Age | Commit message (Collapse) | Author | Files | Lines |
|
Version 2.11.12 (2013-08-22)
----------------------------
### Fixed
Allow to paste into the root page in "edit multiple" mode (see #5620).
### Updated
Updated TCPDF to version 6.0.010 (see #5676).
### Fixed
Backported the changes from e44864d2 (see #5683).
### Fixed
Handle all possible errors when uploading files (see #5934).
### Improved
Improved the memory footprint of the search index rebuild (see #5681).
### Fixed
Do not trigger the "setNewPassword" hook twice (see #5247).
### Updated
Updated SimplePie to version 1.3.1 (see #5604).
### Fixed
Delete the `pathconfig.php` file in the install tool (see #5536).
|
|
|
|
Upstream changes:
1.016 2013-07-27
- Fix repository metadata. RT#87114
1.015 2012-06-27
- Add broken_dotnet_digest_without_query_string option
Allows digest authentication from .NET, which does not include the
query string in the uri in the digest Authorization header.
- Fix broken synopsis. RT#75254
1.014 2012-02-05
- Add require_ssl configuration setting.
- Add no_unprompted_authorization_required configuration setting.
|
|
Update DEPENDS
Upstream changes:
Tue 29 May 2012 20:19:00 BST - Release 1.01
Add Catalyst::Action::Deserialize::JSON::XS
Fix JSON::XS useage to depend on JSON.pm v2.0, and rely on the
fact that can be backed by XS code, by explicitly setting
$ENV{'PERL_JSON_BACKEND'} = 2
Fri 13 Apr 2012 09:31:00 BST - Release 1.00
Repack without auto_include to stop Module::Install inlining
Test::More without Test::Builder. RT#76524
Tue 28 Feb 2012 09:09:00 GMT - Release 0.99
Repack with new Module::Install to stop depending on an unnecessary
ExtUtils::MakeMaker version.
Tue 21 Feb 2012 11:40:00 GMT - Release 0.98
More fixes as per last release.
Tue 21 Feb 2012 09:58:00 GMT - Release 0.97
Fix test with latest Catalyst version which passes _log into
requests.
Mon 20 Jan 2012 11:22:00 GMT - Release 0.96
Added fix for RT 63537 (from Gerv) and tests to check it.
Wed 04 Jan 2012 19:34:00 GMT - Release 0.95
Fix regex for JSONP parameter name to be able to include the . character
in Catalyst::Action::Serialize::JSONP. RT#73741
Add optional location parameter to status_accepted handler. RT#73691 (ghenry)
Fri 09 Dec 2011 08:35:00 GMT - Release 0.94
Add 403 Forbidden and 302 Not Found status methods to
Catalyst::Controller::REST (Caleb Cushing)
Wed 12 Oct 2011 11:37:00 CDT - Release 0.93
Add a "Callback" serializer/deserializer to allow for more customization in
how the REST data is parsed/generated (bphillips)
Sat 01 Oct 2011 11:04:00 BST - Release 0.92
Add a Catalyst::Action::DeserializeMultiPart, allowing one part of a multipart
request to be deserialized as the REST data (allowing other parts to be used for
file uploads, for example) (bphillips)
|
|
Bump PKGREVISION.
|
|
Update DEPENDS
Upstream changes:
5.90042 - 2013-06-14
- Removed more places where an optional dependency shows up in the test
suite. Hopefully really fixed the unicode regression introduced in 5.90040
- reverted the change we introduced in 5.90040 where a unicode conversion
error warned instead of died. Now it dies again, like in the stand alone
plugin
- More work to make sure nothing happens with encoding unless you explicitly
ask for encoding
- Code to hopefully fix an issue where file uploads using the unicode plugin
caused trouble.
5.90041 - 2013-06-14
- Bug fix release to fix regressions introduced in previous. I would consider
this a likely upgrade and if you are having trouble with the previous I hope
this fixes all of them.
- Fix regression with the cored Unicode plugin that broke systems where you are
setting encoding type in an external configuration file
- Fixed circular dependency introduced when we cored the unicode plugin tests
- Fixed a longstanding problem with stats when locale uses , instead of . for
number decimals
- Fixed some docs that didn't properly date the previous release.
5.90040 - 2013-06-12
! Stricter checking of attributes in Catalyst::DispatchType::Chained:
1) Only allow one of either :CaptureArgs or :Args
2) :CaptureArgs() argument must be numeric
3) :CaptureArgs() and :Args() arguments cannot be negative
- Add Devel::InnerPackage to dependencies, fixing tests on perl 5.17.11
as it's been removed from core. RT#84787
- New support for closing over the PSGI $writer object, useful for working
with event loops.
- lets you access a psgix.io socket, if your server supports it, for manual
handling of the client - server communication, such as for websockets.
- Fix waiting for the server to start in t/author/http-server.t
- new config flag 'abort_chain_on_error_fix' that exits immediately when a
action in an action chain throws and error (fixes issues where currently
the remaining actions are processed and the error is handled at chain
termination).
- Cored the Encoding plugin. Now get unicode out of the box by just setting
$c->config->{encoding} = 'UTF-8'. BACKCOMPAT WARNING: If you are using
the Encoding plugin on CPAN, we skip it to avoid double encoding issues, so
you should remove it from your plugin list, HOWEVER the 'encoding' config
setting is now undef, rather than 'UTF-8' (this was done to avoid breaking
people's existing applications) so you should add the encoding setting to
you global config. There's some other changes between the stand alone
plugin and the cored version, if you use it be sure to see Catalyst::Upgrading
for more.
- minor documentation typo fixes and updates
5.90030 - 2013-04-12
! POSSIBLE BREAKING CHANGE: Removed Regexp dispatch type from core, and put
it in an external package. If you need Regexp dispatch types you should
add "Catalyst-DispatchType-Regex" as a distribution to your build system.
- make $app->uri_for and related methods return something sane, when called
as an application method, instead of a context method. Now if you call
MyApp::Web->uri_for(...) you will get a generic URI object that you need to
resolve manually.
- documentation updates around forwarding to chained actions.
- Fixed bug when a PSGI engine need to use psgix logger.
- Added cpanfile as a way to notice we are a dev checkout.
- Added 'x-tunneled-method' HTTP Header method override to match features in
Catalyst::Action::REST and in other similar systems on CPAN.
- smarter valiation around action attributes.
5.90020 - 2013-02-22
! Catalyst::Action now defines 'match_captures' so it is no long considered
an optional method. This might break you code if you have made custom
action roles/classes where you define 'match_captures'. You must change
your code to use a method modifier (such as 'around').
- New match method "Method($HTTP_METHOD)" where $HTTP_METHOD in (GET, POST,
PUT, HEAD, DELETE, OPTION) and shortcuts in controllers called "GET, POST
PUT, HEAD, DELETE, OPTION"). Tests and documentation. Please note if you
are currently using Catalyst::ActionRole::MatchRequestMethods there may
be compatibility issues. You should remove that actionrole since the built
in behavior is compatible on its own.
- Initial debug screen now shows HTTP Method Match info
- security fixes in the way we handle redirects
- Make Catalyst::Engine and Catalyst::Base immutable
- Some test and documentation improvements
|
|
Upstream changes:
1.39 2013-06-14 12:44:17
- Write =encoding utf8 into generated Pod files so that things
work as expected for people with utf-8 characters in their unix
username as returned by getpwuid (RT#84613)
- Fix unbalanced parenthesis in comptest.tt (RT#85661)
1.38 2013-04-11 20:54:00
- Remove all PAR based deployment options, as they're unsupported
and don't even pretend to work on 5.9 RT#83936
1.37 2012-05-19 11:19:00
- Add x_authority metadata to the distribution for PAUSE.
- Fix restarter regex to apply to files being created/changed,
not just those being deleted.
- Use iomode => ":raw" to stop PNG files getting corrupted
when being slurped on windows as noted on the mailing list.
|
|
Upstream changes:
0.20 2013-06-24 16:09:21 PDT
- Fix packaging (name casing)
0.19 2013-06-24 15:09:55 PDT
- Use Milla
- Add prereqs to LWP/HTTP::Cookies
0.18 Tue Feb 12 02:56:23 PST 2013
- Repackaging
0.17 Mon Feb 11 15:40:50 PST 2013
- Use constant time comparison of HMAC signature to be precautious for timing attacks
0.16 Sun Feb 10 11:41:14 PST 2013
- Fix minimum version requirement for Test::Fatal
0.15 Tue Sep 4 14:15:13 PDT 2012
- Fixed CPAN dependencies
|
|
Adjust DEPENDS
Upstream changes:
0.15 Mon Jan 7 15:59:54 PST 2013
- Cut down dependencies for tests (kazeburo)
0.14 Sat May 26 20:19:23 PDT 2012
- Fixed Plack dependency
0.13 Mon May 14 02:30:13 EEST 2012
- Reverted the fix in 0.12, instead fixing the test to not check port number
0.12 Sun May 13 09:30:58 EEST 2012
- Fixed the default HTTP port detection in case if it was https and use :80 (doy)
|
|
Upstream changes:
0.11 Tue Aug 6 23:24:07 JST 2013
- fix bug around crc calculation and footer generation. Thanks syohex-san
0.10 Fri Jul 19 10:42:33 JST 2013
- replace IO::Compress with PM::Deflater::Encoder for performance improvement
0.09 Mon May 24 14:24:04 JST 2013
- buffering a first chunk. It contains only the gzip header
0.08 Mon Jun 18 23:40:04 JST 2012
- do compress->close instead of autoflush to write gzip footer
0.07 Mon Jun 11 17:13:20 JST 2012
- added perlcriticrc, no code changes
0.06 Wed May 16 18:24:27 JST 2012
- Support Streaming, Thank you ranguard.
|
|
Upstream changes:
0.03 Wed Aug 8 09:08:55 PDT 2012
- Fixed packaging
0.02 Wed Aug 8 09:07:44 PDT 2012
- Fixed warnings (mschilli)
|
|
Changes In Version 3.4
Bugs Fixed
1. If using write() function returned by start_response() and a non string value
is passed to it, then process can crash due to errors in Python object
reference counting in error path of code.
2. If using write() function returned by start_response() under Python 3.X and a
Unicode string is passed to it rather than a byte string, then a memory leak
will occur because of errors in Python object reference counting.
3. Debug level log message about mismatch in content length generated was
generated when content returned less than that specified by Content-Length
response header even when exception occurring during response generation
from an iterator. In the case of an exception occuring, was only meant to
generate the log message if more content returned than defined by the
Content-Length response header.
4. Using writelines() on wsgi.errors was failing.
5. If a UNIX signal received by daemon mode process while still being
initialised to signal that it should be shutdown, the process could crash
rather than shutdown properly due to not registering the signal pipe prior to
registering signal handler.
6. Python doesn't initialise codecs in sub interpreters automatically which in
some cases could cause code running in WSGI script to fail due to lack of
encoding for Unicode strings when converting them. The error message in this
case was:
LookupError: no codec search functions registered: can't find encoding
The 'ascii' encoding is now forcibly loaded when initialising sub
interpreters to get Python to initialise codecs.
7. Response Content-Type header could be corrupted when being sent in
multithreaded configuration and embedded mode being used. Problem thus
affected Windows and worker MPM on UNIX.
Features Changed
1. The HTTPS variable is no longer set within the WSGI environment. The
authoritative indicator of whether a SSL connection is used is
wsgi.url_scheme and a WSGI compliant application should check for
wsgi.url_scheme. The only reason that HTTPS was supplied at all was because
early Django versions supporting WSGI interface weren't correctly using
wsgi.url_scheme. Instead they were expecting to see HTTPS to exist.
This change will cause non conformant WSGI applications to finally break.
This possibly includes some Django versions prior to Django version 1.0.
Note that you can still set HTTPS in Apache configuration using the SetEnv or
SetEnvIf directive, or via a rewrite rule. In that case, that will override
what wsgi.url_scheme is set to and once wsgi.url_scheme is set appropriately,
the HTTPS variable will be removed from the set of variables passed through
to the WSGI environment.
2. The wsgi.version variable has been reverted to 1.0 to conform to the WSGI PEP
3333 specification. It was originally set to 1.1 on expectation that revised
specification would use 1.1 but that didn't come to be.
3. Use of kernel sendfile() function by wsgi.file_wrapper is now off by default.
This was originally always on for embedded mode and completely disabled for
daemon mode. Use of this feature can be enabled for either mode using
WSGIEnableSendfile directive, setting it to On to enable it.
The default is now off because kernel sendfile() is not always able to work
on all file objects. Some instances where it will not work are described for
the Apache EnableSendfile directive.
http://httpd.apache.org/docs/2.2/mod/core.html#enablesendfile
Although Apache has use of sendfile() enabled by default for static files,
they are moving to having it off by default in future version of Apache. This
change is being made because of the problems which arise and users not
knowing how to debug it and solve it.
Thus also erring on side of caution and having it off by default but allowing
more knowledgeable users to enable it where they know always using file
objects which will work with sendfile().
New Features
1. Support use of Python 3.2.
2. Support use of Apache 2.4.
3. Is now guaranteed that mod_ssl access handler is run before that for
mod_wsgi so that any per request variables setup by mod_ssl are available in
the mod_wsgi access handler as implemented by WSGIAccessScript directive.
4. Added 'python-home' option to WSGIDaemonProcess allowing a Python virtual
environment to be used directly in conjunction with daemon process. Note that
this option does not do anything if setting WSGILazyInitialization to 'Off'.
5. Added 'lang' and 'locale' options to WSGIDaemonProcess to perform same tasks
as setting 'LANG' and 'LC_ALL environment' variables. Note that if needing to
do the same for embedded mode you still need to set the environment variables
in the Apache envvars file or init.d startup scripts.
6. Split combined WWW-Authenticate header returned from daemon process back into
separate headers. This is work around for some browsers which require
separate headers when multiple authentication providers exist.
7. For Python 2.6 and above, the WSGIDontWriteBytecode directive can be used at
global scope in Apache configuration to disable writing of all byte code
files, ie., .pyc, by the Python interpreter when it imports Python code
files. To disable writing of byte code files, set directive to 'On'.
Note that this doesn't prevent existing byte code files on disk being used
in preference to the corresponding Python code files. Thus you should first
remove .pyc files from web application directories if relying on this option
to ensure that .py file is always used.
8. Add supplementary-groups option to WSGIDaemonProcess to allow group
membership to be overridden and specified comma separated list of groups to
be used instead.
9. Add 'memory-limit' option to WSGIDaemonProcess to allow memory usage of
daemon processes to be restricted. This will have no affect on some platforms
as RLIMIT_AS/RLIMIT_DATA with setrlimit() isn't always implemented. For
example MacOS X and older Linux kernel versions do not implement this
feature. You will need to test whether this feature works or not before
depending on it.
10. Add 'virtual-memory-limit' option to WSGIDaemonProcess to allow virtual
memory usage of daemon processes to be restricted. This will have no affect
on some platforms as RLIMIT_VMEM with setrlimit() isn't always implemented.
You will need to test whether this feature works or not before depending on
it.
11. Access, authentication and authorisation hooks now have additional keys in
the environ dictionary for 'mod_ssl.is_https' and 'mod_ssl.var_lookup'. These
equate to callable functions provided by mod_ssl for determining if the
client connection to Apache used SSL and what the values of variables
specified in the SSL certifcates, server or client, are. These are only
available if Apache 2.0 or later is being used.
12. Add 'mod_wsgi.queue_start' attribute to WSGI environ so tools like New Relic
can use it to track request queueing time. This is the time between when
request accepted by Apache and when handled by WSGI application.
|
|
Changes with nginx 1.5.3
*) Change in internal API: now u->length defaults to -1 if working with
backends in unbuffered mode.
*) Change: now after receiving an incomplete response from a backend
server nginx tries to send an available part of the response to a
client, and then closes client connection.
*) Bugfix: a segmentation fault might occur in a worker process if the
ngx_http_spdy_module was used with the "client_body_in_file_only"
directive.
*) Bugfix: the "so_keepalive" parameter of the "listen" directive might
be handled incorrectly on DragonFlyBSD.
Thanks to Sepherosa Ziehau.
*) Bugfix: in the ngx_http_xslt_filter_module.
*) Bugfix: in the ngx_http_sub_filter_module.
Changes with nginx 1.5.2
*) Feature: now several "error_log" directives can be used.
*) Bugfix: the $r->header_in() embedded perl method did not return value
of the "Cookie" and "X-Forwarded-For" request header lines; the bug
had appeared in 1.3.14.
*) Bugfix: in the ngx_http_spdy_module.
Thanks to Jim Radford.
*) Bugfix: nginx could not be built on Linux with x32 ABI.
Thanks to Serguei Ivantsov.
Changes with nginx 1.5.1
*) Feature: the "ssi_last_modified", "sub_filter_last_modified", and
"xslt_last_modified" directives.
Thanks to Alexey Kolpakov.
*) Feature: the "http_403" parameter of the "proxy_next_upstream",
"fastcgi_next_upstream", "scgi_next_upstream", and
"uwsgi_next_upstream" directives.
*) Feature: the "allow" and "deny" directives now support unix domain
sockets.
*) Bugfix: nginx could not be built with the ngx_mail_ssl_module, but
without ngx_http_ssl_module; the bug had appeared in 1.3.14.
*) Bugfix: in the "proxy_set_body" directive.
Thanks to Lanshun Zhou.
*) Bugfix: in the "lingering_time" directive.
Thanks to Lanshun Zhou.
*) Bugfix: the "fail_timeout" parameter of the "server" directive in the
"upstream" context might not work if "max_fails" parameter was used;
the bug had appeared in 1.3.0.
*) Bugfix: a segmentation fault might occur in a worker process if the
"ssl_stapling" directive was used.
Thanks to Piotr Sikora.
*) Bugfix: in the mail proxy server.
Thanks to Filipe Da Silva.
*) Bugfix: nginx/Windows might stop accepting connections if several
worker processes were used.
|
|
with 0.51
|
|
Changes with nginx 1.4.2
*) Bugfix: the $r->header_in() embedded perl method did not return value
of the "Cookie" and "X-Forwarded-For" request header lines; the bug
had appeared in 1.3.14.
*) Bugfix: nginx could not be built with the ngx_mail_ssl_module, but
without ngx_http_ssl_module; the bug had appeared in 1.3.14.
*) Bugfix: in the "proxy_set_body" directive.
Thanks to Lanshun Zhou.
*) Bugfix: the "fail_timeout" parameter of the "server" directive in the
"upstream" context might not work if "max_fails" parameter was used;
the bug had appeared in 1.3.0.
*) Bugfix: a segmentation fault might occur in a worker process if the
"ssl_stapling" directive was used.
Thanks to Piotr Sikora.
*) Bugfix: nginx/Windows might stop accepting connections if several
worker processes were used.
|
|
Version 0.6.2
-----------------
Released on August 10, 2013
- FIXED: 0.6.1 fails to embed ipython at all
Version 0.6.1
-----------------
Released on August 9, 2013
- FIXED: IPython Shell embedding fails after upgrade to IPython 1.0
|
|
Changelog:
FIXED
23.0.1 - Rendering glitches on H.264 video only in FF23 on Vista (901944)
FIXED
23.0.1 - Spellchecking broken with non-ASCII characters in profile path (902532)
FIXED
23.0.1 - Audio static/"burble"/breakup in Firefox to Firefox WebRTC calls (901527)
|
|
|
|
Bump PKGREVISION.
|
|
Bump PKGREVISION.
|
|
Bump PKGREVISION.
|
|
normal files. It might cause trouble with old default.php.
Bump PKGREVISION.
|
|
normal files. It might cause trouble with old default.php.
Bump PKGREVISION.
|
|
normal files. It caused trouble with old config.php.
Also, remove extra install process of system/config/.htaccess.
Bump PKGREVISION.
|
|
"find -regex" can work.
|
|
|
|
|
|
These releases address two cross-site scripting (XSS) vulnerabilities: one in a widget used by Django's admin interface, and one in a utility function used to validate redirects often used after login or logout.
While these issues are of limited impact and may not effect all Django users, we encourage all users to upgrade as soon as possible.
|
|
curl: allow timeouts to accept decimal values
OS400: add slist and certinfo EBCDIC support
OS400: new SSL backend GSKit
CURLOPT_XFERINFOFUNCTION: introducing a new progress callback
LIBCURL-STRUCTS: new document
Bugfixes:
dotdot: introducing dot file path cleanup
docs: fix typo in curl_easy_getinfo manpage
test1230: avoid using hard-wired port number
test1396: invoke the correct test tool
SIGPIPE: ignored while inside the library
darwinssl: fix crash that started happening in Lion
OpenSSL: check for read errors, don't assume
c-ares: improve error message on failed resolve
printf: make sure %x are treated unsigned
formpost: better random boundaries
url: restore the functionality of 'curl -u :'
curl.1: fix typo in --xattr description
digest: improve nonce generation
configure: automake 1.14 compatibility tweak
curl.1: document the --post303 option in the man page
curl.1: document the --sasl-ir option in the man page
setup-vms.h: sk_pop symbol tweak
tool_paramhlp: try harder to catch negatives
cmake: Fix for MSVC2010 project generation
asyn-ares: Don't blank ares servers if none configured
curl_multi_wait: set revents for extra fds
Reinstate "WIN32 MemoryTracking: track wcsdup() _wcsdup() and _tcsdup()
ftp_do_more: consider DO_MORE complete when server connects back
curl_easy_perform: gradually increase the delay time
curl: fix symbolic names for CURLUSESSL_* enum in --libcurl output
curl: fix upload of a zip file in OpenVMS
build: fix linking on Solaris 10
curl_formadd: CURLFORM_FILECONTENT wrongly rejected some option combos
curl_formadd: fix file upload on VMS
curl_easy_pause: on unpause, trigger mulit-socket handling
md5 & metalink: use better build macros on Apple operating systems
darwinssl: fix build error in crypto authentication under Snow Leopard
curl: make --progress-bar update the line less frequently
configure: don't error out on variable confusions (CFLAGS, LDFLAGS etc)
mk-ca-bundle: skip more untrusted certificates
formadd: wrong pointer for file name when CURLFORM_BUFFERPTR used
FTP: when EPSV gets a 229 but fails to connect, retry with PASV
mk-ca-bundle.1: don't install on make install
VMS: lots of updates and fixes of the build procedure
global dns cache: didn't work (regression)
global dns cache: fix memory leak
|
|
Upstream changes:
1.3117 31.07.2013
[ ENHANCEMENTS ]
* GH #836: Provide more information when an engine fails to load.
(Yanick Champoux, reported by Daniel Perrett)
[ BUG FIXES ]
* GH #794: Upload data was not kept for forwarded requests.
(reported by William Wolf)
* GH #898: calling halt() doesn't discard set headers anymore.
(Yanick Champoux, reported by Nicolas Franck)
* GH #842: embedded 'prefix' now properly localized.
(Yanick Champoux, reported by Jashank Jeremy)
[ DOCUMENTATION ]
* GH #938: fix doc typos in Dancer::Serializer. (Fabrice Gabolde)
* GH #712: add all status codes known to Dancer to Dancer::HTTP.
(Yanick Champoux, reported by Brian J Miller)
* Add warning that 'forward' doesn't preserver the session. (Alberto Sim玫es)
* GH #941: minor correction to code snippets in documentation.
(Grzegorz Ro偶niecki)
* GH #929: add warning on the use of Corona as underlying web server.
(issue reported by berekuk)
* GH #943: remove mention to 'Dancer::Plugin::Validation',
clean 'dancer -a' sample output. (Grzegorz Ro偶niecki)
|
|
Bump PKGREVISION.
|
|
Upstream changes:
4.24 2013-08-08
- Added ancestors method to Mojo::DOM.
- Fixed bug where Mojo::IOLoop::Stream timeout was not always available.
4.23 2013-08-01
- Added redirects method to Mojo::Transaction::HTTP.
4.22 2013-07-30
- Improved Mojo::Server to use FindBin more defensively.
- Fixed empty attribute bug in Mojo::DOM::CSS.
- Fixed partial route handling in routes command.
4.21 2013-07-29
- Added strip method to Mojo::DOM.
- Fixed return values of remove and replace methods in Mojo::DOM.
4.20 2013-07-28
- Deprecated Mojo::DOM::attrs in favor of Mojo::DOM::attr.
- Improved Mojo::UserAgent connection management to be fork-safe.
4.19 2013-07-21
- Improved invalid tag handling in Mojo::DOM::HTML.
4.18 2013-07-08
- Added --mode option to Morbo.
- Fixed bug in Mojo::UserAgent where not all 2xx responses would be accepted
for CONNECT requests.
|
|
* Merge SunOS patches from www/firefox.
Changelog:
SeaMonkey-specific changes
The Content Security Policy (CSP) 1.0 parser has been enabled.
The Mixed Content Blocker has been enabled, blocking insecure active content loads on HTTPS pages.
New mail alert information can be customized now (Preferences/Mail & Newsgroups/Notifications).
A confirmation prompt has been introduced to protect against accidental permanent data loss when force-deleting messages using Shift+Del.
MailNews Save As Template supports multiple selections now.
The size on disk is now shown for newsgroup folders.
See the changes page for a more complete overview.
Mozilla platform changes
Added support for scrollbar style in Mac OS X 10.7 and newer.
Enabled mixed content blocking to protects users from man-in-the-middle attacks and eavesdroppers on HTTPS pages (learn more).
Improved about:memory's functional UI.
Enabled DXVA2 on Windows Vista+ to accelerate H.264 video decoding.
Simplified interface for notifications of plugin installation.
Enabled users to switch the search provider across the entire browser.
CSP policies using the standard syntax and semantics will now be enforced.
Implemented the HTML5 <input type="range"> form control.
Added unprefixed requestAnimationFrame.
Dropped blink effect from CSS rule text-decoration:blink and completely removed <blink> element.
Fixed several stability issues.
Fixed in SeaMonkey 2.20
MFSA 2013-75 Local Java applets may read contents of local file system
MFSA 2013-74 Firefox full and stub installer DLL hijacking
MFSA 2013-73 Same-origin bypass with web workers and XMLHttpRequest
MFSA 2013-72 Wrong principal used for validating URI for some Javascript components
MFSA 2013-71 Further Privilege escalation through Mozilla Updater
MFSA 2013-70 Bypass of XrayWrappers using XBL Scopes
MFSA 2013-69 CRMF requests allow for code execution and XSS attacks
MFSA 2013-68 Document URI misrepresentation and masquerading
MFSA 2013-67 Crash during WAV audio file decoding
MFSA 2013-66 Buffer overflow in Mozilla Maintenance Service and Mozilla Updater
MFSA 2013-65 Buffer underflow when generating CRMF requests
MFSA 2013-64 Use after free mutating DOM during SetBody
MFSA 2013-63 Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8)
|
|
* firefox-23.0 and seamonkey-2.20 require 3.15 or later of devel/nss.
The patch is provided by rjs@. Thank you.
|
|
|
|
Version 1.8.1
(23 July 2013, from /branches/1.8.x)
http://svn.apache.org/repos/asf/subversion/tags/1.8.1
User-visible changes:
- Client- and server-side bugfixes:
* translation updates for German and Simplified Chinese
* improve sqlite error message output (r1497804)
* support platforms lacking mmap (r1498136)
* allow configuration files to start with UTF-8 BOM (r1499100 et al)
* don't fail on UTF-8 data when encoding conversion not available (r1503009)
* improve error messages when encoding conversion fails (r1503010)
- Client-side bugfixes:
* merge: rename 'automatic merge' to 'complete merge' (r1491432)
* mergeinfo: reduce network usage for '--show-revs' (r1492005)
* ra_serf: improve http status handling (r1495104)
* merge: avoid unneeded ra session (r1493475)
* merge: reduce network usage (r1478987)
* merge: remove duplicated ancestry check (r1493424, r1495597)
* ra_serf: fix 'Accept-Encoding' header for IIS interoperability (r1497551)
* svn status: improve documentation for lock columns (r1497318, r1497319)
* ra_serf: fix support for 'get-file-revs-reversed' capability (r1498456)
* log: reduce network usage on repository roots (r1496957)
* diff: avoid temporary files when calling external diff (issue #4382)
* upgrade: fix notification of 1.7.x working copies (r1493703, r1494171)
* fix crash during tree conflict resolution (issue #4388)
* interactive file merge: add two additional choices (r1491816, r1494089)
* diff: use local style paths in error messages (r1500680)
* resolve: improve the interactive conflict resolution menu (r1491739 et al)
* switch: use local style path in error message (r1500074)
* ra_serf: improve error output when receiving invalid XML (r1498851)
* svn cleanup: explain what the command does in help output (r1497310)
* blame: error on -r M:N where M>N unless server supports (r1498449 et al)
* gpg-agent auth: don't try to use agent when unavailable (r1500762 et al)
* gpg-agent auth: don't require GPG_TTY or TERM env vars (r1500801)
* update: fix some tree conflicts not triggering resolver (r1491868 et al)
* commit: remove stale entries from wc lock table when deleting (r1491756)
* merge: fix --record-only erroring out on renamed path (issue #4387)
* svnmucc: fix 'make install' symlink to work when DESTDIR is set (r1501072)
* wc: fix crash when target is symlink to a working copy root (issue #4383)
* ra_serf: change "internal malfunction" errors to normal errors (r1502577)
* ra_serf: handle proxies not supporting chunked requests (r1502401 et al)
- Server-side bugfixes:
* fsfs: resolve endless loop problem when repos/db/uuid has \r\n (r1492145)
* fsfs: remove revision property buffer limit (r1491770)
* mod_dav_svn: better status codes for anonymous user errors (r1495918)
* mod_dav_svn: better status codes for commit failures (r1490684)
* fix performance regression in 'svn log' against root (r1494913)
* allow deleting non-user-visible 'svn:' properties (r1495432)
* fsfs: fix crash on strict-alignment architectures (r1495806, r1495985)
* svnadmin upgrade: fix error of non-sharded fsfs repositories (r1494287)
* svnadmin create: deny '--fs-type=fsfs --compatible-version=1.0' (r1494223)
* svnadmin upgrade: fix data loss when cancelling in last stage (r1494298)
* mod_dav_svn: fix incorrect path canonicalization (r1503528)
- Other tool improvements and bugfixes:
* fsfs-stats (tool): resolve segfault when passing invalid path (r1492164)
* svn-bench: fix help output (r1493951)
* svnpubsub: add version header to server (r1491707)
Developer-visible changes
- General:
* ra_serf: fix some test runner issues on Windows (r1490679)
* fix two issues in reverse svn_ra_get_file_revs() (r1492148, et al)
* handle --compatible-version=1.8 in the C tests (r1494342)
* improve clang compatibility (r1480080 et al)
* use proper cancel baton when handling conflicts (r1495850)
* fs: BDB: provide proper error value from BDB (r1495428)
* ra_serf: tweak connection failed error value (r1496132, et al)
* svn_client_log5: resolve possible segfault (r1496110)
* fix metadata_only move to work when target is unversioned node (r1498564)
* ra_svn: fix segfault with a NULL commit message (r1498550, r1499727)
* Ev2: correctly initialize node kind in shims' change table (r1501058)
* Ev2: fix copyfrom URL construction in shims (r1500226)
* fs: improve test against newlines in filenames (r1498483 et al)
* make building with BDB 6 an opt-in feature (r1499438)
* sqlite: allow placing amalgamation in build dir (r1499034, r1500175)
* ra_svn: make sessions usable after log callback early out (r1503554)
- Bindings:
* swig-rb: fix tests with out-of-tree-builds (r1492295)
* javahl: fix encoding of error messages produced by javahl (r1492264)
* swig-pl: silence compiler warnings (r1487094)
* swig-pl: improve documentation (r1488693, r1490721, r1500904)
|
|
Bug fixes.
|
|
Mostly a bugfix release.
The full change log:
- Apphook edit mode bugfix
- Added option to render_placeholder tag to set language
- Huge permission cache invalidation speed up
- Doc improvements
- css cleanup in PlaceholderAdmin
- Log change of page status done via AJAX
- Use --noinput convention for delete_orphaned_plugins command
- added Testing docs
- fixed more issues with only one language
- locales updated
|
|
* Bugfixes when using a custom User model.
* Minor bugfixes.
|
|
mptt now requires Python 2.6+, and supports Python 3.2+
|
|
This is the first bugfix release in the 0.8 series, to address a critical regression on older versions of Django.
|
|
Version 0.6.0
-------------
Released on August 7, 2013.
- Drop support for Python 2.5
- Support Python 2.6/2.7 and >= 3.3 using same source code.
Import necessary compatibility code from flask._compat module of current
Flask repo code.
- Use proper argparse subparsers
- Tab completion using `argcomplete`
- Remove question marks from automatically being appended to
prompt_bool and prompt_choices
- FIXED: ipython with disabled bpython
- FIXED: debug parameter no longer passed in from flask_script
|
|
* Sync with firefox17-17.0.8.
|
|
* Sync with firefox-23.0.
|
|
ChangeLog:
New Default Theme - Twenty Thirteen
* Focus on blogging
* Single column layout with Sidebar / Widgets in the footer
* Latest Theme Features support, particularly Post Formats and Semantic Markup
* Font-based icons (Genericons)
Admin Enhancements
* UI improvements on Navigation Menus Screen
* Revisions revised to be more dynamic and scalable
* Autosave and Post Locking
* Preview Audio and Video on Media Edit Screen
* In-line login following expired sessions
For Developers
* External Libraries have been updated.
* New audio/video APIs give developers access to powerful media metadata, like ID3 tags.
* Filters for revisions, allowing you to set the number of revisions ad hoc instead of only via a define.
* Semantic Markup allows themes to choose improved HTML5 markup for search forms, comment forms, and comment lists.
* Search content for shortcodes with has_shortcode() and adjust shortcode attributes with a new filter.
More info on http://codex.wordpress.org/Version_3.6
|
|
* Install SDK to firefox-sdk directory.
* Split multiple CONFIGURE_ARS's arguments.
* Enable libmozjs.so build.
Changelog:
NEW
Mixed content blocking enabled to protects users from man-in-the-middle attacks and eavesdroppers on HTTPS pages (learn more)
NEW
Options panel created for Web Developer Toolbox
CHANGED
"Enable JavaScript" preference checkbox has been removed and user-set values will be reset to the default
CHANGED
Updated Firefox Logo
CHANGED
Improved about:memory's functional UI
CHANGED
Simplified interface for notifications of plugin installation
CHANGED
Enabled DXVA2 on Windows Vista+ to accelerate H.264 video decoding
CHANGED
Users can now switch to a new search provider across the entire browser
CHANGED
CSP policies using the standard syntax and semantics will now be enforced
CHANGED
<input type='file'> rendering improvements (see bug 838675)
CHANGED
Replace fixed-ratio audio resampler in webrtc.org capture code with Speex resampler and eliminate pseudo-44000Hz rate
CHANGED
"Load images automatically" and Always show the tab bar" checkboxes removed from preferences and reset to defaults
DEVELOPER
HTML5 <input type="range"> form control implemented
DEVELOPER
Write more accessible pages on touch interfaces with new ARIA role for key buttons
DEVELOPER
Social share functionality
DEVELOPER
Added unprefixed requestAnimationFrame
DEVELOPER
Implemented a global browser console
DEVELOPER
Dropped blink effect from text-decoration: blink; and completely removed <blink> element
DEVELOPER
New feature in toolbox: Network Monitor
FIXED
Various security fixes
n Firefox 23
MFSA 2013-75 Local Java applets may read contents of local file system
MFSA 2013-74 Firefox full and stub installer DLL hijacking
MFSA 2013-73 Same-origin bypass with web workers and XMLHttpRequest
MFSA 2013-72 Wrong principal used for validating URI for some Javascript components
MFSA 2013-71 Further Privilege escalation through Mozilla Updater
MFSA 2013-70 Bypass of XrayWrappers using XBL Scopes
MFSA 2013-69 CRMF requests allow for code execution and XSS attacks
MFSA 2013-68 Document URI misrepresentation and masquerading
MFSA 2013-67 Crash during WAV audio file decoding
MFSA 2013-66 Buffer overflow in Mozilla Maintenance Service and Mozilla Updater
MFSA 2013-65 Buffer underflow when generating CRMF requests
MFSA 2013-64 Use after free mutating DOM during SetBody
MFSA 2013-63 Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8)
|
|
|
|
New features:
- Upgrade licence to GPL v3+.
- Update documentation.
Fixes:
- Since updating Webmin to 1.53, the Add New Config File screen layout is
totally messed up and unusable.
- Update broken links to maxmind.
|
|
+ py-flask-principal
+ py-flask-security
|
|
Flask-Security allows you to quickly add common security mechanisms
to your Flask application.
|