The most important of these new features are:
* SQL Database logging helper
* Time-Quota session helper
* SSL-Bump Server First
* Server Certificate Mimic
* Custom HTTP request headers
* Remove or modify some patches that is obsolete or fixed in another way
like devel/xulrunner.
Changelog:
Fixes in 2.15.2
Applications could not be removed from the "Application details" dialog under Preferences, Helper Applications (bug 826771).
View / Message Body As could show menu items out of context (bug 831348).
Fixes in 2.15.1
Problems involving HTTP proxy transactions have been fixed (bug list).
The Unity player crashed on Mac OS X (bug 828954).
This relase contains fix for CVE-2012-6112(TinyMCE), too.
Version 2.11.9 (2013-02-05)
---------------------------
### Fixed
Support numeric front end dates in the form generator (see #5238).
### Fixed
Support whitespace characters when parsing simple tokens (see #5323).
### Fixed
Allow to run multiple TinyMCE instances with different configurations on the
same page (thanks to Andreas Schempp) (see #4453).
### Fixed
Correctly trigger the "saveNewPassword" hook (see #5247).
### Fixed
Consider the `save_callback` of the password field in `tl_user` when a back end
user is forced to change his password (see #5138).
### Fixed
Do not group standalone lightbox elements on HTML5 pages (see #3742).
### Fixed
Anonymize IP addresses in `Form::processFormData()` (see #5255).
### Fixed
Replaced the 1200 pixel limit when resizing images with the values defined in
the system settings (see #5268).
### Fixed
Make sure there is an array in `Controller::generateMargin()` (see #5217).
### Fixed
More robust input validation in the back end filter menu and no more absolute
paths in error messages printed to the screen (thanks to aulmn) (see #4971).
### Fixed
Unset non-existing fields when restoring versions (see #5219).
Fri Feb 1 10:19:44 CET 2013
Handle case where POST data contains "key=" without value
at the end and is not new-line terminated by invoking the
callback with the "key" during MHD_destroy_post_processor (#2733). -CG
Wed Jan 30 13:09:30 CET 2013
Adding more 'const' to allow keeping of reason phrases in ROM.
(see mailinglist). -CG/MV
Tue Jan 29 21:27:56 CET 2013
Make code work with PlibC 0.1.7 (which removed plibc_init_utf8).
Only relevant for W32. Fixes#2734. -CG
Sat Jan 26 21:26:48 CET 2013
Fixing regression introduced Jan 6 (test on data_size instead
of total_size. -CG
Fri Jan 11 23:21:55 CET 2013
Also return MHD_YES from MHD_destroy_post_processor if
we did not get '\r\n' in the upload. -CG
Sun Jan 6 21:10:13 CET 2013
Enable use of "MHD_create_response_from_callback" with
body size of zero. -CG
*) Feature: the $request_time and $msec variables can now be used not
only in the "log_format" directive.
*) Bugfix: cache manager and cache loader processes might not be able to
start if more than 512 listen sockets were used.
*) Bugfix: in the ngx_http_dav_module.
+ Under NetBSD 5.1_STABLE, a large number of included vhosts led to SEGV, this
does not occur with nginx 1.2.6.
Opera 12.13 is a recommended upgrade offering security and stability
enhancements.
Fixes and Stability Enhancements since Opera 12.12
General and User Interface
* Fixed an issue where Opera gets internal communication errors on Facebook
* Fixed an issue where no webpages load on startup, if Opera is disconnected
from the Internet
* Fixed an issue where images will not load after back navigation, when a site
uses the HTML5 history API (deviantart.com)
Linux and Windows
* A new stand-alone update-checker, as part of a planned upgrade of the
auto-update system
Windows
* Improved protection against hijacking of the default search, including
a one-time reset
Security
* Fixed an issue where DOM events manipulation might be used to execute
arbitrary code, as reported by Arthur Gerkis; see our advisory:
http://www.opera.com/support/kb/view/1042/
* Fixed an issue where use of SVG clipPaths could allow execution of arbitrary
code, as reported by anonymous via the iSIGHT Partners GVP Program; see our
advisory:
http://www.opera.com/support/kb/view/1043/
* Fixed a low severity security issue; details will be disclosed at a later
date
* Fixed an issue where CORS requests could omit the preflight request, as
reported by webpentest; see our advisory:
http://www.opera.com/support/kb/view/1045/
Upstream changes:
1.0016 Thu Jan 31 13:21:14 PST 2013
[SECURITY]
- Fixed directory traversal bug in Plack::App::File on win32 environments
[INCOMPATIBLE CHANGES]
- Updated Plack::Builder OO interface to be more natural. Still keeps backward
compatible to the old ->mount() and ->to_app() interface.
[NEW FEATURES]
- Static middleware 'path' callback now takes $env as a 2nd argument (avar)
- Static middleware takes 'content_type' callback to determine custom MIME (pstadt)
[IMPROVEMENTS]
- Fixed regexp warning for blead (doy)
- Documentation update for AccessLog::Timed to suggest Runtime (ether)
- Ignore vim swap files on restarter (nihen)
- Major doucmentation overhaul on Apache2 startup files (rkitover, avar)
Features:
* Drag&Drop reordering of photos in the plugin admin
* Unlimited, auto-discovered custom templates - you can change template of
given gallery at anytime, use javascript galleries etc.
based on a source image. So whenever a thumbnail does not exist or if the
source was modified more recently than the existing thumbnail, a new thumbnail
is generated (and saved).
* `6753235d`: Return bounded output from `rcs_diff()` when asked, as
the API states.
* `e45175d5`: Always explicitly set CVS keyword substitution behavior.
Fixes behavior when a text file is added under a name formerly
used for a binary file.
* `b30cacdf`: If the previous working directory no longer exists after
a CVS operation, don't try to `chdir()` back to it afterward.
Bump PKGREVISION.
- added a sitemap.xml.
- added some templatetags.
- started using Sphinx for managing documentation.
- started using Transifex for managing translations.
- started using Travis CI.
- added 12 new translations and improved some of the existing translations.
- fixed issue 29 (quote URL of resized image properly).
- misc improvements to clarity of unit tests.
- added Django 1.4 timezone support.
Version 1.0.3
-------------
Released January 24, 2013
- Tests complete in python 3.2/3.3.
- Localization for ru, fr.
- Minor fixes in documentation for clarity.
- FieldList now can take validators on the entire FieldList.
- ext.sqlalchemy model_form:
* Fix issue with QuerySelectField
* Fix issue in ColumnDefault conversion
* Support Enum type
- Field class now allows traversal in Django 1.4 templates.
Changes:
0.3006 Wed Dec 19 09:55:05 JST 2012
- Clear out @ARGV, rather than restoring it, to avoid messing with Net::Server internals
0.3005 Wed Nov 14 19:46:31 PST 2012
- Added a warning in runtime/documentation to NOT use -r/-R with Starman
0.3004 Thu Nov 8 19:40:45 PST 2012
- Added --interval option to the sample start_server command
- Makefile.PL fix
0.3003 Thu Sep 27 09:39:56 JST 2012
- Fixed the test hang in some environments, introduced in 0.3002 [RT:79865]
0.3002 Tue Sep 25 15:26:43 JST 2012
- Added a documentation for --signal-on-term for Server::Starter 0.12 (kazuho, ether)
- Set REMOTE_PORT PSGI environment variable #50 (dex4er)
- Fix a test failure with a directory containing whitespace (clkao)
0.3001 Mon Jun 25 10:57:20 PDT 2012
- Fix SERVER_NAME and SERVER_PORT not exist on UNIX socket mode #24
- Improved documentation
- Ensure that chunk buffer contains terminating HTTP newline (Peter Makholm)
0.3000 Mon Feb 20 16:31:44 PST 2012
- This be a 0.3 release
0.29_90 Thu Dec 1 19:40:52 PST 2011
- Changed the way server handles HUP and QUIT signals
HUP will just restart all the workers gracefully
QUIT will gracefully shutdown workers and the master
See `man 1 starman` and look for SIGNALS section.
Changes:
1.50 Jul 11, 2012
[ DISTRIBUTION ]
- Switch to Dist::Zilla
- Eliminate HTML docs from distribution, available on web
- Move live Apache tests to author-only
1.49 Feb 27, 2012
[ DOCS ]
- Fixed misspellings in docs. RT #74676. Reported by Salvatore Bonaccorso.
1.48 Feb 3, 2012
[ BUG FIXES ]
- Calling a subcomponent from inside an anonymous component (created via
$interp->make_component) caused an uninitialized value warning. Reported by
Javier Amor Garcia.
Changes:
2.5 June 10th, 2012
New features, thanks to Michael Peters (RT#46258):
- Support for using an alternative HTML::FillInForm class
via param dfv_fif_class.
- Support for supplying defaults for HTML::FillInForm->fill
via param dfv_fif_defaults.
ChangeLog:
0.12 Thu Aug 4 23:56:00 BST 2011
- Changed a test case to be less picky about the actual text captured
from warnings. This was done to support some changes introduced by
the Catalyst -> PSGI port.
ChangeLog:
0.10022 08 Jan 2013
- Fix NoPasswd store (skaufman)
0.10021 30 June 2012
- Change all classes to Moose and MooseX::Emulate::Class::Accessor::Fast,
fixing undeclared dependency on Class::Accessor::Fast.
- Change Catalyst::Authentication::Realm to use String::RewritePrefix
rather than doing namespace mangling manually.
- Fix whitespace and tabs, add Test::EOL and Test::NoTabs
- Document optional methods in stores needed for auto_create_user
and auto_update_user in realms.
- Clarify support channels
- Note primary maintainer in docs.
- Add x_authority metadata.
- Get the NAME right by making it 1 line, due to crappy parsing
in EU::MM (RT#77028)
0.10020 05 May 2012
- Allow user_class to be configured for Catalyst::Authentication::Store::Minimal
(Jochen Lutz <jlu@akk.org>)
0.10019 14 April 2012
- Upgrade code to use Moose compatibility layer (jnap)
- Added some rules to .gitignore for people using macs (jnap)
- Updated copyright info
- Catalyst::Plugin::Authentication::Credential::NoPassword added
(Okko)
- Convert repository to git (fREW Schmidt)
ChangeLog:
- Fixed 'application/x-www-form-urlencoded' for AJAX POSTs post
Firefox 3.x
+ First sourceforge.net hosted version
+ Incremented version number to actually match SVN branch tag
+ Switched to Big-endian date format in the documentation.
Less chance of misunderstandings
* Editor: Prevent certain HTML elements from being unexpectedly removed or
modified in rare cases.
* Media: Fix a collection of minor workflow and compatibility issues in the new
media manager.
* Networks: Suggest proper rewrite rules when creating a new network.
* Prevent scheduled posts from being stripped of certain HTML, such as video
embeds, when they are published.
* Work around some misconfigurations that may have caused some JavaScript in
the WordPress admin area to fail.
* Suppress some warnings that could occur when a plugin misused the database or
user APIs.
Additionally: Version 3.5.1 fixes a few security issues:
* Server-side request forgery (SSRF) and remote port scanning via pingbacks.
Fixed by the WordPress security team.
* Cross-site scripting (XSS) via shortcodes and post content. Discovered by Jon
Cave of the WordPress security team.
* Cross-site scripting (XSS) in the external library Plupload. Plupload 1.5.5
was released to address this issue.
ChangeLog:
Revision history for Catalyst-Manual
- Fix minor typos RT 78545, thanks Joe Axford
- Update auth class name RT 77322 Thanks Joe Axford
- Fix typo RT #77247 Thanks John Deighan
5.9004 4th May 2012
- PSGI Compat changes
- Small code changes (thanks sockmonk)
- Small changes to Manual::Components
5.9003 17 Feb 2012
- Mention PSGI in Manual::Ingro RT 74872 (thanks William Blunn).
- Better docs of :Global inspired by RT 74869 (thanks William Blunn)
- Highlight the importance of uncommenting the template line in the
list action
- Clarify docs for nginx in non-root - a trailing slash on the
location block is very much needed.
- Clarified Data::Dumper usage. RT#71410 Thanks to Bill Corr
- Mention Chef deployment in Manual::Deployment (thanks to Alexey
Melezhik)
