| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
All checksums have been double-checked against existing RMD160 and
SHA512 hashes
Not committed (merge conflicts):
www/nghttp2/distinfo
Unfetchable distfiles (almost certainly fetched conditionally...):
./www/nginx-devel/distinfo array-var-nginx-module-0.05.tar.gz
./www/nginx-devel/distinfo echo-nginx-module-0.62.tar.gz
./www/nginx-devel/distinfo encrypted-session-nginx-module-0.08.tar.gz
./www/nginx-devel/distinfo form-input-nginx-module-0.12.tar.gz
./www/nginx-devel/distinfo headers-more-nginx-module-0.33.tar.gz
./www/nginx-devel/distinfo lua-nginx-module-0.10.19.tar.gz
./www/nginx-devel/distinfo naxsi-1.3.tar.gz
./www/nginx-devel/distinfo nginx-dav-ext-module-3.0.0.tar.gz
./www/nginx-devel/distinfo nginx-rtmp-module-1.2.2.tar.gz
./www/nginx-devel/distinfo nginx_http_push_module-1.2.10.tar.gz
./www/nginx-devel/distinfo ngx_cache_purge-2.5.1.tar.gz
./www/nginx-devel/distinfo ngx_devel_kit-0.3.1.tar.gz
./www/nginx-devel/distinfo ngx_http_geoip2_module-3.3.tar.gz
./www/nginx-devel/distinfo njs-0.5.0.tar.gz
./www/nginx-devel/distinfo set-misc-nginx-module-0.32.tar.gz
./www/nginx/distinfo array-var-nginx-module-0.05.tar.gz
./www/nginx/distinfo echo-nginx-module-0.62.tar.gz
./www/nginx/distinfo encrypted-session-nginx-module-0.08.tar.gz
./www/nginx/distinfo form-input-nginx-module-0.12.tar.gz
./www/nginx/distinfo headers-more-nginx-module-0.33.tar.gz
./www/nginx/distinfo lua-nginx-module-0.10.19.tar.gz
./www/nginx/distinfo naxsi-1.3.tar.gz
./www/nginx/distinfo nginx-dav-ext-module-3.0.0.tar.gz
./www/nginx/distinfo nginx-rtmp-module-1.2.2.tar.gz
./www/nginx/distinfo nginx_http_push_module-1.2.10.tar.gz
./www/nginx/distinfo ngx_cache_purge-2.5.1.tar.gz
./www/nginx/distinfo ngx_devel_kit-0.3.1.tar.gz
./www/nginx/distinfo ngx_http_geoip2_module-3.3.tar.gz
./www/nginx/distinfo njs-0.5.0.tar.gz
./www/nginx/distinfo set-misc-nginx-module-0.32.tar.gz
|
|
|
|
Contao 35 should be work on PHP 7.4.
|
|
|
|
* Add fix for CVE-2020-25768.
* Fix time range problem on positive timezone.
Bump PKGREVISION.
|
|
Drop php71 support mechanically.
|
|
Contao 3.5 dose not support PHP 7.4.
|
|
pkglint -Wall -F --only aligned --only indent -r
Manually excluded phraseanet since pkglint got the indentation wrong.
|
|
Version 3.5.40 (2019-04-10)
---------------------------
### Fixed
Fix the save callback in the back end password module (see #429).
|
|
pkgsrc change: use SUBST_VARS.
Version 3.5.39 (2019-04-09)
---------------------------
### Fixed
Invalidate the user sessions if a password changes (see CVE-2019-10641).
|
|
Version 3.5.38 (2018-12-21)
---------------------------
### Fixed
Correctly check the permission to move child records as non-admin user.
|
|
Version 3.5.37 (2018-12-13)
---------------------------
### Fixed
Prevent information disclosure in the back end (see CVE-2018-20028).
|
|
Version 3.5.36 (2018-09-18)
---------------------------
### Fixed
Prevent arbitrary code execution through .phar files (see CVE-2018-17057).
### Fixed
Correctly reset the autologin data upon logout (#8868).
### Fixed
Remove support for deprecated user password hashes (see #8889).
|
|
Version 3.5.35 (2018-04-18)
---------------------------
### Fixed
Fix an XSS vulnerability in the system log (see CVE-2018-10125).
CVE-2018-10125
With a manipulated request, an attacker can implant a script which is executed
when a logged in back end user opens the system log. The attacker themselves
does not have to be logged in.
The problem affects Contao 3.0.0 to 3.5.34, 4.0.0 to 4.4.17 and 4.5.0 to
4.5.7. We highly recommend you to update.
|
|
Version 3.5.34 (2018-03-06)
---------------------------
### Fixed
Check the registry for table prefixed queries (see contao/core-bundle#1161).
### Fixed
Improve the folder hashing performance (see #8856).
### Fixed
Reset the autologin hash if the username or password changes (see #8843).
### Fixed
Correctly encode the sitemap URLs (see #8849).
|
|
Contao 3.5.33 is available 2018/01/22 10:08 by Leo Feyer
Contao version 3.5.33 is available. The bugfix release restores the PHP 5.4
compatibility and fixes problems with MariaDB 10.2.4+ and MySQL 8.
PHP 5.4
Even if Contao 3.5 still supports PHP 5.4, we strongly advise against using
outdated PHP versions. Contao 3.5 is compatible with the latest PHP versions,
therefore – if the installed extensions allow it – you should run it with PHP
7 or at least PHP 5.6.
Identifier Quoting
We have revised identifier quoting, which we had added to Contao 4.4.10, and
ported it to Contao 3, so Contao 3.5 should be compatible with MariaDB 10.2.4+
and MySQL 8 now.
|
|
Contao 3.5.32 is available 2018/01/18 09:48 by Leo Feyer
Contao version 3.5.32 is available. The bugfix release fixes an XSS
vulnerability in the newsletter extension (CVE-2018-5478).
CVE-2018-5478
The vulnerability is in the "unsubscribe" module of the newsletter extension
and can easily be exploited by anyone in the front end. We therefore strongly
recommend you to update.
The problem affects Contao 2.0.0 to 3.5.31 and the Contao newsletter bundle
4.0.0 to 4.0.3.
If you are not using the newsletter extension or the "unsubscribe" module,
your installation is not affected by the vulnerability.
|
|
Version 3.5.31 (2017-11-15)
---------------------------
### Fixed
Prevent SQL injections in the back end search panel (see CVE-2017-16558).
|
|
Version 3.5.30 (2017-10-06)
---------------------------
### Fixed
Filter multi-day events outside the scope in the event list (see #8792).
### Fixed
Correctly show multi-day events if the shortened view is disabled (see #8782).
|
|
Version 3.5.29 (2017-09-27)
---------------------------
### Fixed
Correctly handle unencoded data images in the Combiner (see #8788).
### Fixed
Correctly show multi-day events if the shortened view is disabled (see #8782).
### Fixed
Do not add a suffix when copying if the "doNotCopy" flag is set (see #8610).
### Fixed
Use the module type as group header if sorted by type (see #8402).
### Fixed
Always show the "show from" and "show until" fields (see #8766).
### Fixed
Encode the username when opening the front end preview as a member (see #8762).
|
|
|
|
Version 3.5.28 (2017-07-12)
---------------------------
### Fixed
Prevent arbitrary PHP file inclusions in the back end (see CVE-2017-10993).
### Fixed
Improve the accessibility of the CAPTCHA widget (see #8709).
### Fixed
Fixed the iOS scrolling bug in the simple modal script (see #8708).
### Fixed
Correctly cache the unique keys in the SQL cache (see #8712).
|
|
Version 3.5.27 (2017-04-25)
---------------------------
### Fixed
Revert the Punycode library changes (see #8693).
|
|
Version 3.5.26 (2017-04-20)
---------------------------
### Fixed
Prevent endless loops in the book navigation module (see #8665).
### Fixed
Limit the maximum size of dimensionless SVGs in the back end (see #8684).
### Fixed
Correctly handle custom namespaces when combining DCA files (see #8682).
### Fixed
Also check the X-Forwarded-Proto header when determining HTTPS (see #8691).
### Fixed
Correctly support 64 character template names everywhere (see #6819).
### Updated
Updated the Punycode library to version 2 (see #8693).
### Fixed
Correctly use the en dash in the calendar modules (see #8690).
### Fixed
Remove the UTF-8 BOM when combining files (see #8689).
### Fixed
Do not add the CORS headers in the install tool (see #8681).
### Fixed
Correctly move folders with an "@" in their name (see #8674).
### Fixed
Correctly redirect to the last page visited upon login (see #8632).
### Fixed
Back port the e-mail extraction improvements (see #8679).
|
|
is built into PHP. Bump resp. PKGREVISION.
|
|
|
|
No bump PKGREVISION since it dose not affect existing binary package.
|
|
Version 3.5.25 (2017-03-20)
---------------------------
### Fixed
Only show error messages to authenticated users in the install tool (see #8666).
### Fixed
Always show the modal windows in full height (see #8631).
### Fixed
Support cross domain requests when rebuilding the search index (see #8597).
### Fixed
Correctly store numbers with leading zero in the Config class (see #4035).
### Fixed
Delete an old search entry if the new URL is more canonical (see #8647).
### Fixed
Also make Folder::$dirname an absolute path again (see #8325).
### Fixed
Support using namespaces and use statements in DCA/config files (see #8635).
|
|
Version 3.5.24 (2017-01-19)
---------------------------
### Fixed
Correctly handle SVGZ files in the file manager (also fixes #8624).
### Fixed
Revert the download element changes (see #8620).
|
|
Version 3.5.23 (2017-01-17)
---------------------------
### Fixed
Handle non-numeric values when calculating the image margin (see #8617).
### Fixed
Correctly generate the download elements in the back end (see #8620).
Version 3.5.22 (2017-01-16)
---------------------------
### Fixed
Prevent an endless redirect loop if the page alias is "/" (see #8560).
### Fixed
Correctly parse German dates with two digit years in MooTools (see #8593).
### Fixed
Correctly add new resources to the user/group permissions (see #8583).
### Fixed
Trigger the auto-submit function in the date picker (see #8603).
### Fixed
Call the load callback when loading page/file picker nodes (see #7702).
|
|
Version 3.5.21 (2016-12-29)
---------------------------
### Updated
Update SwiftMailer to version 5.4.5 (fixes CVE-2016-10074).
|
|
|
|
Version 3.5.20 (2016-12-19)
---------------------------
### Fixed
Correctly show running repeated events in the event list (see #8588).
### Fixed
Improve the PHP 7.1 compatibility.
### Fixed
Keep the root nodes order in the page selector (see #8577).
### Fixed
Do not output invalid option values in widget error messages (see #8594).
Thanks to Pascal Gerundt for finding and reporting the issue.
### Fixed
Correctly parse english dates in MooTools (see #8573).
|
|
Version 3.5.19 (2016-11-16)
---------------------------
### Fixed
Only evaluate `hasDetails()` and `hasText()` upon the first call.
### Fixed
Cache the `PageModel::findPublishedFallbackByHostname()` results (see #8544).
### Fixed
Correctly redirect to the website root page (see #8552).
### Fixed
Continue rebuilding the search index if there are errors (see #8541).
|
|
It also welcome back to Danish and Slovenian.
Version 3.5.18 (2016-10-25)
---------------------------
### Fixed
Correctly "toggle select" nodes that are loaded via Ajax (see #8535).
### Fixed
Show running events in the event list again (see #8497).
### Fixed
Correctly calculate the maximum length of tl_files.name (see #8536).
### Fixed
Correctly add the headline if a content element is versionized (see #8502).
### Fixed
Optimize the DCA sorting filter for date fields (see #8485).
### Fixed
Do not show version entries of deleted files (see #8480).
### Fixed
Redirect the empty URL depending on language and alias name (see #8498).
### Fixed
Apply `specialchars()` to widget attributes (see #8505).
### Updated
Updated the Ace code editor to version 1.1.9.
### Fixed
Handle special characters in passwords when creating an admin user (see #8512).
### Fixed
Queue the requests when rebuilding the search index (see #8449).
|
|
Version 3.5.17 (2016-09-20)
---------------------------
### Fixed
Handle special character passwords in the "close account" module (see #8455).
### Fixed
Handle broken SVG files in the Image and File class (see #8470).
### Fixed
Reduce the maximum field length by the file extension length (see #8472).
### Fixed
Fall back to the field name if there is no label (see #8461).
### Fixed
Do not assume NULL by default for binary fields (see #8477).
### Fixed
Correctly render the diff view if not the latest version is active (see #8481).
### Fixed
Update the list of countries and languages (see #8453).
### Fixed
Correctly set up the MooTools CDN URL (see #8458).
### Fixed
Also check the URL length when determining the search URL (see #8460).
### Fixed
Only regenerate the session ID upon login.
|
|
Version 3.5.16 (2016-09-05)
---------------------------
### Fixed
Check if a reader page is protected when generating a sitemap (see #8416).
### Fixed
Support all characters but =!<> and whitespace in simple tokens (see #8436).
### Fixed
Check the user's permission when generating links in the picker (see #8407).
### Fixed
Handle forward pages without target in the navigation modules (see #8377).
### Fixed
Stop the event recurrence if the upper boundary is reached (see #8445).
### Fixed
Show upcoming events if the first occurrence is in the past (see #8447).
### Updated
Update MooTools to version 1.5.2.
### Fixed
Provide the same template variables for downloads and enclosures (see #8392).
### Fixed
Handle %n when parsing date formats (see #8411).
### Fixed
Fix the module wizard's accessibility (see #8391).
### Fixed
Correctly initialize TinyMCE in sub-palettes in Firefox (see #3673).
### Fixed
Validate form field names more accurately (see #8403).
### Fixed
Correctly show the ctime, mtime and atime of a folder (see #8408).
### Fixed
Correctly index changed pages (see #8439).
### Fixed
Always store the UUID of an uploaded file (see #8421).
|
|
Version 3.5.15 (2016-07-15)
---------------------------
### Fixed
Strip soft hyphens when indexing a page (see #8389).
### Fixed
Update mediaelement.js to version 2.21.2 (fixes CVE-2016-4567).
|
|
|
|
Version 3.5.14 (2016-06-16)
---------------------------
### Fixed
Validate the settings when loading a recurring event (see #8286).
### Fixed
Also check for the back end cookie when loading from cache (see #8249).
### Fixed
Unset "mode" and "pid" upon save and edit (see #8292).
### Fixed
Always use the relative path in DC_Folder (see #8370).
|
|
Version 3.5.13 (2016-06-15)
---------------------------
### Fixed
Use the correct empty value when resetting copied fields (see #8365).
### Fixed
Remove the "required" attribute if a subpalette is closed (see #8192).
### Fixed
Correctly generate the feed links in a multi-domain setup (see #8329).
### Fixed
Correctly calculate the maximum file size for DropZone (see #8098).
### Fixed
Do not adjust the start date of a multi-day event (see #8194).
### Fixed
Versionize and show password changes (see #8301).
### Fixed
Make File::$dirname an absolute path again (see #8325).
### Fixed
Store the full URLs in the search index (see contao/core-bundle#491).
### Fixed
Standardize the group names in the checkbox widget (see #8002).
### Fixed
Prevent models from being registered twice (see #8224).
### Fixed
Prevent horizontal scrolling in the ACE editor (see #8328).
### Fixed
Correctly render the breadcrumb links in the template editor (see #8341).
### Fixed
Remove the role attributes from the navigation templates (see #8343).
### Fixed
Do not add `role="tablist"` to the accordion container (see #8344).
|
|
Version 3.5.12 (2016-04-22)
---------------------------
### Fixed
Correctly handle files with uppercase file extensions (see #8317).
Version 3.5.11 (2016-04-21)
---------------------------
### Fixed
Correctly pass the channel ID to the newsletter list template (see #8311).
### Fixed
Do not encode the database password (see #8314).
### Fixed
Fixed adding new folders in the file manager (see #8315).
Version 3.5.10 (2016-04-20)
---------------------------
### Fixed
Always trigger the "isVisibleElement" hook (see #8312).
### Fixed
Do not change all sessions when switching users (see #8158).
### Fixed
Do not allow to close fieldsets with empty required fields (see #8300).
### Fixed
Make the path related properties of the File class binary-safe (see #8295).
### Fixed
Always allow to navigate to the current month in the calendar (see #8283).
### Fixed
Correctly validate and decode IDNA e-mail addresses (see #8306).
### Fixed
Do not add the debug bar resources if `hideDebugBar` is enabled (see #8307).
### Fixed
Skip forward pages entirely in the book navigation module (see #5074).
### Fixed
Do not add the X-Priority header in the Email class (see #8298).
### Fixed
Fix an error message in the newsletter subscription module (see #7887).
### Fixed
Determine the search index checksum in a more reliable way (see #7652).
|
|
Version 3.5.9 (2016-03-21)
--------------------------
### Fixed
Prevent the autofocus attribute from being added multiple times (see #8281).
### Fixed
Respect the SSL settings of the root page when generating sitemaps (see #8270).
### Fixed
Read from the temporary file if it has not been closed yet (see #8269).
### Fixed
Always use HTTPS if the target server supports SSL connections (see #8183).
### Fixed
Adjust the meta wizard field length to the column length (see #8277).
### Fixed
Correctly handle custom mime icon paths (see #8275).
### Fixed
Only log errors that have been configured to get logged (see #8267).
### Fixed
Show the 404 error page if an unpublished article is requested (see #8264).
### Fixed
Correctly count the URLs when rebuilding the search index (see #8262).
### Fixed
Ensure that every image has a width and height attribute (see #8162).
### Fixed
Set the correct mime type when embedding SVG images (see #8245).
### Fixed
Handle the "float_left" and "float_right" classes in the back end (see #8239).
### Fixed
Consider the fallback language if a page alias is ambiguous (see #8142).
### Fixed
Fix the error 403/404 redirect (see contao/website#74).
|
|
Version 3.5.8 (2016-03-01)
--------------------------
### Fixed
Re-add the `$blnFixDomain` argument to keep backwards compatibility.
Version 3.5.7 (2016-02-29)
--------------------------
### Fixed
Always fix the domain and language when generating URLs (see #8238).
### Fixed
Fix two issues with the flexible back end theme (see #8227).
### New
Added new versioning hooks (see #8168).
* "oncreate_version_callback" (supersedes "onversion_callback")
* "onrestore_version_callback" (supersedes "onrestore_callback")
### Fixed
Correctly toggle custom page type icons (see #8236).
### Fixed
Fix the domain in all article, news, event and FAQ insert tags (see #8204).
### Fixed
Update mediaelement.js to version 2.19.0.1 (see #8217).
### Fixed
Correctly render the links in the monthly/yearly event list menu (see #8140).
### Fixed
Skip the registration related fields if a user is duplicated (see #8185).
### Fixed
Correctly show the form field type help text (see #8200).
### Fixed
Correctly create the initial version of a record (see #8141).
### Fixed
Correctly show the "expand preview" buttons (see #8146).
### Fixed
Correctly check that a password does not match the username (see #8209).
### Fixed
Check if a directory exists before executing `mkdir()` (see #8150).
### Fixed
Do not link to the maintenance module if the user cannot access it (see #8151).
### Fixed
Show the "new folder" button in the template manager (see #8138).
|
|
Fix build problem.
|
|
No functional change.
|
|
|
|
Bump PKGREVISION.
|
|
|
