[ Joey Hess ]
* Fix NULL ptr deref on ENOMEM in wrapper. (Thanks, igli)
[ Simon McVittie ]
* Really don't double-decode CGI submissions, even on Perl versions that
bundle an old enough Encode.pm for that not to be a problem: the
system might have a newer Encode.pm installed separately, like Fedora 20.
(Closes: #776181; thanks, Anders Kaseorg)
* If neither timezone nor TZ is set, set both to :/etc/localtime if
we're on a GNU system and that file exists, or GMT otherwise
* t/inline.t: accept translations of "Add a new post titled:"
(Closes: #779365)
* Consistently document command-line options as e.g. --refresh, not -refresh
[ Amitai Schlair ]
* In VCS-committed anonymous comments, link to url.
[ Joey Hess ]
* Fix XSS in openid selector. Thanks, Raghav Bisht. (Closes: #781483)
-- Simon McVittie <smcv@debian.org> Sun, 29 Mar 2015 21:48:24 +0100
Updating this leaf package during the freeze for the bugfixes.
## 0.7.3 (2015-03-24)
* SECURITY FIX: http.rb failed to call the #post_connection_check method
on SSL connections. This method implements hostname verification, and
without it http.rb was vulnerable to MitM attacks. The problem was
corrected by calling #post_connection_check (CVE-2015-1828)
Version 3.4.5 (2015-03-27)
--------------------------
### Fixed
Consider the `$blnCache` flag when caching insert tags (see #7700).
### Updated
Updated TinyMCE to version 4.1.9 (see #7690).
### Fixed
Correctly calculate the max upload size in the DropZone uploader (see #7633).
### Fixed
Convert language codes to locales in the meta wizard (see #7667).
### Fixed
Replace only the `{{file}}` insert tag in the back end preview (see #7647).
### Fixed
Correctly convert date strings depending on their rgxp format (see #7721).
### Fixed
Update news and calendar feeds from the content view (see #7679).
### Fixed
Do not generally encode stand-alone ampersands (see #7684).
### Fixed
Restore some globals when catching the unused argument exception (see #7659).
### Fixed
Correctly set the CSS classes in the jQuery accordion and do not try to mess
with its ARIA handling (see #7622).
### Fixed
Handle language fragments without trailing slash when redirecting (see #7666).
### Fixed
Trigger the `load_callback` upon saving in "override all" mode (see #7670).
### Fixed
Ensure a unique language file array in the `Automator` class (see #7687).
Version 3.2.20 (2015-03-26)
---------------------------
### Fixed
Correctly convert date strings depending on their rgxp format (see #7721).
### Fixed
Update news and calendar feeds from the content view (see #7679).
### Fixed
Do not generally encode stand-alone ampersands (see #7684).
### Fixed
Restore some globals when catching the unused argument exception (see #7659).
### Fixed
Correctly set the CSS classes in the jQuery accordion and do not try to mess
with its ARIA handling (see #7622).
### Fixed
Handle language fragments without trailing slash when redirecting (see #7666).
### Fixed
Trigger the `load_callback` upon saving in "override all" mode (see #7670).
### Fixed
Ensure a unique language file array in the `Automator` class (see #7687).
# 1.8.0
- Security: implement standards compliant cookie handling by adding a
dependency on http-cookie. This breaks compatibility, but was necessary to
address a session fixation / cookie disclosure vulnerability.
(#369 / CVE-2015-1820)
Previously, any Set-Cookie headers found in an HTTP 30x response would be
sent to the redirection target, regardless of domain. Responses now expose a
cookie jar and respect standards compliant domain / path flags in Set-Cookie
headers.
changes in bozohttpd 20150320:
o fix redirection handling
o support transport stream (.ts) and video object (.vob) files
o directory listings show correct file sizes for large files
changes in bozohttpd 20140717:
o properly handle SSL errors
ok @agc.
Changelog:
31.5.3
Fixed Security fixes for issues disclosed at HP Zero Day Initiative's Pwn2Own contest
Fixed in Firefox ESR 31.5.3
2015-28 Privilege escalation through SVG navigation
31.5.2
Fixed Security fixes for issues disclosed at HP Zero Day Initiative's Pwn2Own contest
Fixed in Firefox ESR 31.5.2
2015-29 Code execution through incorrect JavaScript bounds checking elimination
Changelog:
Fixed 36.0.4: Security fixes for issues disclosed at HP Zero Day Initiative's Pwn2Own contest
Fixed in Firefox 36.0.4
2015-28 Privilege escalation through SVG navigation
Fixed in Firefox 36.0.3
2015-29 Code execution through incorrect JavaScript bounds checking elimination
Changelog:
Version 8.0.2 March 11th 2015
Prevent DB errors in certain high load situations
Fix installation and updating of apps from the app store
Fix documentation links
Fix file move/copy when out of storage space
Disable 3rd party apps during upgrade to prevent breaking ownCloud if incompatible apps are used
Fix compatibility with certain MariaDB versions
Print app upgrade information to console
Detect broken APC versions
Fix certain incompatibilities with older PHP 5.4 versions
Several smaller fixes
Since 3.1.2.1
----------------
bugfix: Users without permissions to add timeslots can add timeslots if the task is assigned to him/her.
bugfix: In tasks list, in show menu, user has no time permissions but time option is shown, and are also shown the time links in task row.
bugfix: In tasks list, if action popover button has no actions, it is shown with an empty menu.
bugfix: on template tasks add dependant task not working.
bugfix: after edit member update all childs depths.
bugfix: when deleting emails the register in objects table was not deleted.
bugfix: document level filter is not set with its current value when logging in.
feature: in single member selector when no member is selected show root node's text.
feature: upgrade by console - no need to pass the version from and version to parameters.
Since 3.1.2
----------------
bugfix: When checking mail, check for spam level in headers improved.
bugfix: Error when adding tasks.
bugfix: Cannot delete user group.
bugfix: Feng1 to Feng3 upgrade script does not fill the "enabled_dimensions" config option.
Since 3.1.1
----------------
feature: Cron process to reprocess last objects' sharing table entries
Since 3.1
----------------
bugfix: Sql error in tasks list.
bugfix: In upgrader script, if DEFAULT_LOCALIZATION not defined then define it with value "en_us".
bugfix: After adding tasks, actions buttons not working.
bugfix: Reminders on task templates are not saved.
bugfix: Can't see subtasks if parent task is not displayed.
bugfix: If email account is set as default, then the "Sender name" field is ignored.
bugfix: After change group by on tasks list the groups are still the same.
bugfix: Timezones on tasks list groups.
bugfix: When adding an event checkboxes "subscribe invited users" and "send email notifications" are not working.
bugfix: Duplicated tasks on tasks list in last month and last week when this groups are overlapping.
bugfix: Sql error table missing prefix. table im_types.
bugfix: Can't add tasks in french.
feature: in contact csv import allow to match custom properties
language: fr_ca updated.
Since 3.1-beta
----------------
bugfix: Template tasks subscribers were not copied when instantiating the tasks.
bugfix: Remove contextmenu from the email editor.
bugfix: Autoclassifying email fix in query.
bugfix: Refresh the task row after adding timeslots to tasks.
bugfix: Sql query malformed on tasks list.
bugfix: Duplicate signature sometimes when replying emails.
bugfix: When creating collaborators positioned in a workspace, the workspace is not added to the member cache, permissions are fine.
bugfix: Javascript eerror "member is undefined" in member cache js file.
Since 3.0.8
----------------
feature: hierarchy filter on documents tab.
feature: in custom reports if object name is printed now it is a link to the object.
feature: when classifying users using drag and drop the system asks if you want to add the default permissions for the users in the workspace where they are being classified.
feature: add tags selector in user add/edit form.
performance: tree node asks for childrens to the server twice after click .
bugfix: reminders on template tasks.
bugfix: after adding a client, the client tree shows the client twice.
bugfix: do not reload member trees after editing a member.
bugfix: use current time when adding timeslots from tasks list.
bugfix: permission errors when adding timeslots from tasks list.
bugfix: on tasks list after add the first task remove "There are no tasks in".
bugfix: wrong order when grouping by priority on tasks list.
bugfix: wrong signature when replying mail from a non default account.
bugfix: after add subtasks send assignment notifications.
bugfix: when dragging members to no-permissions tree children are not moved.
bugfix: cannot edit user tags.
bugfix: select milestones on templates.
bugfix: when composing an email with other email address the autosave asks if you want to send with that adddess (it must ask only when sending or saving draft).
bugfix: collaborators should not have access to mail tab
language: fr_ca updated.
Since 3.0.7
----------------
Since 3.0.6
----------------
feature: in custom reports, show name column as a link to the listed object and open the link in a new feng tab.
feature: add projects to available object types when configuring autonumeric prefixes.
feature: crpm types plugin - new dimension Client type, Project type and Project status.
feature: when replying an email of other account, a warning must appear telling that email will be sent using that account and give the posibility to change the account before sending the email.
bugfix: upgrade script to 3.0 fails when inserting in tab_panels if not all columns are specified depending in mysql server configuration.
bugfix: dont use the same "from name" when sending mails with different account.
bugfix: cannot autoclassify mails in more than one workspace.
bugfix: checklang translation tool does not show plugin missing/incomplete translation files.
bugfix: non-exec directors should not be task assingable.
bugfix: header breadcrumbs are not reloaded when deleting a workspace.
bugfix: when reordering workspaces, tags, clients and projects columns in any listing (notes, documents, etc), the values of these columns are lost for all rows, must reload the list to reappear.
bugfix: send notification when a task is assigned.
performance: ajax load on tasks list.
* gnome option is broken. Disable it.
Changelog:
What's New in SeaMonkey 2.33
SeaMonkey 2.33 contains the following major changes relative to SeaMonkey 2.32.1:
SeaMonkey-specific changes
Security notification bars now feature tracking controls.
The tracking/privacy preferences pane has been updated.
Mozilla platform changes
The Flash protected-mode sandbox has been disabled on Windows in order to evaluate the stability impact of protected mode.
Insecure RC4 ciphers are no longer accepted whenever possible.
Certificates with 1024-bit RSA keys have been phased out.
A subset of the Media Source Extensions (MSE) API has been implemented in order to allow native HTML5 playback on YouTube. Full support is on the way.
The performance of the new ES6 generator functions has been improved.
Also see Firefox 36 for Developers.
Fixed several stability issues.
Bugs fixed in this release
SeaMonkey bugs
Thunderbird bugs (including both shared MailNews- and Thunderbird-only bugs)
Relevant security fixes are listed on Security Advisories for SeaMonkey.
* Security advisories are not available yet.
1.1.0
-----
Mostly bug fix release. Highlights:
* Inline model editing on the list page
* FileAdmin refactoring and fixes
* FileUploadField and ImageUploadField will work with Required() validator
* Bug fixes
For full changes, please refer http://www.piwigo.org/releases/2.7.4 and
related pages.
This release contains these security fixes.
* SQL injection CVE-2015-1517 reported by Schleier, Sven (KPMG Management
Consulting Singapore)
* SQL injection and XSS failures reported and corrected by Steffen Rösemann
Changes before 6.5.19, please refer: http://support.sugarcrm.com/02_Documentation/01_Sugar_Editions/05_Sugar_Community_Edition/
Fixed Issues
Sugar 6.5.20 is a security update released to address certain security
vulnerabilities identified during our routine QA checks.
We strongly recommend that you install this update at the earliest
opportunity. While we have not experienced any reported incidents relating to
these vulnerabilities to date, failure to install this update could leave you
exposed to the following types of malicious third party attacks:
Unauthenticated users may retrieve contents from system-generated files.
These vulnerabilities as well as an additional issue have been addressed in
release 6.5.20 which is available for download from the Download Manager.
Administrators are strongly encouraged to upgrade their Sugar instances
running 6.5.x or earlier to 6.5.20 to prevent potential exploitation of these
weaknesses.
IMPORTANT: Liquid 2.6 is going to be the last version of Liquid which maintains explicit Ruby 1.8 compatability.
The following releases will only be tested against Ruby 1.9 and Ruby 2.0 and are likely to break on Ruby 1.8.
## 2.6.1 / 2014-01-10 / branch "2-6-stable"
Security fix, cherry-picked from master (4e14a65):
* Don't call to_sym when creating conditions for security reasons, see #273 [Bouke van der Bijl, bouk]
* Prevent arbitrary method invocation on condition objects, see #274 [Dylan Thacker-Smith, dylanahsmith]
## 2.6.0 / 2013-11-25
* ...
* Bugfix for #106: fix example servlet [gnowoel]
* Bugfix for #97: strip_html filter supports multi-line tags [Jo Liss, joliss]
* Bugfix for #114: strip_html filter supports style tags [James Allardice, jamesallardice]
* Bugfix for #117: 'now' support for date filter in Ruby 1.9 [Notre Dame Webgroup, ndwebgroup]
* Bugfix for #166: truncate filter on UTF-8 strings with Ruby 1.8 [Florian Weingarten, fw42]
* Bugfix for #204: 'raw' parsing bug [Florian Weingarten, fw42]
* Bugfix for #150: 'for' parsing bug [Peter Schröder, phoet]
* Bugfix for #126: Strip CRLF in strip_newline [Peter Schröder, phoet]
* Bugfix for #174, "can't convert Fixnum into String" for "replace" [wǒ_is神仙, jsw0528]
* Allow a Liquid::Drop to be passed into Template#render [Daniel Huckstep, darkhelmet]
* Resource limits [Florian Weingarten, fw42]
* Add reverse filter [Jay Strybis, unreal]
* Add utf-8 support
* Use array instead of Hash to keep the registered filters [Tasos Stathopoulos, astathopoulos]
* Cache tokenized partial templates [Tom Burns, boourns]
* Avoid warnings in Ruby 1.9.3 [Marcus Stollsteimer, stomar]
* Better documentation for 'include' tag (closes#163) [Peter Schröder, phoet]
* Use of BigDecimal on filters to have better precision (closes#155) [Arthur Nogueira Neves, arthurnn]
2.45.0 (2014-02-28)
===================
Firefox:
* Native events in Firefox relied on an API that Mozilla no longer
provides. As such, fall back to synthesized events on recent Firefox
versions.
Ruby changes:
* Allow switching windows when current window is closed (thanks Titus Fortner).
* Add :javascript_enabled to Android capabilities.
2.44.0 (2014-10-05)
===================
No Ruby changes in this release.
Firefox:
* Native event support for Firefox 24, 31, 32 and 33
2.43.0 (2014-09-09)
===================
* Make sure UnhandledAlertErrors includes the alert text if provided by the driver.
* Firefox
- Make sure the browser process is properly killed if silent startup hangs (#7392)
- native events support for Firefox 24, 31 and 32
* Loosen websocket dependency to ~> 1.0
* Add support for `switch_to.parent_frame` (thanks abotalov)
* Fix download location for Selenium::Server.{latest,get} (#7049 - thanks marekj)
# 1.7.3
- Security: redact password in URI from logs (#349 / OSVDB-117461)
- Drop monkey patch on MIME::Types (added `type_for_extension` method, use
the public interface instead.
# 1.7.2
- Ignore duplicate certificates in CA store on Windows
# 1.7.1
- Relax mime-types dependency to continue supporting mime-types 1.x series.
There seem to be a large number of popular gems that have depended on
mime-types '~> 1.16' until very recently.
- Improve urlencode performance
- Clean up a number of style points
# 1.7.0
- This release drops support for Ruby 1.8.7 and breaks compatibility in a few
other relatively minor ways
- Upgrade to mime-types ~> 2.0
- Don't CGI.unescape cookie values sent to the server (issue #89)
- Add support for reading credentials from netrc
- Lots of SSL changes and enhancements: (#268)
- Enable peer verification by default (setting `VERIFY_PEER` with OpenSSL)
- By default, use the system default certificate store for SSL verification,
even on Windows (this uses a separate Windows build that pulls in ffi)
- Add support for SSL `ca_path`
- Add support for SSL `cert_store`
- Add support for SSL `verify_callback` (with some caveats for jruby, OS X, #277)
- Add support for SSL ciphers, and choose secure ones by default
- Run tests under travis
- Several other bugfixes and test improvements
- Convert Errno::ETIMEDOUT to RestClient::RequestTimeout
- Handle more HTTP response codes from recent standards
- Save raw responses to binary mode tempfile (#110)
- Disable timeouts with :timeout => nil rather than :timeout => -1
- Drop all Net::HTTP monkey patches
# 1.6.8
- The 1.6.x series will be the last to support Ruby 1.8.7
- Pin mime-types to < 2.0 to maintain Ruby 1.8.7 support
- Add Gemfile, AUTHORS, add license to gemspec
- Point homepage at https://github.com/rest-client/rest-client
- Clean up and fix various tests and ruby warnings
- Backport `ssl_verify_callback` functionality from 1.7.0
== 0.6.3 / 2015-01-09
* Minor enhancements
* Expose an env helper for persistently configuring the env as needed
(Darío Javier Cravero #80)
* Expose the tempfile of UploadedFile (Sytse Sijbrandij #67)
* Bug fixes
* Improve support for arrays of hashes in multipart forms (Murray Steele #69)
* Improve test for query strings (Paul Grayson #66)
* As per spec, don't include STS header in non-https responses
* Handle bad URIs gracefully.
Some adapters (i.e. jruby-rack) will pass through bad URIs, then display
the resulting exception. This creates an attack vector for XSS attacks.
* Added more installation/usage instructions into the README
* Return 400 instead of 404 in case of InvalidURIError
* Include Content-Type in 400 response.
To stay compatible with old Rack versions.
* Skip URI parsing Request#url
URI may fail to parse some legit URL paths.
* Discard invalid Referer header.
If an invalid Referer header such as "http://example.com/bad|uri" is
provided, ignore the value of it and skip using the Host header fallback.
* refactor instantiation.
* fix typoed header name.
* clarify reaction warning, test it.
* fix base url concatenation
* Adds instantiation settings via block or hash.
Fixes .downcase being called on symbols.
Cleaned up
Cleans up hash setter. Adds block support
Adds tests for hash and block instantiation
Undoes string fix for patron/request.rb to keep with scope.
* Handle two failing specs
One is failing due to no OS support for SSLv2. This is reasonable,
so I just removed SSLv2 from the list of SSL versions to test. This
doesn't change the meaning of the test at all.
I could not find the root cause of the other spec failure, though
I suspect it is a setup problem. I have disabled the spec for now
and will revisit it later on.
* Add doc comment
* Add a way to get the Request object
* Revert request action to be a symbol, but still allow upcase and
downcase strings.
0.12.5 (February 22nd 2015)
* FIX#1794 inheritance of global prereqs (@ujifgc)
* FIX#1798 handling non-array `with` statement for params (@ujifgc)
* FIX Russian translation for password (@harrykiselev)
* FIX Prevent Padrino from overriding cache settings (@dariocravero)
* FIX sequence of execution for configuration methods in application
(@namusyaka)
* FIX translations for admin for cs (@ortiga)
* FIX exception raised when running the controller generator (@namusyaka)
* FIX#1875 lock down rack to < 1.6.0 because of sinatra conflict (@ujifgc)
Changes the behavior of Sass's @import directive to only import a file once.
This plugin changes the behavior of Sass's `@import` directive so that
if the same sass file is imported more than once, the second import
will be a no-op. This allows dependencies to behave how most people
expect them to behave and provides a considerable performance improvement
for some sass projects.
**Note**: Although this plugin is maintained by compass, it can be used
without compass in any Sass-based project.
The Compass core stylesheet library and minimum required ruby extensions. This
library can be used stand-alone without the compass ruby configuration file or
compass command line tools.
Changes from previous:
----------------------
- Ignore ECONNABORTED on accept().
- Correctly implemented the config-file option change from "nosymlink" to
"nosymlinkcheck", which was supposedly done in version 2.24.
- Removed mailto: link from default index page.
- Allow CGIs to provide both Location and Status headers. (A. Skrobov)
- Better logic for figuring out CGI SERVER_NAME environment variable. (Oleg)
- Updated for clang, and general cleanup.
Upstream changes:
Highlights
MDL-35392 - Feedback from module assign is now always shown in the gradebook
MDL-31036 - No more truncating characters in assignment quick grading
MDL-46626 - Log report export no longer contains html
MDL-23273 - Limit of responses in choice module is respected in case of synchronous submissions
Functional changes
MDL-31578 - Shibboleth can map attributes for all Moodle fields including custom attributes
MDL-47911 - Performance improvement on gradebook operations
MDL-49240 - Web service core_get_string now functions correctly
MDL-45621 - It is possible to uninstall portfolio plugins
MDL-48670 - Standard behat tests now work properly regardless of user timezone
UI changes
MDL-48533 - Backup report now links to the individual course backup summaries
MDL-49064 - left-align css class now has an RTL equivalent in bootstrap base
Security issues
A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
Fixes and improvements
MDL-42138 - Required custom profile fields are always required on signup form even when user has logged in as guest
MDL-49059 - Possible to embed YouTube videos with start time or playlist info
MDL-48544 - Block region no longer disappears if all blocks in it were hidden
MDL-48841 - Fixed bug with not being able to reset scheduled task to defaults
MDL-49167 - Fixed regression with $CFG->yuislasharguments introduced by previous minor release
MDL-47953 - Grader report shows correct number of students per page when suspended users are present
MDL-48294 - enablemobilewebservice is no longer duplicated in Site admin
MDL-48679 - Fixed bug with missing grade export URL when using grade publishing
Changelog:
Fixed 36.0.1 - Disable the usage of the ANY DNS query type (1093983)
Fixed 36.0.1 - Fixed a startup crash with EMET (1137050)
Fixed 36.0.1 - Hello may become inactive until restart (1137469)
Fixed 36.0.1 - Print preferences may not be preserved (1136855)
Fixed 36.0.1 - Hello contact tabs may not be visible (1137141)
Fixed 36.0.1 - Accept hostnames that include an underscore character ("_") (1136616)
Fixed 36.0.1 - WebGL may use significant memory with Canvas2d (1137251)
Fixed 36.0.1 - Option -remote has been restored (1080319)
Fixed 36.0.1 - Fix a top crash
These releases address a security issue in the Django admin.
* Issue: XSS attack via properties in ModelAdmin.readonly_fields
* Advisory: HTML escaping when calling template filters from Python code
0.9.2 (2015-02-24)
Fixed compatibility with Requests 2.5.1
Changed the default JSON Content-Type to application/json as UTF-8 is the default JSON encoding
Changes
1.10.1 (2015-02-10)
Pools can be used as context managers. (Issue #545)
Don’t re-use connections which experienced an SSLError. (Issue #529)
Don’t fail when gzip decoding an empty stream. (Issue #535)
Add sha256 support for fingerprint verification. (Issue #540)
Fixed handling of header values containing commas. (Issue #533)
1.10 (2014-12-14)
Disabled SSLv3. (Issue #473)
Add Url.url property to return the composed url string. (Issue #394)
Fixed PyOpenSSL + gevent WantWriteError. (Issue #412)
MaxRetryError.reason will always be an exception, not string. (Issue #481)
Fixed SSL-related timeouts not being detected as timeouts. (Issue #492)
Py3: Use ssl.create_default_context() when available. (Issue #473)
Emit InsecureRequestWarning for every insecure HTTPS request. (Issue #496)
Emit SecurityWarning when certificate has no subjectAltName. (Issue #499)
Close and discard sockets which experienced SSL-related errors. (Issue #501)
Handle body param in .request(...). (Issue #513)
Respect timeout with HTTPS proxy. (Issue #505)
PyOpenSSL: Handle ZeroReturnError exception. (Issue #520)
1.9.1 (2014-09-13)
Apply socket arguments before binding. (Issue #427)
More careful checks if fp-like object is closed. (Issue #435)
Fixed packaging issues of some development-related files not getting included. (Issue #440)
Allow performing only fingerprint verification. (Issue #444)
Emit SecurityWarning if system clock is waaay off. (Issue #445)
Fixed PyOpenSSL compatibility with PyPy. (Issue #450)
Fixed BrokenPipeError and ConnectionError handling in Py3. (Issue #443)
1.9 (2014-07-04)
Shuffled around development-related files. If you’re maintaining a distro package of urllib3, you may need to tweak things. (Issue #415)
Unverified HTTPS requests will trigger a warning on the first request. See our new security documentation for details. (Issue #426)
New retry logic and urllib3.util.retry.Retry configuration object. (Issue #326)
All raised exceptions should now wrapped in a urllib3.exceptions.HTTPException-extending exception. (Issue #326)
All errors during a retry-enabled request should be wrapped in urllib3.exceptions.MaxRetryError, including timeout-related exceptions which were previously exempt. Underlying error is accessible from the .reason propery. (Issue #326)
urllib3.exceptions.ConnectionError renamed to urllib3.exceptions.ProtocolError. (Issue #326)
Errors during response read (such as IncompleteRead) are now wrapped in urllib3.exceptions.ProtocolError. (Issue #418)
Requesting an empty host will raise urllib3.exceptions.LocationValueError. (Issue #417)
Catch read timeouts over SSL connections as urllib3.exceptions.ReadTimeoutError. (Issue #419)
Apply socket arguments before connecting. (Issue #427)
1.8.3 (2014-06-23)
Fix TLS verification when using a proxy in Python 3.4.1. (Issue #385)
Add disable_cache option to urllib3.util.make_headers. (Issue #393)
Wrap socket.timeout exception with urllib3.exceptions.ReadTimeoutError. (Issue #399)
Fixed proxy-related bug where connections were being reused incorrectly. (Issues #366, #369)
Added socket_options keyword parameter which allows to define setsockopt configuration of new sockets. (Issue #397)
Removed HTTPConnection.tcp_nodelay in favor of HTTPConnection.default_socket_options. (Issue #397)
Fixed TypeError bug in Python 2.6.4. (Issue #411)
Collection.
This extention was previously known as ZendOptimizerPlus and has been renamed by
upstream.
Changes:
7.0.4
Added function opcache_is_script_cached()
- Fix bug #67111 (Loop variables need to be freed for both "break" and
"continue")
- Fix opcache.revalidate_freq per-request behavior
- Fixed bug #67215 (php-cgi work with opcache, may be segmentation fault happen)
- Fixed issue #183 (TMP_VAR is not only used once)
7.0.3
- Fixed bug #66298 (ext/opcache/Optimizer/zend_optimizer.c has dos-style
^M as lineend)
- Added suggestion about opcache.revalidate_freq setting in development
environmento
- Fixed Issue #140: "opcache.enable_file_override" doesn't respect
"opcache.revalidate_freq"
- Fixed reavlidate_path=1 behavior to avoid caching of symlinks values.
- Fixed opcahce_reset() crash when opcache.protect_memory is set
- Fixed bug #66176 (Invalid constant substitution)
- Fixed bug #65559 (Opcache: cache not cleared if changes occur while running)
- Fixed compatibility with old PHP versions
- Fixed bug #65915 (Inconsistent results with require return value)
- Fixed issue #115 (path issue when using phar)
- Fixed issue #149 (Phar mount points not working with OPcache enabled)
- Fixed bug #65845 (Error when Zend Opcache Optimizer is fully enabled).
- Added function opcache_compile_file() to load PHP scripts into cache without
execution.
- Fixed issue #135 (segfault in interned strings if initial memory is too low)
- Fixed bug #65665 (Exception not properly caught when opcache enabled)
- Fixed issue #128 (opcache_invalidate segmentation fault)
- Fixed bug #65510 (5.5.2 crashes in _get_zval_ptr_ptr_var)
- Fixed bug #65561 (Zend Opcache on Solaris 11 x86 needs ZEND_MM_ALIGNMENT=4)
- Replce ZEND_FETCH_* instructions with IS_CV if possible
- Added opcache.restrict_api configuration directive that may limit usage of
OPcahce API functions only to patricular script(s)
- Added support for glob symbols in blacklist entries (?, *, **)
- Improved implementation of NOP removal pass from O(n^2) to O(n)
- Fixed bug #65338 (Enabling both php_opcache and php_wincache AVs on shutdown).
- Fixed bug #64827 Segfault in zval_mark_grey (zend_gc.c)
7.0.2
- Fixed issue #26 (added opcache_invalidate(string $filename [, bool
$force = false]) function)
- Fixed issue #74 (Allowed per request OPcache disabling)
- Fixed issue #76 (actually we don't need zend_shared_meory_block_header at all)
- Fixed issue #78 (incorrect file path validation)
- Fixed issue #79 (Optimization Problem/Bug)
- Fixed issue #82 (allow comments in blacklist file, lines started with ";")
- Fixed issue #91 (fix x64 fixed addresses)
- Fxied issue #92 (Compilation warnings)
- Fixed issue #97 (Use size_t instead of int to support a cache larger than 2G)
- Fixed bug (Avoid possible conditional jump depended on uninitialised value)
7.0.1
- Fixed Bug #64490 (add __FreeBSD_kernel__ to allowed FreeBSD defs)
- Fixed Bug #64482 (Opcodes for dynamic includes should not be cached)
- Fixed Bug #64353 (Built-in classes can be unavailable with dynamic includes
and Optimizer+)
- Fixed compatibility with ext/phar
- Fixed Issue #58 (PHP-5.2 compatibility)
- Fixed Issue #57 (segfaults in drupal7)
- Fixed Issue #54 (PECL install adds extension= instead of zend_extension= to
php.ini)-iii
- Allows exclusion of large files from being cached
- Save a stat() call by calling sapi_module.get_stat()
- Add optional flag to opcache_get_status()
- Separate "start_time" from "last_restart_time"
fixed pkg/49735 noted by kjw at doglet.ca
Minor changes to documentation.
[varnishadm] Add termcap workaround for libedit. Bug 1531.
Document storage.<name>.* VCL variables. Bug 1514.
Fix memory alignment panic when http_max_hdr is not a multiple of 4. Bug 1327.
Avoid negative ReqEnd timestamps with ESI. Bug 1297.
%D format for varnishncsa is now an integer (as documented)
Fix compile errors with clang.
Clear objectcore flags earlier in ban lurker to avoid spinning thread. Bug 1470.
Patch embedded jemalloc to avoid segfault. Bug 1448.
Allow backend names to start with if, include or else. Bug 1439.
Stop handling gzip after gzip body end. Bug 1086.
Document %D and %T for varnishncsa.
pkgsrc change:
* Add ${GEM_EXTSDIR}/gem.build_complete for new rubygems and updated ruby.
=== unicorn 4.8.3 - the end of an era / 2014-05-07 07:50 UTC
This release updates documentation to reflect the migration of the
mailing list to a new public-inbox[1] instance. This is necessary
due to the impending RubyForge shutdown on May 15, 2014.
The public-inbox address is: unicorn-public@bogomips.org
(no subscription required, plain text only)
ssoma[2] git archives: git://bogomips.org/unicorn-public
browser-friendly archives: http://bogomips.org/unicorn-public/
Using, getting help for, and contributing to unicorn will never
require any of the following:
1) non-Free software (including SaaS)
2) registration or sign-in of any kind
3) a real identity (we accept mail from Mixmaster)
4) a graphical user interface
Nowadays, plain-text email is the only ubiquitous platform which
meets all our requirements for communication.
There is also one small bugfix to handle premature grandparent death
upon initial startup. Most users are unaffected.
[1] policy: http://public-inbox.org/ - git://80x24.org/public-inbox
an "archives first" approach to mailing lists
[2] mechanism: http://ssoma.public-inbox.org/ - git://80x24.org/ssoma
some sort of mail archiver (using git)
=== unicorn 4.8.2 - avoid race condition during worker startup / 2014-02-05 18:24 UTC
We close SELF_PIPE in the worker immediately, but signal handlers
do not get setup immediately. So prevent workers from erroring out
due to invalid SELF_PIPE.
=== unicorn 4.8.1 / 2014-01-29 08:48 UTC
fix races/error handling in worker SIGQUIT handler
This protects us from two problems:
1) we (or our app) somehow called IO#close on one of the sockets
we listen on without removing it from the readers array.
We'll ignore IOErrors from IO#close and assume we wanted to
close it.
2) our SIGQUIT handler is interrupted by itself. This can happen as
a fake signal from the master could be handled and a real signal
from an outside user is sent to us (e.g. from unicorn-worker-killer)
or if a user uses the killall(1) command.
=== unicorn 4.8.0 - big internal changes, but compatible / 2014-01-11 07:34 UTC
This release contains fairly major internal workings of master-to-worker
notifications. The master process no longer sends signals to workers
for most tasks. This works around some compatibility issues with some
versions of the "pg" gem (and potentially any other code which may not
handle EINTR properly). One extra benefit is it also helps stray
workers notice a rare, unexpected master death more easily. Workers
continue to (and will always) accept existing signals for compatibility
with tools/scripts which may signal workers.
PID file are always written early (even on upgrade) again to avoid
breaking strange monitoring setups which use PID files. Keep in mind we
have always discouraged monitoring based on PID files as they are
fragile.
We now avoid bubbling IOError to the Rack app on premature client
disconnects when streaming the input body. This is usually not a
problem with nginx, but may be on some LAN setups without nginx).
Thanks to Sam Saffron, Jimmy Soho, Rodrigo Rosenfeld Rosas,
Michael Fischer, and Andrew Hobson for their help with this release.
Note: the unicorn mailing list will be moved/changed soon due to the
RubyForge shutdown. unicorn will always rely only on Free Software.
There will never be any sign-up requirements nor terms-of-service to
agree to when communicating with us.
=== unicorn 4.8.0pre1 / 2013-12-09 09:51 UTC
Eric Wong (6):
tests: fix SO_REUSEPORT tests for old Linux and non-Linux
stream_input: avoid IO#close on client disconnect
t0300: kill off stray processes in test
always write PID file early for compatibility
doc: clarify SIGNALS and reference init example
rework master-to-worker signaling to use a pipe
=== unicorn 4.7.0 - minor updates, license tweak / 2013-11-04 06:59 UTC
* support SO_REUSEPORT on new listeners (:reuseport)
This allows users to start an independent instance of unicorn on
a the same port as a running unicorn (as long as both instances
use :reuseport).
ref: https://lwn.net/Articles/542629/
* unicorn is now GPLv2-or-later and Ruby 1.8-licensed
(instead of GPLv2-only, GPLv3-only, and Ruby 1.8-licensed)
This changes nothing at the moment. Once the FSF publishes the next
version of the GPL, users may choose the newer GPL version without the
unicorn BDFL approving it. Two years ago when I got permission to add
GPLv3 to the license options, I also got permission from all past
contributors to approve future versions of the GPL. So now I'm
approving all future versions of the GPL for use with unicorn.
Reasoning below:
In case the GPLv4 arrives and I am not alive to approve/review it,
the lesser of evils is have give blanket approval of all future GPL
versions (as published by the FSF). The worse evil is to be stuck
with a license which cannot guarantee the Free-ness of this project
in the future.
This unfortunately means the FSF can theoretically come out with
license terms I do not agree with, but the GPLv2 and GPLv3 will
always be an option to all users.
Note: we currently prefer GPLv3
Two improvements thanks to Ernest W. Durbin III:
* USR2 redirects fixed for Ruby 1.8.6 (broken since 4.1.0)
* unicorn(1) and unicorn_rails(1) enforces valid integer for -p/--port
A few more odd, minor tweaks and fixes:
* attempt to rename PID file when possible (on USR2)
* workaround reopen atomicity issues for stdio vs non-stdio
* improve handling of client-triggerable socket errors
