| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
4.04 2014-09-04
[ RELEASE NOTES ]
- this release removes some long deprecated modules/functions and
includes refactoring to the temporary file handling in CGI.pm. if
you are doing anything out of the ordinary with regards to temp
files you should test your code before deploying this update as
temp files may no longer be stored in previously used locations
[ REMOVED / DEPRECATIONS ]
- startform and endform methods removed (previously deprecated, you
should be using the start_form and end_form methods)
- both CGI::Apache and CGI::Switch have been removed as these modules
1) have been deprecated for *years*, and 2) do nothing whatsoever
[ SPEC / BUG FIXES ]
- handle multiple values in X-Forwarded-Host header, we follow the
logic in most other frameworks and take the last value from the list
(RT #54487)
- refactor CGITempFile::find_tempdir to use File::Spec->tmpdir
(related: RT #71799)
- fix warnings when QUERY_STRING has empty key=value pairs (RT #54511)
- pad custom 500 status response messages to > 512 for MSIE (RT #81946)
- make Vars tied hash delete method return the value deleted from the hash
making it act like perl's delete (RT #51020)
[ TESTING ]
- add .travis.yml (https://travis-ci.org)
- test case for RT #53966 - disallow filenames with ~ char
- test case for RT #55166 - calling Vars to get the filename does not return
a filehandle, so this cannot be used in the call to uploadinfo, also
update documentation for the uploadInfo to show that ->Vars should not be
used to get the filename for this method
- fix t/url.t to pass on Win32 platforms that have the SCRIPT_NAME env
variable set (RT #89992)
- add procedural call tests for upload and uploadInfo to confirm these work
as should (RT #91136)
[ DOCUMENTATION ]
- tweak perldoc for -utf8 option (RT #54341, thanks to Helmut Richter)
- explain the HTML generation functions should no longer be used and that
they may be deprecated in a future release
4.03 2014-07-02
[ REMOVED / DEPRECATIONS ]
- the -multiple option to popup_menu is now IGNORED as this did not
function correctly. If you require a menu with multiple selections
use the scrolling_list method. (RT #30057)
[ SPEC / BUG FIXES ]
- support redirects in mod_perl2, or fall back to using env variable
for up to 5 redirects, when getting the query string (RT #36312)
- CGI::Cookie now correctly supports the -max-age argument, previously
if this was passed the value of the -expires argument would be used
meaning there was no way to supply *only* this argument (RT #50576)
- make :all actually import all methods, except for :cgi-lib, and add
:ssl to the :standard import (RT #70337)
[ DOCUMENTATION ]
- clarify documentation regarding query_string method (RT #48370)
- links fixed in some perldoc (Thanks to Michiel Beijen)
[ TESTING ]
- add t/changes.t for testing this Changes file
- test case for RT #31107 confirming multipart parsing is to spec
- improve t/rt-52469.t by adding a timeout check
4.02 2014-06-09
[ NEW FEATURES ]
- CGI::Carp learns noTimestamp / $CGI::Carp::NO_TIMESTAMP to prevent
timestamp in messages (RT #82364, EDAVIS@cpan.org)
- multipart_init and multipart_start learn -charset option (RT #22737)
[ SPEC / BUG FIXES ]
- Support multiple cookies when passing an ARRAY ref with -set-cookie
(RT #15065, JWILLIAMS@cpan.org)
[ DOCUMENTATION ]
- Made licencing information consistent and remove duplicate comments
about licence details, corrected location to report bugs (RT #38285)
|
|
#-----------------------------------------------------------------------
# Version 2.26 - 17th September 2014
#------------------------------------------------------------------------
* Andy Wardley added outline directives. See Template::Manual::Syntax and
Template::Manual::Config for details of the OUTLINE_TAG option and new
'outline' TAG_STYLE. See t/outline.t for examples.
* Andy Wardley improved the handling of keywords when the ANYCASE option
is in use. See t/anycase.t for examples.
* Chromatic fixed UTF-8 encoding in URLs in URL plugin.
https://github.com/abw/Template2/pull/31
* Brian Fraser added support for platforms without LC_ALL/setlocale.
https://github.com/abw/Template2/pull/34
* Amiri Barksdale fixed RT46691 to plug filter memory leaks
https://github.com/abw/Template2/pull/36
* John Lightsey fixed RT59208 to improve SET
https://github.com/abw/Template2/pull/38
UPDATE: This had to be reverted as it cause a subtle breakage elsewhere
|
|
should fix security problems as wordpress 3.9.2.
|
|
problem of 5.6.1.2.
Changes are too many and please refer these release notes.
http://www.concrete5.org/documentation/background/version_history/5-6-2-release-notes/
http://www.concrete5.org/documentation/background/version_history/5-6-2-1-release-notes/
http://www.concrete5.org/documentation/background/version_history/5-6-3-release-notes/
http://www.concrete5.org/documentation/background/version_history/5-6-3-1-release-notes/
http://www.concrete5.org/documentation/background/version_history/5-6-3-2/
|
|
Upstream changes:
MediaWiki 1.23.4
This is a security and maintenance release of the MediaWiki 1.23 branch.
Changes since 1.23.3
(bug 69008) SECURITY: Enhance CSS filtering in SVG files. Filter <style> elements; normalize style elements and attributes before filtering; add checks for attributes that contain css; add unit tests for html5sec and reported bugs.
(bug 65998) Make MySQLi work with non-standard socket.
(bug 66986) GlobalVarConfig shouldn't throw exceptions for null-valued config settings.
|
|
|
|
|
|
into problems with e.g. TOOLS_DIR.
|
|
|
|
|
|
|
|
|
|
|
|
Restore module checksums that were lost in last update.
Changes with nginx 1.6.2 16 Sep 2014
*) Security: it was possible to reuse SSL sessions in unrelated contexts
if a shared SSL session cache or the same TLS session ticket key was
used for multiple "server" blocks (CVE-2014-3616).
Thanks to Antoine Delignat-Lavaud.
*) Bugfix: requests might hang if resolver was used and a DNS server
returned a malformed response; the bug had appeared in 1.5.8.
*) Bugfix: requests might hang if resolver was used and a timeout
occurred during a DNS request.
|
|
|
|
packages getting installed in bulk builds.
|
|
Changes from 2.6.1 is too many, please refer <http://sourceforge.net/projects/opengoo/files/fengoffice/fengoffice_2.7.0/> in detail.
And this release contains security fix, XSS.
|
|
Upstream changes:
Highlights
MDL-45780 - Atto now working with form change checker and quiz autosave
MDL-46748 - Mathjax address that changed, that caused Atto to fail to load, has been updated in Moodle
MDL-35984 - Gradebook Sum of grades shows correct total if items are hidden
Functional changes
MDL-45724 - Warning given when the same memcached instance is used for both sessions and MUC
MDL-46681 - For Multiple choices questions in the quiz / question bank, the options "Clear incorrect responses" and "Show the number of correct responses" did not make sense for "One answer only" questions. It is now impossible to select that combination of options on the form.
Security issues
MSA-14-0033 URL parameter injection in CAS authentication
MSA-14-0034 Identity information revealed early in Q&A forum
Fixes and improvements
MDL-37509 - Description of assignment hidden in calendar if "always show description" = NO
MDL-46545 - Weekly stats now working again
MDL-46589 - Automatic emails now sent after users import from CSV
MDL-43197 - Parent role only sees course total and no longer individual grades
MDL-46236 - Start New Attempt option is now followed if SCORM is set to appear in a popup
Approved by: wiz@
|
|
with the default PKG_SYSCONFBASE. Bump PKGREVISION.
|
|
Bump PKGREVISION.
|
|
documents over IO::Socket::SSL, then stop forcing Net::SSL (which
doesn't verify hostnames) even when the admin requested IO::Socket::SSL,
and then pass the server name through so SNI can work. Bump PKGREVISION.
Updating during the freeze for the security improvements.
|
|
now this builds & works on NetBSD/macppc
|
|
== 2.2.1 / 2013-05-20
* Fix package problem (termtter requires termtter).
* Suppress the warning on ruby 1.9 with CentOS.
== 2.2.0 / 2013-04-20
* Using https to connect to api.twitter.com (important).
* Improvement testing (CI enabled).
* Using jeweler for packaging.
* Suppress the warning (on ruby 2.0).
* Change default stdout and colors.
* Added some plugins
== 2.1.1 / 2013-04-10
* Correspond to API 1.1
* Other fixes.
== 2.0.0 / 2013-04-07
* User own plugins loader.
* If ~/.termtter/lib/plugins exist, load them.
* Improvement easy_post plugin.
* Plug-in easy_post should operate only when above 15 characters.
* Improvement tests.
* "Failed to update :(" when updated with URL.
* use String#sub instead of String#[regexp]=.
* spec for expand_tco_url plugin.
* and fix other minor bugs.
|
|
* Don't double-decode CGI submissions with Encode.pm >= 2.53,
fixing "Error: Cannot decode string with wide characters".
Thanks, Antoine Beaupré
* Avoid making trails depend on everything in the wiki by giving them
a better way to sort the pages
* Don't let users post comments that won't be displayed
* Fix encoding of Unicode strings in Python plugins.
Thanks, chrysn
* Improve performance and correctness of the [[!if]] directive
* Let [[!inline rootpage=foo postform=no]] disable the posting form
* Switch default [[!man]] shortcut to manpages.debian.org. Closes: #700322
* Add UUID and TIME variables to edittemplate. Closes: #752827
Thanks, Jonathon Anderson
* Display pages in linkmaps as their pagetitle (no underscore escapes).
Thanks, chrysn
* Fix aspect ratio when scaling small images, and add support for
converting SVG and PDF graphics to PNG.
Thanks, chrysn
- suggest ghostscript (required for PDF-to-PNG thumbnailing)
and libmagickcore-extra (required for SVG-to-PNG thumbnailing)
- build-depend on ghostscript so the test for scalable images can be run
* In the CGI wrapper, incorporate $config{ENV} into the environment
before executing Perl code, so that PERL5LIB can point to a
non-system-wide installation of IkiWiki.
Thanks, Lafayette Chamber Singers Webmaster
* filecheck: accept MIME types not containing ';'
* autoindex: index files in underlays if the resulting pages aren't
going to be committed. Closes: #611068
* Add [[!templatebody]] directive so template pages don't have to be
simultaneously a valid template and valid HTML
* Add myself to Uploaders and release to Debian
-- Simon McVittie <smcv@debian.org> Fri, 12 Sep 2014 21:23:58 +0100
pkgsrc changes:
* Add 'cgi' option, enabled by default
* Add 'git' option, disabled by default
Updating during the freeze because it's a leaf with many fixes,
including our local patches.
|
|
Upstream changes:
1.3130 2014-09-15
[BUG FIXES]
- Bogus dependency for 'mro'. (GH#1069)
[STATISTICS]
- code churn: 2 files changed, 21 insertions(+), 12 deletions(-)
|
|
|
|
|
|
Bug fixes
~~~~~~~~~
* Fixed a bug that could sometimes cause a timeout to fire after being
cancelled.
* `.AsyncTestCase` once again passes along arguments to test methods,
making it compatible with extensions such as Nose's test generators.
* `.StaticFileHandler` can again compress its responses when gzip is enabled.
* ``simple_httpclient`` passes its ``max_buffer_size`` argument to the
underlying stream.
* Fixed a reference cycle that can lead to increased memory consumption.
* `.add_accept_handler` will now limit the number of times it will call
`~socket.socket.accept` per `.IOLoop` iteration, addressing a potential
starvation issue.
* Improved error handling in `.IOStream.connect` (primarily for FreeBSD
systems)
|
|
|
|
Changes:
supports HTTP/2 draft-14
CURLE_HTTP2 is a new error code
CURLAUTH_NEGOTIATE is a new auth define
CURL_VERSION_GSSAPI is a new capability bit
no longer use fbopenssl for anything
schannel: use CryptGenRandom for random numbers
axtls: define curlssl_random using axTLS's PRNG
cyassl: use RNG_GenerateBlock to generate a good random number
findprotocol: show unsupported protocol within quotes
version: detect and show LibreSSL
version: detect and show BoringSSL
imap/pop3/smtp: Kerberos (SASL GSSAPI) authentication via Windows SSPI
http2: requires nghttp2 0.6.0 or later
Bugfixes:
SECURITY ADVISORY: cookie leak with IP address as domain
SECURITY ADVISORY: cookie leak for TLDs
fix a build failure on Debian when NSS support is enabled
HTTP/2: fixed compiler warnings when built disabled
cyassl: return the correct error code on no CA cert
http: Deprecate GSS-Negotiate macros due to bad naming
http: Fixed Negotiate: authentication
multi: Improve proxy CONNECT performance (regression)
ntlm_wb: Avoid invoking ntlm_auth helper with empty username
ntlm_wb: Fix hard-coded limit on NTLM auth packet size
url.c: use the preferred symbol name: *READDATA
smtp: fixed a segfault during test 1320 torture test
cyassl: made it compile with version 2.0.6 again
nss: do not check the version of NSS at run time
c-ares: fix build without IPv6 support
HTTP/2: use base64url encoding
SSPI Negotiate: Fix 3 memory leaks
libtest: fixed duplicated line in Makefile
conncache: fix compiler warning
openssl: make ossl_send return CURLE_OK better
HTTP/2: Support expect: 100-continue
HTTP/2: Fix infinite loop in readwrite_data()
parsedate: fix the return code for an overflow edge condition
darwinssl: don't use strtok()
http_negotiate_sspi: Fixed specific username and password not working
openssl: replace call to OPENSSL_config
http2: show the received header for better debugging
HTTP/2: Move :authority before non-pseudo header fields
HTTP/2: Reset promised stream, not its associated stream
HTTP/2: added some more logging for debugging stream problems
ntlm: Added support for SSPI package info query
ntlm: Fixed hard coded buffer for SSPI based auth packet generation
sasl_sspi: Fixed memory leak with not releasing Package Info struct
sasl_sspi: Fixed SPN not being converted to wchar under Unicode builds
sasl: Use a dynamic buffer for DIGEST-MD5 SPN generation
http_negotiate_sspi: Use a dynamic buffer for SPN generation
sasl_sspi: Fixed missing free of challenge buffer on SPN failure
sasl_sspi: Fixed hard coded buffer for response generation
Curl_poll + Curl_wait_ms: fix timeout return value
docs/SSLCERTS: update the section about NSS database
create_conn: prune dead connections
openssl: fix version report for the 0.9.8 branch
mk-ca-bundle.pl: switched to using hg.mozilla.org
http: fix the Content-Range: parser
Curl_disconnect: don't free the URL
win32: Fixed WinSock 2 #if
NTLM: ignore CURLOPT_FORBID_REUSE during NTLM HTTP auth
curl.1: clarify --limit-rate's effect on both directions
disconnect: don't touch easy-related state on disconnects
Cmake: big cleanup and numerous fixes
HTTP/2: supports draft-14 - moved :headers before the non-psuedo headers
HTTP/2: Reset promised stream, not its associated stream
configure.ac: Add support for recent GSS-API implementations for HP-UX
CONNECT: close proxy connections that fail
CURLOPT_NOBODY.3: clarify this option is for downloads
darwinssl: fix CA certificate checking using PEM format
resolve: cache lookup for async resolvers
low-speed-limit: avoid timeout flood
polarssl: implement CURLOPT_SSLVERSION
multi: convert CURLM_STATE_CONNECT_PEND handling to a list
curl_multi_cleanup: remove superfluous NULL assigns
polarssl: support CURLOPT_CAPATH / --capath
progress: size_dl/size_ul are always >= 0, and clear "KNOWN" properly
|
|
|
|
Add missing DEPENDS.
Upstream changes:
0.150000 2014-08-17 01:35:16CEST+0200 Europe/Amsterdam
[ DOCUMENTATION ]
* GH #657: Update multi-app example in cookbook to include route
merging. (Bas Bloemsaat)
* GH #643: Improve session factory docs by mentioning Dancer2::Config.
(Andy Jack)
[ BUG FIXES ]
* Postponed hooks are no longer sent to all Apps.
(Sawyer X, Mickey Nasriachi)
* 404 File Not Found Application reworked to stay up to date with
postponed hooks merging in multiple apps. (Russell Jenkins)
* GH #610, #662: Removed two circular references memory leaks!
(Russell Jenkins)
* GH #633: Log an error when a hook dies. (DavsX)
[ ENHANCEMENT ]
* Allow settings apps in the psgi_app() call by name or regex.
(Sawyer X)
* GH #651: silly typo in clearer method name (DavsX).
0.149000_02 2014-08-10 13:50:39CEST+0200 Europe/Amsterdam
[ ENHANCEMENT ]
* GH #641: Adding a shim layer to prevent available hooks (and
thus plugins) from breaking.
* Each App can now define its own configuration. The Runner's
application-specific configure has been untangled.
(Russell @veryrusty Jenkins, Sawyer X, Mickey Nasriachi)
* Multiple Dancer App support. You can now create a App-specific
PSGI application using MyApp->psgi_app.
(Russell @veryrusty Jenkins, Sawyer X, Mickey Nasriachi)
* Add routes and hooks to an existing app on import.
(Russell @veryrusty Jenkins, Stevan Humphrey, Stefan racke
Hornburg, Jean Stebens, Chunzi, Sawyer X, Mickey Nasriachi)
* Allow DSL class to be specified in configuration file.
(Stevan Humphrey)
* forward() now returns a new request which is then just runs
the dispatching loop again. (Sawyer X, Mickey Nasriachi)
[ BUG FIXES ]
* GH #336: Set log level correctly.
(Andrew Solomon, Pedro Bruno)
* GH #627, #607: Remove potential context issues with returning
undef explicitly. (Javier Rojas)
* GH #646: Fix whitespacing for tests. (DavsX)
0.149000_01 2014-07-23 21:31:21CEST+0200 Europe/Amsterdam
*************************** NOTICE ***************************
* This very is a major upgrade *
* We untangled the context, DSL implementation a bit *
* Please check your code, including your plugins, thoroughly *
* Thank you *
[ ENHANCEMENTS ]
* GH #589: Removing Dancer2::Core::Context global context variable.
Finally in.
(Sawyer X, Mickey Nasriachi, Russell @veryrusty Jenkins)
[ BUG FIXES ]
* GH #606, #605: Fix for setting public directory.
(Ivan Kocienski, Russell Jenkins, Stefan @racke Hornburg)
* GH #618, #620: Fix jQuery link generated by CLI skeleton.
(Micha Wojciechowski)
* GH #589: Major memory leak fix by removal of Dancer2::Core::Context.
[ ENHANCEMENTS ]
* GH #620: Bump jQuery to 1.11.1. (Micha Wojciechowski)
|
|
|
|
LWP::Protocol::PSGI is a module to hijack any code that uses
LWP::UserAgent underneath such that any HTTP or HTTPS requests can be
routed to your own PSGI application.
|
|
Encode.pm. Bump PKGREVISION.
|
|
Major changes:
General
- Featured image previews now support .bmp files
- Featured Image meta box is now hidden for contributors lacking upload
capabilities
- New supported oEmbed providers: CollegeHumor, Issuu, Mixcloud, YouTube
playlists, TED talks
- Install WordPress in your language
- Streamlined Language management right from the dashboard
Posts
- Display embed previews for audio/visual URLs in Visual editor content
box.
- Page scrolling now scrolls post content box.
- Edit Post/Page menu bar sticks to top of content box when scrolling
(Visual and Text editor).
- Color picker was re-added to the Visual editor
Media
- Add Media Grid view option (default) for Media Library
- Add "Bulk Select" button to Media Grid view to delete multiple items
- Add oEmbed support for TED talks, Mixcloud, CollegeHumor.com, Issuu
- Expand oEmbed support to include YouTube playlist URLs and Polldaddy’s
short URL format
- Remove Viddler oEmbed support
- Update SlideShare oEmbed regex
- Improved media experience on small screen sizes (embedded videos now
responsive)
- Native video and audio shortcodes now support Flash playback looping
Comments
- Comments in trash can now be marked as spam.
Plugins
- Display plugins list as grid, with thumbnails, on Add New screen.
- Add popup window with plugin details (displays info from plugin's
directory page).
- Add "Beta Testing" tab to Plugins screen for new features-as-plugins.
Accessibility
- Improved keyboard accessibility in the Add Media panel
- Improved screen-reader support for Customizer sections
- Makes links in help tabs keyboard accessible
- Improvements for screen-readers when managing widgets in the
Customizer
Install Process
- Add language select menu as first Installation screen (skipped for
localized installs)
Multisite
- mp4 file extension was added to allowed upload file types
|
|
From Leonard Schmidt in PR 49200.
|
|
|
|
Multiple access.log files can be processed at the same time.
Multiprocess mode can be activated using the -j N command line option.
New ExcludedMimes configuration directive to exclude from statistics a comma separated list of mime-type or using regex like text/.*.
New ExcludedMethods configuration directive to exclude from statistics a comma separated list of HTTP methods (GET,POST,CONNECT,...).
New translation available: pl_PL
|
|
Upstream changes:
5.39 2014-09-07
- Improved decamelize performance.
- Fixed bug in Mojo::Template where newline characters could get lost.
5.38 2014-09-05
- Improved routes command to use new terminology for flags.
- Fixed bug in Mojo::Util where tablify could not handle empty columns.
|
|
Upstream changes:
1.3129 2014-09-09
[BUG FIXES]
- Dzil conversion left 'dancer' script behind. (GH#1066)
[STATISTICS]
- code churn: 17 files changed, 1425 insertions(+), 1432 deletions(-)
1.3128 2014-09-09
[BUG FIXES]
- Remove test dependency for Person and Person::Child. (GH#1063)
1.3127 2014-09-08
[BUG FIXES]
- Test was using deprecated 'import_warnings'. (GH#1045, mokko)
- Fix default test names for headers and redirection test methods.
(GH#1048, odyniec)
- DANCER_SERVER_TOKENS and DANCER_SESSION_INFO are now
DANCER_NO_SERVER_TOKENS and DANCER_NO_SESSION_INFO. And working. :-)
(GH#1014, Yanick Champoux)
- 'any' wasn't understanding 'del' (only 'delete'). (GH#1044, Yanick
Champoux)
[DISTRIBUTION]
- Now using Dist::Zilla as package manager.
[DOCUMENTATION]
- Correct POD formatting for HTTP methods in introduction.pod. (GH#1047,
Lx)
[ENHANCEMENTS]
- environment configs are now merged with the global config, versus the
previous behavior that was overriding the whole config segments.
(GH#1016, Yanick Champoux)
- Dancer::Handler::Debug now accepts env variables from the command-line.
(GH#1056, Yanick Champoux)
- Accessing values abstracted as methods in Dancer::Session. (GH#1000,
John Wittkoski)
|
|
|
|
uWSGI 2.0.7
===========
Changelog [20140905]
Bugfixes
********
- fixed counters in statsd plugin (Joshua C. Forest)
- fixed caching in php plugin (Andrew Bevitt)
- fixed management of system users starting with a number
- fixed request body readline using memmove instead of memcpy (Andrew Wason)
- ignore "user" namespace in setns (still a source of problems)
- fixed Python3 rpc bytes/string mess (result: we support both)
- do not destroy the Emperor on failed mount hooks
- fixed symbol lookup error in the Mono plugin on OS X (Ventero)
- fixed fastcgi and scgi protocols error when out of buffer happens
- fixed solaris/smartos I/O management
- fixed 2 memory leaks in the rpc subsystem (Riccardo Magliocchetti)
- fixed rados plugin PUT method (Martin Mlynář)
- fixed multiple python mountpoints with multiple threads in cow mode
- stats UNIX socket is now deleted by vacuum
- fixed off-by-one corruption in cache LRU mode
- force single-cpu build in cygwin (Guido Notari)
New Features and improvements
*****************************
allow calling the spooler from every cpython context
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
At Europython 2014, Ultrabug (a uWSGI contributor and packager) asked for the possibility to spool tasks directly from a greenlet.
Done.
store_delete cache2 option
^^^^^^^^^^^^^^^^^^^^^^^^^^
Author: goir
The store_delete flag of the --cache2 option, allows you to force the cache engine to automatically remove an invalid
backing store file.
file logger rotation
^^^^^^^^^^^^^^^^^^^^
Author: Riccardo Magliocchetti
The `file` logger has been extended to allow the use of rotation (the same system used by the non-pluggable --logto):
https://github.com/unbit/uwsgi/commit/0324e5965c360dccfb873ffe351dec88ddab59c5
vassals plugin hooks
^^^^^^^^^^^^^^^^^^^^
The plugin have has been extended with two new hooks: vassal and vassal_before_exec.
Both allows to customize a vassal soon after its process has been generated.
The first third-party plugin using it is the 'apparmor' one:
https://github.com/unbit/uwsgi-apparmor
allowing you to apply an apparmor profile to a vassal
Broodlord improvements
^^^^^^^^^^^^^^^^^^^^^^
The broodlord subsystem has been improved with a new option: --vassal-sos that automatically ask for reinforcement when all of the workers of an instance are busy.
In addition to this a sysadmin can now manually ask for reinforcement sending the 'B' commando to the master fifo of an instance.
|
|
*) SECURITY: CVE-2014-0117 (cve.mitre.org)
mod_proxy: Fix crash in Connection header handling which
allowed a denial of service attack against a reverse proxy
with a threaded MPM.
*) SECURITY: CVE-2014-3523 (cve.mitre.org)
Fix a memory consumption denial of service in the WinNT MPM (used in all Windows
installations). Workaround: AcceptFilter <protocol> {none|connect}
*) SECURITY: CVE-2014-0226 (cve.mitre.org)
Fix a race condition in scoreboard handling, which could lead to
a heap buffer overflow.
*) SECURITY: CVE-2014-0118 (cve.mitre.org)
mod_deflate: The DEFLATE input filter (inflates request bodies) now
limits the length and compression ratio of inflated request bodies to avoid
denial of sevice via highly compressed bodies. See directives
DeflateInflateLimitRequestBody, DeflateInflateRatioLimit,
and DeflateInflateRatioBurst.
*) SECURITY: CVE-2014-0231 (cve.mitre.org)
mod_cgid: Fix a denial of service against CGI scripts that do
not consume stdin that could lead to lingering HTTPD child processes
filling up the scoreboard and eventually hanging the server. By
default, the client I/O timeout (Timeout directive) now applies to
communication with scripts. The CGIDScriptTimeout directive can be
used to set a different timeout for communication with scripts.
*) mod_ssl: Extend the scope of SSLSessionCacheTimeout to sessions
resumed by TLS session resumption (RFC 5077).
*) mod_deflate: Don't fail when flushing inflated data to the user-agent
and that coincides with the end of stream ("Zlib error flushing inflate
buffer").
*) mod_proxy_ajp: Forward local IP address as a custom request attribute
like we already do for the remote port.
*) core: Include any error notes set by modules in the canned error
response for 403 errors.
*) mod_ssl: Set an error note for requests rejected due to
SSLStrictSNIVHostCheck.
*) mod_ssl: Fix issue with redirects to error documents when handling
SNI errors.
*) mod_ssl: Fix tmp DH parameter leak, adjust selection to prefer
larger keys and support up to 8192-bit keys.
*) mod_dav: Fix improper encoding in PROPFIND responses.
*) WinNT MPM: Improve error handling for termination events in child.
*) mod_proxy: When ping/pong is configured for a worker, don't send or
forward "100 Continue" (interim) response to the client if it does
not expect one.
*) mod_ldap: Be more conservative with the last-used time for
LDAPConnectionPoolTTL.
*) mod_ldap: LDAP connections used for authn were not respecting
LDAPConnectionPoolTTL.
*) mod_proxy_fcgi: Fix occasional high CPU when handling request bodies.
*) event MPM: Fix possible crashes (third-party modules accessing c->sbh)
or occasional missed mod_status updates under load.
*) mod_authnz_ldap: Support primitive LDAP servers do not accept
filters, such as "SDBM-backed LDAP" on z/OS, by allowing a special
filter "none" to be specified in AuthLDAPURL.
*) mod_deflate: Fix inflation of files larger than 4GB.
*) mod_deflate: Handle Zlib header and validation bytes received in multiple
chunks.
*) mod_proxy: Allow reverse-proxy to be set via explicit handler.
*) ab: support custom HTTP method with -m argument.
*) mod_proxy_balancer: Correctly encode user provided data in management
interface.
*) mod_proxy_fcgi: Support iobuffersize parameter.
*) mod_auth_form: Add a debug message when the fields on a form are not
recognised.
*) mod_cache: Preserve non-cacheable headers forwarded from an origin 304
response.
*) mod_proxy_wstunnel: Fix the use of SSL connections with the "wss:"
scheme.
*) mod_socache_shmcb: Correct counting of expirations for status display.
Expirations happening during retrieval were not counted.
*) mod_cache: Retry unconditional request with the full URL (including the
query-string) when the origin server's 304 response does not match the
conditions used to revalidate the stale entry.
*) mod_alias: Stop setting CONTEXT_PREFIX and CONTEXT_DOCUMENT environment
variables as a result of AliasMatch.
*) mod_cache: Don't add cached/revalidated entity headers to a 304 response.
*) mod_proxy_scgi: Support Unix sockets. ap_proxy_port_of_scheme():
Support default SCGI port (4000).
*) mod_cache: Fix AH00784 errors on Windows when the the CacheLock directive
is enabled.
*) mod_expires: don't add Expires header to error responses (4xx/5xx),
be they generated or forwarded.
*) mod_proxy_fcgi: Don't segfault when failing to connect to the backend.
(regression in 2.4.9 release)
*) mod_authn_socache: Fix crash at startup in certain configurations.
*) mod_ssl: restore argument structure for "exec"-type SSLPassPhraseDialog
programs to the form used in releases up to 2.4.7, and emulate
a backwards-compatible behavior for existing setups.
*) mod_ssl: Add SSLOCSPUseRequestNonce directive to control whether or not
OCSP requests should use a nonce to be checked against the responder's
one.
*) mod_ssl: "SSLEngine off" will now override a Listen-based default
and does disable mod_ssl for the vhost.
*) mod_lua: Enforce the max post size allowed via r:parsebody()
*) mod_lua: Use binary comparison to find boundaries for multipart
objects, as to not terminate our search prematurely when hitting
a NULL byte.
*) mod_ssl: add workaround for SSLCertificateFile when using OpenSSL
versions before 0.9.8h and not specifying an SSLCertificateChainFile
(regression introduced with 2.4.8).
*) mod_ssl: bring SNI behavior into better conformance with RFC 6066:
no longer send warning-level unrecognized_name(112) alerts,
and limit startup warnings to cases where an OpenSSL version
without TLS extension support is used.
*) mod_proxy_html: Avoid some possible memory access violation in case of
specially crafted files, when the ProxyHTMLMeta directive is turned on.
*) mod_auth_form: Make sure the optional functions are loaded even when
the AuthFormProvider isn't specified.
*) mod_ssl: avoid processing bogus SSLCertificateKeyFile values
(and logging garbled file names).
*) mod_ssl: fix merging of global and vhost-level settings with the
SSLCertificateFile, SSLCertificateKeyFile, and SSLOpenSSLConfCmd
directives.
*) mod_headers: Allow the "value" parameter of Header and RequestHeader to
contain an ap_expr expression if prefixed with "expr=".
*) rotatelogs: Avoid creation of zombie processes when -p is used on
Unix platforms.
*) mod_authnz_fcgi: New module to enable FastCGI authorizer
applications to authenticate and/or authorize clients.
*) mod_proxy: Do not try to parse the regular expressions passed by
ProxyPassMatch as URL as they do not follow their syntax.
*) mod_reqtimeout: Resolve unexpected timeouts on keepalive requests
under the Event MPM.
*) mod_proxy_fcgi: Fix sending of response without some HTTP headers
that might be set by filters.
*) mod_proxy_html: Do not delete the wrong data from HTML code when a
"http-equiv" meta tag specifies a Content-Type behind any other
"http-equiv" meta tag.
*) mod_proxy: Don't reuse a SSL backend connection whose requested SNI
differs.
*) Add suspend_connection and resume_connection hooks to notify modules
when the thread/connection relationship changes. (Should be implemented
for any third-party async MPMs.)
*) mod_proxy_wstunnel: Don't issue AH02447 and log a 500 on routine
hangups from websockets origin servers.
*) mod_proxy_wstunnel: Don't pool backend websockets connections,
because we need to handshake every time.
*) mod_lua: Redesign how request record table access behaves,
in order to utilize the request record from within these tables.
*) mod_lua: Add r:wspeek for peeking at WebSocket frames.
*) mod_lua: Log an error when the initial parsing of a Lua file fails.
*) mod_lua: Reformat and escape script error output.
*) mod_lua: URL-escape cookie keys/values to prevent tainted cookie data
from causing response splitting.
*) mod_lua: Disallow newlines in table values inside the request_rec,
to prevent HTTP Response Splitting via tainted headers.
*) mod_lua: Remove the non-working early/late arguments for
LuaHookCheckUserID.
*) mod_lua: Change IVM storage to use shm
*) mod_lua: More verbose error logging when a handler function cannot be
found.
|
|
Changes to GoAccess 0.8.4 - Monday, September 08, 2014
* Added ability to handle nginx non-standard status code 444 as 404.
`--444-as-404`
* Added and updated operating systems, and browsers.
* Added excluded IP hits count to the general statistics panel on all reports.
* Added HTTP nonstandard code '444' to the status code list.
* Added the ability to count client errors (4xx) to the unique visitors count.
Now by default it omits client errors (4xx) from being added to the unique
visitors count as they are probably not welcomed visitors. 4xx errors are
always counted in panels other than visitors, OS & browsers.
`--4xx-to-unique-count`
* Removed request status field restriction. This allows parsing logs that contain
only a valid date, IPv4/6 and host.
* Fixed issue when excluding IPv4/v6 ranges.
* Fixed compile error due to missing include <sys/types.h> for type off_t
(gcc 4.1).
Changes to GoAccess 0.8.3 - Monday, July 28, 2014
* Fixed SEGFAULT when parsing a CLF log format and using --ignore-crawlers.
* Fixed parsing conflict between some Opera browsers and Chrome.
* Fixed parsing of several feed readers that are Firefox/Safari-based.
* Fixed Steam detection.
* Added Huawei to the browser's list and removed it from the OS's list.
Changes to GoAccess 0.8.2 - Monday, July 20, 2014
* Added ability to parse dates containing whitespaces in between,
e.g., Jul 15 20:13:59 (syslog format).
* Added a variety of browsers, game systems, feed readers, and podcasts.
* Added a '-V --version' command line option.
* Added missing up/down arrows to the help section.
* Added the ability to ignore crawlers using the '--ignore-crawlers' option.
* Added the ability to ignore multiple IPv4/v6 and IP ranges.
* Added the PATCH method according to RFC 5789.
* Fixed GeoLocation percent issue for the JSON, CSV and HTML outputs.
* Fixed memory leak when excluding one or multiple IPs.
Changes to GoAccess 0.8.1 - Monday, June 16, 2014
* Added ability to add/remove static files by extension through the config
file.
* Added ability to print backtrace on segmentation fault.
* Escaped JSON strings correctly according to [RFC4627].
* Fixed encoding issue when extracting keyphrases for some HTTP referers.
* Fixed issue where HTML bar graphs were not shown due to numeric locale.
* Fixed issue with URIs containing "\r?\n" thus breaking the corresponding
output.
* Make sure request string is URL decoded on all outputs.
|
|
* v2.04
Minor documentation fixes and explanation of the proposed split into
legacy/trunk branches. No code changes from 2.03_02.
* v2.03_02
The uploads have had a minor change which may solve the windows size
difference failures. More diagnostics were added to the failures if it
does not.
* v2.03_01
The test multi-part upload data in the test suite has been fixed to have
the correct (CRLF) line terminators. These tests should now pass for
Microsoft users.
The documentation has been amended to reflect the change of maintainer.
* v2.03 - May 25, 2014
Maintainer change: Pete Houston has taken over maintenance from Smylers.
A test suite has been created.
BUG FIX: Cleared up some uninitialised value warnings emitted when query
strings are missing an entire key-value pair eg: "&foo=bar" (issue
38448).
BUG FIX: If the user calls parse_form_data as a class method without a
query string, the method now gives up early and silently
(issue 6180).
BUG FIX: In form-data uploads, the boundary string was not properly
escaped and therefore would not match when it contained
metacharacters (issue 29053).
BUG FIX: The content type for url-encoded forms now matches on the MIME
type only, so additional charset fields are allowed (issues 16236,
34827 and 41666).
BUG FIX: Leading/trailling whitespace is now stripped from cookie names
and values.
BUG FIX: Cookies now no longer need to be separated by whitespace.
Commas can now be used as separators too. (issue 32329).
BUG FIX: The semicolon is now a permitted delimiter in the query string
along with the ampersand (issue 8212).
|
|
Version 0.77 -- 2014-08-05
o re-release to remove build artifacts that should not have been shipped
Version 0.76 -- 2014-08-05
o On Android, set TMPDIR before calling configure (RT#97680, Brian Fraser)
Version 0.75 -- 2014-07-17
o deprecated APIs removed (chansen)
o broken PP implementation removed (chansen)
o retooled distribution so FCGI.pm and FCGI.xs exist as-is, rather than
being generated by FCGI.PL and FCGI.XL (chansen)
|
|
Upstream changes:
RELEASE 0.12
New SimpleTemplate parser implementation * Support for multi-line code blocks (<% ... %>). * The keywords include and rebase are functions now and can accept variable template names.
The new BaseRequest.route() property returns the Route that originally matched the request.
Removed the BaseRequest.MAX_PARAMS limit. The hash collision bug in CPythons dict() implementation was fixed over a year ago. If you are still using Python 2.5 in production, consider upgrading or at least make sure that you get security fixed from your distributor.
New ConfigDict API (see Configuration (DRAFT))
|
|
|
|
|
