- Fix a critical AOF bug when fsync policy set to "always"
- Latency monitor could report wrong latencies under certain conditions.
- AOF rewriting could fail when a backgronud rewrite is triggered and
at the same time the AOF is switched on/off.
- Redis Cluster crash-recovery safety improved.
- Other smaller fixes (check commnits).
- Redis Cluster has now the ability to configure certain slaves so that
they'll never attempt a failover.
- Keyspace notifications API in modules.
- RM_Call() is now faster by reusing the same client.
- Tracking of the percentage of keys already logically expired but yet
not evicted.
- No code changes
nodejs 9.10.0
Fixes for the following CVEs are included in this release:
- CVE-2018-7158
- CVE-2018-7159
- CVE-2018-7160
Notable Changes
- Fix for inspector DNS rebinding vulnerability (CVE-2018-7160): A
malicious website could use a DNS rebinding attack to trick a web
browser to bypass same-origin-policy checks and allow HTTP connections
to localhost or to hosts on the local network, potentially to an open
inspector port as a debugger, therefore gaining full code execution
access. The inspector now only allows connections that have a browser
Host value of localhost or localhost6.
- Fix for 'path' module regular expression denial of service
(CVE-2018-7158): A regular expression used for parsing POSIX paths
could be used to cause a denial of service if an attacker were able to
have a specially crafted path string passed through one of the
impacted 'path' module functions.
- Reject spaces in HTTP Content-Length header values (CVE-2018-7159):
The Node.js HTTP parser allowed for spaces inside Content-Length
header values. Such values now lead to rejected connections in the
same way as non-numeric values.
- Update root certificates: 5 additional root certificates have been
added to the Node.js binary and 30 have been removed.
- cluster: Add support for NODE_OPTIONS="--inspect"
- crypto: Expose the public key of a certificate
- n-api: Add napi_fatal_exception to trigger an uncaughtException in
JavaScript
- path: Fix regression in posix.normalize
- stream: Improve stream creation performance
nodejs 9.9.0
assert:
- From now on all error messages produced by assert in strict mode will
produce a error diff.
- From now on it is possible to use a validation object in throws instead
of the other possibilities.
crypto:
- allow passing null as IV unless required
fs:
- support as and as+ flags in stringToFlags()
tls:
- expose Finished messages in TLSSocket
tty:
- Add getColorDepth function to determine if terminal supports colors.
util:
- add util.inspect compact option
Fixes for the following CVEs are included in this release:
- CVE-2018-7158
- CVE-2018-7159
- CVE-2018-7160
Notable Changes
- Fix for inspector DNS rebinding vulnerability (CVE-2018-7160): A
malicious website could use a DNS rebinding attack to trick a web
browser to bypass same-origin-policy checks and allow HTTP connections
to localhost or to hosts on the local network, potentially to an open
inspector port as a debugger, therefore gaining full code execution
access. The inspector now only allows connections that have a browser
Host value of localhost or localhost6.
- Fix for 'path' module regular expression denial of service
(CVE-2018-7158): A regular expression used for parsing POSIX paths
could be used to cause a denial of service if an attacker were able to
have a specially crafted path string passed through one of the
impacted 'path' module functions.
- Reject spaces in HTTP Content-Length header values (CVE-2018-7159):
The Node.js HTTP parser allowed for spaces inside Content-Length
header values. Such values now lead to rejected connections in the
same way as non-numeric values.
- Update root certificates: 5 additional root certificates have been
added to the Node.js binary and 30 have been removed.
Fixes for the following CVEs are included in this release:
- CVE-2018-7158
- CVE-2018-7159
- CVE-2018-7160
Notable Changes
- Fix for inspector DNS rebinding vulnerability (CVE-2018-7160): A
malicious website could use a DNS rebinding attack to trick a web
browser to bypass same-origin-policy checks and allow HTTP connections
to localhost or to hosts on the local network, potentially to an open
inspector port as a debugger, therefore gaining full code execution
access. The inspector now only allows connections that have a browser
Host value of localhost or localhost6.
- Fix for 'path' module regular expression denial of service
(CVE-2018-7158): A regular expression used for parsing POSIX paths
could be used to cause a denial of service if an attacker were able to
have a specially crafted path string passed through one of the
impacted 'path' module functions.
- Reject spaces in HTTP Content-Length header values (CVE-2018-7159):
The Node.js HTTP parser allowed for spaces inside Content-Length
header values. Such values now lead to rejected connections in the
same way as non-numeric values.
- Update root certificates: 5 additional root certificates have been
added to the Node.js binary and 30 have been removed.
The biggest change is that the package is now called 'dune' rather than
'jbuilder'; I'm waiting until the package comes out of beta to apply that
name change to pkgsrc.
Otherwise there have been mostly incremental changes and bugfixes,
nothing major; for more information see CHANGES.md.
1.5.2:
Emulate ROM bug loading zero length blocks when using tape traps
Fix the format of double-sided +3 disks
Spectrum reset is accelerated when phantom typist is enabled and a file is loaded from the menu
Add options UI for phantom typist
GTK+ 3 UI: Memory browser dialog allows to go to specific offset
1.5.1:
Prevent crash when we try to disassemble an instruction with many DD or FD prefixes
Fix crash when setting debugger variables
Prevent crash when we try to profile an instruction with many DD or FD prefixes
GTK+ UI: Improve behaviour of default button on dialogs
GTK+ and win32 UIs: Support hex numbers in load/save binary and pokefinder dialogs
SDL UI: Allow to select the video mode used in full-screen
Changes in GTK+ 3.22.29
* Wayland
- add an input method based on the text protocol
* File chooser
- Stop activating without double-click
* Bugs fixed:
GtkInfoBar not shown after calling gtk_widget_show
Better deprecation information for GtkStatusIcon
gdkscreen-x11: Don't try to calculate a refresh rate for RandR 1.3...
GtkListBoxRow signal poorly documented
* Translation updates
Buildbot 1.1.0:
Deprecations and Removals:
Removed ramlfication as a dependency to build the docs and run the tests.
Bug fixes:
Fixed buildrequests API doesn’t provide properties data
Fix missing owner on builder build table
Include hipchat as reporter.
Fix encoding issues of commands with Windows workers
Fixed Relax builder name length restriction
Fix the configuration order so that services can actually use secrets
Partially fix Builder page should show the worker information
Features:
Added the defaultProperties parameter to builders.
When a build step has a log called “summary” (case-insensitive), the Build Summary page will sort that log first in the list of logs, and automatically expand it.
Buildbot 1.0.0:
Despite the major version bump, Buildbot 1.0.0 does not have major difference with the 0.9 series. 1.0.0 is rather the mark of API stability. Developers do not foresee a major API break in the next few years like we had for 0.8 to 0.9.
Starting with 1.0.0, Buildbot will follow semver versioning methodology.
Bug fixes:
Cloning Git repository with submodules now works with Git < 1.7.6 instead of failing due to the use of the unsupported --force option.
GitHub hook now properly creates a change in case of new tag or new branch. GitHub changes will have the category set to tag when a tag was pushed to easily distinguish from a branch push.
Fixed issue with Master.expireMasters not always honoring its forceHouseKeeping parameter.
Fixed issue with steps not correctly ending in CANCELLED status when interrupted.
Fix maximum recursion limit issue when transferring large files with LocalWorker (issue:3014).
Added an argument to P4Source that allows users to provide a callable to convert Perforce branch and revision to a valid revlink URL. Perforce supplies a p4web server for resolving urls into change lists.
Fixed issue with buildbot_pkg` not hanging on yarn step on windows
Fix issue with workers notify_on_missing not able to be configurable as a single string instead of list of string
Fixed Builder page should display worker name instead of id
Features:
Add capability to override the default UI settings
All Reporters have been adapted to be able to use Secret. SVNPoller has been adapted to be able to use Secret.
Implement support for Bitbucket Cloud webhook plugin in BitbucketCloudEventHandler
The owners property now includes people associated with the changes of the build
The repo source step now syncs with the --force-sync flag which allows the sync to proceed when a source repo in the manifest has changed.
Add support for compressing the repo source step cache tarball with pigz, a parallel gzip compressor.
SQLite Release 3.23.0:
Add the sqlite3_serialize() and sqlite3_deserialize() interfaces when the SQLITE_ENABLE_DESERIALIZE compile-time option is used.
Recognize TRUE and FALSE as constants. (For compatibility, if there exist columns named "true" or "false", then the identifiers refer to the columns rather than Boolean constants.)
Support operators IS TRUE, IS FALSE, IS NOT TRUE, and IS NOT FALSE.
Added the SQLITE_DBSTATUS_CACHE_SPILL option to sqlite3_db_status() for reporting the number of cache spills that have occurred.
The "alternate-form-2" flag ("!") on the built-in printf implementation now causes string substitutions to measure the width and precision in characters instead of bytes.
If the xColumn method in a virtual table implementation returns an error message using sqlite3_result_error() then give that error message preference over internally-generated messages.
Added the -A command-line option to the CLI to make it easier to manage SQLite Archive files.
Add support for INSERT OR REPLACE, INSERT OR IGNORE, and UPDATE OR REPLACE in the Zipfile virtual table.
Enhance the sqlite3changeset_apply() interface so that it is hardened against attacks from deliberately corrupted changeset objects.
Added the sqlite3_normalize() extension function.
Query optimizer enhancements:
Improve the omit-left-join optimization so that it works in cases where the right-hand table is UNIQUE but not necessarily NOT NULL.
Improve the push-down optimization so that it works for many LEFT JOINs.
Add the LEFT JOIN strength reduction optimization that converts a LEFT JOIN into an ordinary JOIN if there exist terms in the WHERE clause that would prevent the extra all-NULL row of the LEFT JOIN from appearing in the output set.
Avoid unnecessary writes to the sqlite_sequence table when an AUTOINCREMENT table is updated with an rowid that is less than the maximum.
Bug fixes:
Fix the parser to accept valid row value syntax.
Fix the query planner so that it takes into account dependencies in the arguments to table-valued functions in subexpressions in the WHERE clause.
Fix incorrect result with complex OR-connected WHERE and STAT4.
Fix potential corruption in indexes on expressions due to automatic datatype conversions.
Assertion fault in FTS4.
Incorrect result on the less-than operator in row values.
Always interpret non-zero floating-point values as TRUE, even if the integer part is zero.
Fix an issue in the fsdir(PATH) table-valued function to the fileio.c extension, that caused a segfault if the fsdir() table was used as the inner table of a join.
Issue an error rather instead of an assertion-fault or null-pointer dereference when the sqlite_master table is corrupted so that the sqlite_sequence table root page is really a btree-index page.
Fix the ANALYZE command so that it computes statistics on tables whose names begin with "sqlite".
Additional fixes for issues detected by OSSFuzz:
Fix a possible infinite loop on VACUUM for corrupt database files.
Disallow parameters in the WITH clause of triggers and views.
Fix a potential memory leak in row value processing.
Improve the performance of the replace() SQL function for cases where there are many substitutions on megabyte-sized strings, in an attempt to avoid OSSFuzz timeouts during testing.
Provide an appropriate error message when the sqlite_master table contains a CREATE TABLE AS statement. Formerly this caused either an assertion fault or null pointer dereference. Problem found by OSSFuzz on the GDAL project.
Incorrect assert() statement removed.
Fix a problem with using the LIKE optimization on an INTEGER PRIMARY KEY.
1.14.69
api-change🇪🇸 Update es command to latest version
api-change:apigateway: Update apigateway command to latest version
api-change:cloudfront: Update cloudfront command to latest version
1.14.68
api-change:connect: Update connect command to latest version
api-change:acm: Update acm command to latest version
1.14.67
api-change:ssm: Update ssm command to latest version
api-change:cloudformation: Update cloudformation command to latest version
api-change:alexaforbusiness: Update alexaforbusiness command to latest version
api-change:greengrass: Update greengrass command to latest version
1.14.66
api-change:sts: Update sts command to latest version
api-change:iam: Update iam command to latest version
api-change:mturk: Update mturk command to latest version
1.14.65
api-change:acm: Update acm command to latest version
1.14.64
api-change:dynamodb: Update dynamodb command to latest version
1.14.63
api-change:rds: Update rds command to latest version
1.6.22
api-change:cloudfront: [botocore] Update cloudfront client to latest version
api-change:apigateway: [botocore] Update apigateway client to latest version
api-change🇪🇸 [botocore] Update es client to latest version
1.6.21
api-change:connect: [botocore] Update connect client to latest version
api-change:acm: [botocore] Update acm client to latest version
1.6.20
api-change:greengrass: [botocore] Update greengrass client to latest version
api-change:cloudformation: [botocore] Update cloudformation client to latest version
api-change:ssm: [botocore] Update ssm client to latest version
api-change:alexaforbusiness: [botocore] Update alexaforbusiness client to latest version
1.6.19
api-change:mturk: [botocore] Update mturk client to latest version
api-change:sts: [botocore] Update sts client to latest version
api-change:iam: [botocore] Update iam client to latest version
1.6.18
api-change:acm: [botocore] Update acm client to latest version
1.9.22
api-change:cloudfront: Update cloudfront client to latest version
api-change:apigateway: Update apigateway client to latest version
api-change🇪🇸 Update es client to latest version
1.9.21
api-change:connect: Update connect client to latest version
api-change:acm: Update acm client to latest version
1.9.20
api-change:greengrass: Update greengrass client to latest version
api-change:cloudformation: Update cloudformation client to latest version
api-change:ssm: Update ssm client to latest version
api-change:alexaforbusiness: Update alexaforbusiness client to latest version
1.9.19
api-change:mturk: Update mturk client to latest version
api-change:sts: Update sts client to latest version
api-change:iam: Update iam client to latest version
1.9.18
api-change:acm: Update acm client to latest version
18.3.1
fix: endpoint configuration error messages
fix: various improvements to the new components API (including retries)
fix: pass unregisterProducer through to twisted to complement WebSocketAdapterProtocol.registerProducer
7.70:
We're excited to make our first Nmap release of 2018--version 7.70! It
includes hundreds of new OS and service fingerprints, 9 new NSE scripts
(for a total of 588), a much-improved version of our Npcap windows packet
capturing library/driver, and service detection improvements to make -sV
faster and more accurate.
OTX Direct Connect agents provide a way to automatically update your
security infrastructure with pulses you have subscribed to from with
Open Threat Exchange. By using Direct Connect, the indicators
contained within the pulses you have subscribed to can be downloaded
and made locally available for other applications such as Intrusion
Detection Systems, Firewalls, and other security-focused applications.
1.20.0:
* unix,spawn: respect user stdio flags for new pipe
* Revert "Revert "unix,tcp: avoid marking server sockets connected""
* req: revisions to uv_req_t handling
* win: remove unnecessary initialization
* win: update uv_os_homedir() to use uv_os_getenv()
* test: fix tcp_oob test flakiness
* posix: fix uv__pollfds_del() for invalidated fd's
* doc: README: add note on installing gyp
* unix: refactor uv_os_homedir to use uv_os_getenv
* unix: fix several instances of lost errno
* win,tty: update several TODO comments
* unix: add UV_FS_COPYFILE_FICLONE support
* test: fix connect_unspecified
* unix,win: add UV_FS_COPYFILE_FICLONE_FORCE support
* win: use long directory name for handle->dirw
* build: build with -D_FILE_OFFSET_BITS=64 again
* win, fs: fix uv_fs_unlink for +R -A files
* win, fs: use FILE_WRITE_ATTRIBUTES when opening files
* unix: use __PASE__ on IBM i platforms
* test,freebsd: fix flaky poll tests
* test: increase connection timeout to 1 second
* win,tcp: handle canceled connect with ECANCELED
IPython 5.6
In Python 3.6 and above, dictionaries preserve the order items were added to them. On these versions, IPython will display dictionaries in their native order, rather than sorting by the keys
ProgressBar can now be used as an iterator
The shell object gains a check_complete() method, to allow a smoother transition to new input processing machinery planned for IPython 7
IPython should start faster, as it no longer looks for all available pygments styles on startup
IPython 6.3 contains all the bug fixes and features in IPython 5.6. In addition:
A new display class IPython.display.Code can be used to display syntax highlighted code in a notebook
The %%html magic now takes a --isolated option to put the content in an iframe
The code to find completions using the Jedi library has had various adjustments. This is still a work in progress, but we hope this version has fewer annoyances
The post event callbacks are now always called, even when the execution failed (for example because of a SyntaxError).
The execution info and result objects are now made available in the corresponding pre or post *_run_cell event callbacks in a backward compatible manner
Performance with very long code cells (hundreds of lines) is greatly improved
Specifications for callback functions passed in to an API
If your code lets other people supply callback functions, it's important to
specify the function signature you expect, and check that functions support
that. Adding extra parameters later would break other peoples code unless
you're careful.
backcall provides a way of specifying the callback signature using a prototype
function.
