Implemented has for NullCache
get_multi on cache clients now returns lists all the time.
Improved the watchdog observer shutdown for the reloader to not crash on exit on older Python versions.
Added support for filename* filename attributes according to RFC 2231
Resolved an issue where machine ID for the reloader PIN was not read accurately on windows.
Added a workaround for syntax errors in init files in the reloader.
Added support for using the reloader with console scripts on windows.
The built-in HTTP server will no longer close a connection in cases where no HTTP body is expected (204, 204, HEAD requests etc.)
The EnvironHeaders object now skips over empty content type and lengths if they are set to falsy values.
Werkzeug will no longer send the content-length header on 1xx or 204/304 responses.
Cookie values are now also permitted to include slashes and equal signs without quoting.
Relaxed the regex for the routing converter arguments.
If cookies are sent without values they are now assumed to have an empty value and the parser accepts this. Previously this could have corrupted cookies that followed the value.
The test Client and EnvironBuilder now support mimetypes like the request object does.
Added support for static weights in URL rules.
Better handle some more complex reloader scenarios where sys.path contained non directory paths.
EnvironHeaders no longer raises weird errors if non string keys are passed to it.
3.2.1
Fix automatic deployment to PyPI.
3.2.0
Features:
Added new fixture django_assert_num_queries for testing the number of database queries
–fail-on-template-vars has been improved and should now return full/absolute path
Support for setting the live server port
unittest: help with setUpClass not being a classmethod
Bug fixes:
Fix –reuse-db and –create-db not working together
Numerous fixes in the documentation. These should not go unnoticed.
Compatibilitya:
Support for Django 2.0 has been added.
Support for Django before 1.8 has been dropped.
2.0.7
Fix: pipchecker, pip 10.0.0 compatibility
Fix: sqldiff, improve support of GIS fields by using Django introspection
Fix: shell_plus, fix bug in windows when PYTHONPATH is defined
Fix: shell_plus, Call execute on CursorWrapper instead of directly on cursor to ensure wrappers are run
Fix: runserver_plus, Call execute on CursorWrapper instead of directly on cursor to ensure wrappers are run
Improvement: sqldiff, drop old compatibility code
Improvement: ForeignKeyAutocompleteAdminMixin, improvements for Django >1.9
0.8.1 - 2018-03-13
------------------
- Previous attempts to sanitize cassette names were incomplete.
Sanitization has become more thorough which could have some affects on
existing cassette files. **This may cause new cassettes to be generated.**
- Fix bug where there may be an exception raised in a
``betamax.exceptions.BetamaxError`` repr.
v1.6.6
Version 1.6.6
Bugfix release
- Warn when constructing BatchHttpRequest using the legacy batch URI (#488)
- Increase the default media chunksize to 100MB. (#482)
- Remove unnecessary parsing of mime headers in HttpRequest.__init__ (#467)
This maintenance release fixes 28 bugs in 4.9, including fixes for Customizer, media library, error notices, and some security fixes. Twenty Seventeen bundled theme and Hello Dolly bundled plugin have also been updated.
WordPress versions 4.9.4 and earlier are affected by three security issues.
More changes at https://codex.wordpress.org/Version_4.9.5.
Version 4.6.4:
Bugs Fixed
In more recent Python versions, the config directory in the Python installation incorporates the platform name. This directory was added as an additional directory to search for Python shared libraries when installing using the setup.py file or pip. It should not even be needed for newer Python versions but still check for older Python versions. The only issue arising from the wrong directory, not incorporating the platform name, being used, was a linker warning about the directory not being present.
Installing mod_wsgi on Windows would fail as hadn’t exclude mod_wsgi daemon mode specific code from Windows build. This would result in compile time error about wsgi_daemon_process being undefined. This problem was introduced to Windows in version 4.6.0. A prior attempt to fix this in 4.6.3 missed one place in the code which needed to be changed.
Version 4.6.3
Bugs Fixed
When compiled for Python 2.6, when run mod_wsgi would fail to load into Apache due to misisng symbol PyFrame_GetLineNumber. This was only introduced in Python 2.7. Use alternate way to get line number which still yields correct answer. This issue was introduced in mod_wsgi version 4.6.0 in fix to have correct line numbers generated for stack traces on shutdown due to request timeout.
Installing mod_wsgi on Windows would fail as hadn’t exclude mod_wsgi daemon mode specific code from Windows build. This would result in compile time error about wsgi_daemon_process being undefined. This problem was introduced to Windows in version 4.6.0.
When using runmodwsgi management command integration for Django, the file containing the WSGI application entry point was specified via a full filesystem path, rather than by module import path. This meant that relative imports from that file would fail. The file is now imported as a module path based on what WSGI_APPLICATION is set to in the Django settings module. This means the file is imported as part of package for the project and relative imports will work.
18.4.1
new: WAMP-SCRAM authentication
new: native vector extensions
fix: improve choosereactor
new: lots of new and improved documentation, component API and more
new: Docker image tooling now in this repo
fix: "fatal errors" in Component
fix: AIO/Component: create a new loop if already closed
fix: kwarg keys sometimes are bytes on Python2
fix: various improvements to new component API
Upstream changes (from NEWS):
== Ruby-GNOME2 3.2.4: 2018-04-09
This is a bug fix release of 3.2.3.
=== Changes
==== Ruby/GLib2
* Fixes
* Fixed a bug that some constants aren't defined. If a content
name is the same constant name at the top level such as
(({Gtk::Object})), the constant isn't defined.
[GitHub#1154][Debian#894816][mikutter#1199]
[Reported by Akira Ouchi][Forwarded by HIGUCHI Daisuke]
==== RubyRsvg2
* Improvements
* Windows: Upgraded bundled librsvg to 2.42.3.
=== Thanks
* Akira Ouchi
* HIGUCHI Daisuke
== Ruby-GNOME2 3.2.3: 2018-04-03
This is a bug fix release of 3.2.2.
=== Changes
==== Ruby/GObjectIntrospection
* Fixes
* Fixed a crash bug when (({GLib::Bytes})) is passed as an argument.
== Ruby-GNOME2 3.2.2: 2018-04-02
This is a release to support Ruby 2.5 on Windows.
=== Changes
==== All
* Windows: Added Ruby 2.5 support.
[GitHub#1148][Reported by Andy Meneely]
* Red Hat: Use (({pkgconfig(name)})) style.
[GitHub#1117][Patch by Mamoru TASAKA]
==== Ruby/GLib2
* Improvements
* (({GLib::Bytes#to_s})): Changed to return a frozen string to
reduce data copy.
* Migrated to (({TypedData})) from (({Data})).
==== Ruby/GObjectIntrospection
* Improvements
* Added (({nil})) argument check.
* (({GObjectIntrospection::Loader#rubyish_method_name})):
Added (({:n_in_args_offset})) option.
* Suppressed a needless copy of (({GLib::Bytes})).
* Added filename array support.
[GitHub#1151][Patch by cedlemo]
* Fixes
* Fixed a overflow bug on 32bit.
[Debian#766020][Reported by Mario Lang]
[GitHub#1137][Forwarded by HIGUCHI Daisuke]
==== Ruby/GTK2
* Fixes
* Fix the wrong number of arguments.
[GitHub#1133][Reported by Mamoru TASAKA]
==== Ruby/GDK3
* Improvements
* Ensured loading GDK 3.
[GitHub#1126][Patch by cedlemo]
* Fixes
* (({Gdk::Screen.default})): Fixed a GC related crash.
* (({Gtk::Widget#style_context})): Fixed a GC related crash.
[GitHub#1149][Reported by Valentin Pelloin]
==== Ruby/GTK3
* Improvements
* Added a tool palette demo.
[GitHub#1116][Patch by cedlemo]
* Added a shortcut demo.
[GitHub#1120][Patch by cedlemo]
* Updated demo.
[Reported by Titouan Teyssier]
[GitHub#1139][Patch by Titouan Teyssier]
* Updated README.
[GitHub#1127][Patch by cedlemo]
* Fixes
* (({Gtk::Container#add_child(child)})): Made workable again.
==== Ruby/Poppler
* Fixes
* (({Poppler::Page#thumbnail_size})): Fixed return value.
[GitHub:rcairo/rcairo#51][Reported by Mamoru TASAKA]
==== Ruby/Gnumeric
* Improvements
* Improved .typelib for Gnumeric detection.
[GitHub#1118][Reported by cedlemo]
=== Thanks
* cedlemo
* Mamoru TASAKA
* Titouan Teyssier
* Mario Lang
* HIGUCHI Daisuke
* Andy Meneely
* Valentin Pelloin
2.1.0:
* Async HTTP Consumers and WebSocket Consumers both gained new functionality
(groups, subprotocols, and an async HTTP variant)
* URLRouters now allow nesting
* Async login and logout functions for sessions
* Expiry and groups in the in-memory channel layer
* Improved Live Server test case
* More powerful OriginValidator
* Other small changes and fixes in the full release notes.
