grappelli_safe was created to provide a snapshot of the Grappelli
admin skin for Django, to be referenced as a dependency for the
Mezzanine CMS for Django.
Bleach is an HTML sanitizing library that escapes or strips markup
and attributes based on a white list. Bleach can also linkify text
safely, applying filters that Django's ``urlize`` filter cannot,
and optionally setting ``rel`` attributes, even on links already
in the text.
Tiny Tiny RSS is an open source web-based news feed (RSS/Atom)
reader and aggregator, designed to allow you to read news from any
location, while feeling as close to a real desktop application as
possible.
Geeklog History/Changes:
Dec 30, 2012 (1.8.2)
------------
- A remote service user now bypasses current password check when account is
deleted (bug #0001417) [Tom]
- Fixed Twitter OAuth login error after Twitter deactived some old URLs (bug
#0001497) [Tom]
- $dbconfig_path was not escaped in the install script (bug #0001457, patch
provided by mystral-kk)
- COM_stripslashes will now handle arrays; this was a problem during
re-authentication after a security token expired (bug #0001413) [suprsidr]
- The comment count for a story could be wrong if there was a different object
with the same id and a comment (bug #0001414) [Tom]
- Feeds with the full story text still had a '...' at the end (bug #0001431)
[Jeff Rivett, Tom]
- Allow MIME type application/x-gzip-compressed when uploading a plugin for
installation (bug #0001405) [Dirk]
- Fixed compatibility with MySQL 5.5 (bugs #0001410, #0001456). This also
raises the minimum supported MySQL version to 4.1.2 [Dirk, Tom]
* Create user/group
Changelog:
* [bp/r43638][SEC] unserialize: More complete check for objects in serialized data when it's not the first item
* And more bugfixes
Changelog:
Version 4.5.5 Dec 20th 2012
Show drag and drop shadow for Firefox
Fix Knowledgebase under certain conditions
Fix setting of sharing password
Fix setting of sharing password
Several sharing fixes
Fixversioning during sharing
Fix mounting of external filesystems especially CIFS
Fix several PHP warnings
Show /Shared as standard directory
Fix session management for running several ownClouds on the same host
Fix WebDAV quota enforement
Fix CalDAV with LDAP users
Better warning about missing dependencies
Add warning about conflicting WebDAV auth and LDAP backend
Restore send sharing link my email
Fix encoding problem with mounting of CIFS filesystems
Fix mimetype icons for new files
Fix the folder size calculation
Fix for deleting multiple files
Fix for controling the data dir with LDAP
Security: Auth bypass in user_webdavauth and user_ldap (oC-SA-2012-006)
Security: XSS vulnerability in bookmarks (oC-SA-2012-007)
* Add a possible fix of SA4931, too.
Drupal 6.27, 2012-12-19
----------------------
- Fixed security issues (multiple vulnerabilities), see SA-CORE-2012-004.
Release notes
Release date: 2012-12-18
Opera 12.12 is a recommended upgrade offering security and stability enhancements.
Fixes and Stability Enhancements since Opera 12.11
General and User Interface
* Several general fixes and stability improvements
* New option `Delete settings and data for all extensions' option (off by
default) in the Delete Private Data dialog
* Corrected an issue where using the 'Delete Private Data' dialog could delete
extension and settings data
* Redesigned the 'Delete Private Data' dialog to be more usable with small
screens
* Fixed an issue where quitting Opera while in fullscreen mode could cripple
the interface on the next start-up
Security
* Fixed an issue where malformed GIF images could allow execution of arbitrary code; see our advisory
http://www.opera.com/support/kb/view/1038/
* Fixed an issue where repeated attempts to access a target site could trigger
address field spoofing, as reported by Masato Kinugawa; see our advisory
http://www.opera.com/support/kb/view/1040/
UNIX-only
* Fixed an issue where private data could be disclosed to other computer
users, or be modified by them, as reported by Jann Horn; see our advisory
http://www.opera.com/support/kb/view/1039/
turned off in www/curl.
Modify the curl package to be aware of the libidn option. Ensure default
is on.
No functional change, so no version number bump.
== 1.5.0 Knife
* Fix compilation under Ubuntu 12.04 with -Werror=format-security option.
* Raise an error when no PID file.
* Prevent duplicate response headers.
* Make proper response on exception [MasterLambaster].
* Automatically close idling pipeline connections on server stop [MasterLambaster].
=== unicorn 4.5.0 - check_client_connection option / 2012-12-07 22:59 UTC
The new check_client_connection option allows unicorn to detect
most disconnected local clients before potentially expensive
application processing begins.
This feature is useful for applications experiencing spikes of
traffic leading to undesirable queue times, as clients will
disconnect (and perhaps even retry, compounding the problem)
before unicorn can even start processing the request.
To enable this feature, add the following line to a unicorn
config file:
check_client_connection true
This feature only works when nginx (or any other HTTP/1.0+
client) is on the same machine as unicorn.
A huge thanks to Tom Burns for implementing and testing this
change in production with real traffic (including mitigating
an unexpected DoS attack).
ref: http://mid.gmane.org/CAK4qKG3rkfVYLyeqEqQyuNEh_nZ8yw0X_cwTxJfJ+TOU+y8F+w@mail.gmail.com
This release fixes broken Rainbows! compatibility in 4.5.0pre1.
=== unicorn 4.5.0pre1 - check_client_connection option / 2012-11-29 23:48 UTC
The new check_client_connection option allows unicorn to detect
most disconnected clients before potentially expensive
application processing begins.
This feature is useful for applications experiencing spikes of
traffic leading to undesirable queue times, as clients will
disconnect (and perhaps even retry, compounding the problem)
before unicorn can even start processing the request.
To enable this feature, add the following line to a unicorn
config file:
check_client_connection true
A huge thanks to Tom Burns for implementing and testing this
change in production with real traffic (including mitigating
an unexpected DoS attack).
=== unicorn 4.4.0 - minor updates / 2012-10-11 09:11 UTC
Non-regular files are no longer reopened on SIGUSR1. This
allows users to specify FIFOs as log destinations.
TCP_NOPUSH/TCP_CORK is no longer set/unset by default. Use
:tcp_nopush explicitly with the "listen" directive if you wish
to enable TCP_NOPUSH/TCP_CORK.
Listen sockets are now bound _after_ loading the application for
preload_app(true) users. This prevents load balancers from
sending traffic to an application server while the application
is still loading.
There are also minor test suite cleanups.
3.2.3
* sass --watch no longer crashs when a file in a watched directory is deleted.
* Allow @extend within bubbling nodes such as @media.
* Fix various JRuby incompatibilities and test failures.
* Work around a performance bug that arises from using @extend with
deeply-nested selectors.
3.2.2
* Add a --poll option to force sass --watch to use the polling backend to
Listen.
* Fix some error reporting bugs related to @import.
* Treat protocol-relative URLs in @imports as static URLs, just like http and
https URLs.
* Improve the error message for misplaced simple selectors.
* Fix an option-handling bug that was causing errors with the Compass URL
helpers.
* Fix a performance issue with @import that only appears when ActiveSupport is
loaded.
* Fix flushing of actions to stdout. Thanks to Russell Davis
(http://github.com/russelldavis).
* Fix the documentation for the max() function.
* Fix a @media parsing bug.
Deprecations -- Must Read!
* Sass will now print a warning when it encounters a single @import statement
that tries to import more than one file. For example, if you have @import
"screen" and both screen.scss and _screen.scss exist, a warning will be
printed. This will become an error in future versions of Sass.
