summaryrefslogtreecommitdiff
path: root/www
AgeCommit message (Collapse)AuthorFilesLines
2015-05-31Update to 4.2.2ryoon3-12/+36
Changelog: WordPress 4.2.2 Security and Maintenance Release Posted May 7, 2015 by Samuel Sidler. Filed under Releases, Security. WordPress 4.2.2 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately. Version 4.2.2 addresses two security issues: The Genericons icon font package, which is used in a number of popular themes and plugins, contained an HTML file vulnerable to a cross-site scripting attack. All affected themes and plugins hosted on WordPress.org (including the Twenty Fifteen default theme) have been updated today by the WordPress security team to address this issue by removing this nonessential file. To help protect other Genericons usage, WordPress 4.2.2 proactively scans the wp-content directory for this HTML file and removes it. Reported by Robert Abela of Netsparker. WordPress versions 4.2 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. WordPress 4.2.2 includes a comprehensive fix for this issue. Reported separately by Rice Adu and Tong Shi. The release also includes hardening for a potential cross-site scripting vulnerability when using the visual editor. This issue was reported by Mahadev Subedi. Our thanks to those who have practiced responsible disclosure of security issues. WordPress 4.2.2 also contains fixes for 13 bugs from 4.2. For more information, see the release notes or consult the list of changes. Download WordPress 4.2.2 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.2.2. Thanks to everyone who contributed to 4.2.2: Aaron Jorbin, Andrew Ozz, Andrew Nacin, Boone Gorges, Dion Hulse, Ella Iseulde Van Dorpe, Gary Pendergast, Hinaloe, Jeremy Felt, John James Jacoby, Konstantin Kovshenin, Mike Adams, Nikolay Bachiyski, taka2, and willstedt. rdPress.org Showcase Themes Plugins Mobile Support Get Involved About Blog Hosting Download WordPress WordPress 4.2.2 Security and Maintenance Release Posted May 7, 2015 by Samuel Sidler. Filed under Releases, Security. WordPress 4.2.2 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately. Version 4.2.2 addresses two security issues: The Genericons icon font package, which is used in a number of popular themes and plugins, contained an HTML file vulnerable to a cross-site scripting attack. All affected themes and plugins hosted on WordPress.org (including the Twenty Fifteen default theme) have been updated today by the WordPress security team to address this issue by removing this nonessential file. To help protect other Genericons usage, WordPress 4.2.2 proactively scans the wp-content directory for this HTML file and removes it. Reported by Robert Abela of Netsparker. WordPress versions 4.2 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. WordPress 4.2.2 includes a comprehensive fix for this issue. Reported separately by Rice Adu and Tong Shi. The release also includes hardening for a potential cross-site scripting vulnerability when using the visual editor. This issue was reported by Mahadev Subedi. Our thanks to those who have practiced responsible disclosure of security issues. WordPress 4.2.2 also contains fixes for 13 bugs from 4.2. For more information, see the release notes or consult the list of changes. Download WordPress 4.2.2 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.2.2. Thanks to everyone who contributed to 4.2.2: Aaron Jorbin, Andrew Ozz, Andrew Nacin, Boone Gorges, Dion Hulse, Ella Iseulde Van Dorpe, Gary Pendergast, Hinaloe, Jeremy Felt, John James Jacoby, Konstantin Kovshenin, Mike Adams, Nikolay Bachiyski, taka2, and willstedt. Share this: WordPress 4.2.1 Security Release Posted April 27, 2015 by Gary Pendergast. Filed under Releases, Security. WordPress 4.2.1 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately. A few hours ago, the WordPress team was made aware of a cross-site scripting vulnerability, which could enable commenters to compromise a site. The vulnerability was discovered by Jouko Pynnönen. WordPress 4.2.1 has begun to roll out as an automatic background update, for sites that support those. For more information, see the release notes or consult the list of changes. Download WordPress 4.2.1 or venture over to Dashboard → Updates and simply click “Update Now”. WordPress 4.2 An easier way to share content Extended character support Switch themes in the Customizer Even more embeds Streamlined plugin updates Under the Hood utf8mb4 support Database character encoding has changed from utf8 to utf8mb4, which adds support for a whole range of new 4-byte characters. JavaScript accessibility You can now send audible notifications to screen readers in JavaScript with wp.a11y.speak(). Pass it a string, and an update will be sent to a dedicated ARIA live notifications area. Shared term splitting Terms shared across multiple taxonomies will be split when one of them is updated. Find out more in the Plugin Developer Handbook. Complex query ordering WP_Query, WP_Comment_Query, and WP_User_Query now support complex ordering with named meta query clauses.
2015-05-31Update to 4.2:wiz3-9/+22
What's new in Tornado 4.2 ========================= May 26, 2015 ------------ Backwards-compatibility notes ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ * ``SSLIOStream.connect`` and `.IOStream.start_tls` now validate certificates by default. * Certificate validation will now use the system CA root certificates instead of ``certifi`` when possible (i.e. Python 2.7.9+ or 3.4+). This includes `.IOStream` and ``simple_httpclient``, but not ``curl_httpclient``. * The default SSL configuration has become stricter, using `ssl.create_default_context` where available on the client side. (On the server side, applications are encouraged to migrate from the ``ssl_options`` dict-based API to pass an `ssl.SSLContext` instead). * The deprecated classes in the `tornado.auth` module, ``GoogleMixin``, ``FacebookMixin``, and ``FriendFeedMixin`` have been removed. New modules: `tornado.locks` and `tornado.queues` ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ These modules provide classes for coordinating coroutines, merged from `Toro <http://toro.readthedocs.org>`_. To port your code from Toro's queues to Tornado 4.2, import `.Queue`, `.PriorityQueue`, or `.LifoQueue` from `tornado.queues` instead of from ``toro``. Use `.Queue` instead of Toro's ``JoinableQueue``. In Tornado the methods `~.Queue.join` and `~.Queue.task_done` are available on all queues, not on a special ``JoinableQueue``. Tornado queues raise exceptions specific to Tornado instead of reusing exceptions from the Python standard library. Therefore instead of catching the standard `queue.Empty` exception from `.Queue.get_nowait`, catch the special `tornado.queues.QueueEmpty` exception, and instead of catching the standard `queue.Full` from `.Queue.get_nowait`, catch `tornado.queues.QueueFull`. To port from Toro's locks to Tornado 4.2, import `.Condition`, `.Event`, `.Semaphore`, `.BoundedSemaphore`, or `.Lock` from `tornado.locks` instead of from ``toro``. Toro's ``Semaphore.wait`` allowed a coroutine to wait for the semaphore to be unlocked *without* acquiring it. This encouraged unorthodox patterns; in Tornado, just use `~.Semaphore.acquire`. Toro's ``Event.wait`` raised a ``Timeout`` exception after a timeout. In Tornado, `.Event.wait` raises `tornado.gen.TimeoutError`. Toro's ``Condition.wait`` also raised ``Timeout``, but in Tornado, the `.Future` returned by `.Condition.wait` resolves to False after a timeout:: @gen.coroutine def await_notification(): if not (yield condition.wait(timeout=timedelta(seconds=1))): print('timed out') else: print('condition is true') In lock and queue methods, wherever Toro accepted ``deadline`` as a keyword argument, Tornado names the argument ``timeout`` instead. Toro's ``AsyncResult`` is not merged into Tornado, nor its exceptions ``NotReady`` and ``AlreadySet``. Use a `.Future` instead. If you wrote code like this:: from tornado import gen import toro result = toro.AsyncResult() @gen.coroutine def setter(): result.set(1) @gen.coroutine def getter(): value = yield result.get() print(value) # Prints "1". Then the Tornado equivalent is:: from tornado import gen from tornado.concurrent import Future result = Future() @gen.coroutine def setter(): result.set_result(1) @gen.coroutine def getter(): value = yield result print(value) # Prints "1". `tornado.autoreload` ~~~~~~~~~~~~~~~~~~~~ * Improved compatibility with Windows. * Fixed a bug in Python 3 if a module was imported during a reload check. `tornado.concurrent` ~~~~~~~~~~~~~~~~~~~~ * `.run_on_executor` now accepts arguments to control which attributes it uses to find the `.IOLoop` and executor. `tornado.curl_httpclient` ~~~~~~~~~~~~~~~~~~~~~~~~~ * Fixed a bug that would cause the client to stop processing requests if an exception occurred in certain places while there is a queue. `tornado.escape` ~~~~~~~~~~~~~~~~ * `.xhtml_escape` now supports numeric character references in hex format (``&#x20;``) `tornado.gen` ~~~~~~~~~~~~~ * `.WaitIterator` no longer uses weak references, which fixes several garbage-collection-related bugs. * `tornado.gen.Multi` and `tornado.gen.multi_future` (which are used when yielding a list or dict in a coroutine) now log any exceptions after the first if more than one `.Future` fails (previously they would be logged when the `.Future` was garbage-collected, but this is more reliable). Both have a new keyword argument ``quiet_exceptions`` to suppress logging of certain exception types; to use this argument you must call ``Multi`` or ``multi_future`` directly instead of simply yielding a list. * `.multi_future` now works when given multiple copies of the same `.Future`. * On Python 3, catching an exception in a coroutine no longer leads to leaks via ``Exception.__context__``. `tornado.httpclient` ~~~~~~~~~~~~~~~~~~~~ * The ``raise_error`` argument now works correctly with the synchronous `.HTTPClient`. * The synchronous `.HTTPClient` no longer interferes with `.IOLoop.current()`. `tornado.httpserver` ~~~~~~~~~~~~~~~~~~~~ * `.HTTPServer` is now a subclass of `tornado.util.Configurable`. `tornado.httputil` ~~~~~~~~~~~~~~~~~~ * `.HTTPHeaders` can now be copied with `copy.copy` and `copy.deepcopy`. `tornado.ioloop` ~~~~~~~~~~~~~~~~ * The `.IOLoop` constructor now has a ``make_current`` keyword argument to control whether the new `.IOLoop` becomes `.IOLoop.current()`. * Third-party implementations of `.IOLoop` should accept ``**kwargs`` in their `~.IOLoop.initialize` methods and pass them to the superclass implementation. * `.PeriodicCallback` is now more efficient when the clock jumps forward by a large amount. `tornado.iostream` ~~~~~~~~~~~~~~~~~~ * ``SSLIOStream.connect`` and `.IOStream.start_tls` now validate certificates by default. * New method `.SSLIOStream.wait_for_handshake` allows server-side applications to wait for the handshake to complete in order to verify client certificates or use NPN/ALPN. * The `.Future` returned by ``SSLIOStream.connect`` now resolves after the handshake is complete instead of as soon as the TCP connection is established. * Reduced logging of SSL errors. * `.BaseIOStream.read_until_close` now works correctly when a ``streaming_callback`` is given but ``callback`` is None (i.e. when it returns a `.Future`) `tornado.locale` ~~~~~~~~~~~~~~~~ * New method `.GettextLocale.pgettext` allows additional context to be supplied for gettext translations. `tornado.log` ~~~~~~~~~~~~~ * `.define_logging_options` now works correctly when given a non-default ``options`` object. `tornado.process` ~~~~~~~~~~~~~~~~~ * New method `.Subprocess.wait_for_exit` is a coroutine-friendly version of `.Subprocess.set_exit_callback`. `tornado.simple_httpclient` ~~~~~~~~~~~~~~~~~~~~~~~~~~~ * Improved performance on Python 3 by reusing a single `ssl.SSLContext`. * New constructor argument ``max_body_size`` controls the maximum response size the client is willing to accept. It may be bigger than ``max_buffer_size`` if ``streaming_callback`` is used. `tornado.tcpserver` ~~~~~~~~~~~~~~~~~~~ * `.TCPServer.handle_stream` may be a coroutine (so that any exceptions it raises will be logged). `tornado.util` ~~~~~~~~~~~~~~ * `.import_object` now supports unicode strings on Python 2. * `.Configurable.initialize` now supports positional arguments. `tornado.web` ~~~~~~~~~~~~~ * Key versioning support for cookie signing. ``cookie_secret`` application setting can now contain a dict of valid keys with version as key. The current signing key then must be specified via ``key_version`` setting. * Parsing of the ``If-None-Match`` header now follows the RFC and supports weak validators. * Passing ``secure=False`` or ``httponly=False`` to `.RequestHandler.set_cookie` now works as expected (previously only the presence of the argument was considered and its value was ignored). * `.RequestHandler.get_arguments` now requires that its ``strip`` argument be of type bool. This helps prevent errors caused by the slightly dissimilar interfaces between the singular and plural methods. * Errors raised in ``_handle_request_exception`` are now logged more reliably. * `.RequestHandler.redirect` now works correctly when called from a handler whose path begins with two slashes. * Passing messages containing ``%`` characters to `tornado.web.HTTPError` no longer causes broken error messages. `tornado.websocket` ~~~~~~~~~~~~~~~~~~~ * The ``on_close`` method will no longer be called more than once. * When the other side closes a connection, we now echo the received close code back instead of sending an empty close frame.
2015-05-31Update to 4.20:wiz2-6/+6
4.20 2015-05-29 [ RELEASE NOTES ] - CGI.pm is now considered "done". See also "mature" and "legacy" Features requests and none critical issues will be outright rejected. The module is now in maintenance mode for critical issues only. - This release removes the AUTOLOAD and compile optimisations from CGI.pm that were introduced into CGI.pm twenty (20) years ago as a response to its large size, which meant there was a significant compile time penalty. - This optimisation is no longer relevant and makes the code difficult to deal with as well as making test coverage metrics incorrect. Benchmarks show that advantages of AUTOLOAD / lazy loading / deferred compile are less than 0.05s, which will be dwarfed by just about any meaningful code in a cgi script. If this is an issue for you then you should look at running CGI.pm in a persistent environment (FCGI, etc) - To offset some of the time added by removing the AUTOLOAD functionality the dependencies have been made runtime rather than compile time. The POD has also been split into its own file. CGI.pm now contains around 4000 lines of code, which compared to some modules on CPAN isn't really that much - This essentially deprecates the -compile pragma and ->compile method. The -compile pragma will no longer do anything, whereas the ->compile method will raise a deprecation warning. More importantly this also REMOVES the -any pragma because as per the documentation this pragma needed to be "used with care or not at all" and allowing arbitrary HTML tags is almost certainly a bad idea. If you are using the -any pragma and using arbitrary tags (or have typo's in your code) your code will *BREAK* - Although this release should be back compatible (with the exception of any code using the -any pragma) you are encouraged to test it throughly as if you are doing anything out of the ordinary with CGI.pm (i.e. have bugs that may have been masked by the AUTOLOAD feature) you may see some issues. - References: GH #162, GH #137, GH #164 [ SPEC / BUG FIXES ] - make the list context warning in param show the filename rather than the package so we have more information on exactly where the warning has been raised from (GH #171) - correct self_url when PATH_INFO and SCRIPT_NAME are the same but we are not running under IIS (GH #176) - Add the multi_param method to :cgi export (thanks to xblitz for the patch and tests. GH #167) - Fix warning for lack of HTTP_USER_AGENT in CGI::Carp (GH #168) - Fix imports when called from CGI::Fast, restores the import of CGI functions into the callers namespace for users of CGI::Fast (GH leejo/cgi-fast#11 and GH leejo/cgi-fast#12) [ FEATURES ] - CGI::Carp now has $CGI::Carp::FULL_PATH for displaying the full path to the offending script in error messages - CGI now has env_query_string() for getting the value of QUERY_STRING from the environment and not that fiddled with by CGI.pm (which is what query_string() does) (GH #161) - CGI::ENCODE_ENTITIES var added to control which chracters are encoded by the call to the HTML::Entities module - defaults to &<>"' (GH #157 - the \x8b and \x9b chars have been removed from this list as we are concerned more about unicode compat these days than old browser support.) [ DOCUMENTATION ] - Fix some typos (GH #173, GH #174) - All *documentation* for HTML functionality in CGI has been moved into its own namespace: CGI::HTML::Functions - although the functionality continues to exist within CGI.pm so there are no code changes required (GH #142) - Add missing documentation for env variable fetching routines (GH #163) [ TESTING ] - Increase test coverage (GH #3) [ INTERNALS ] - Cwd made a TEST_REQUIRES rather than a BUILD_REQUIRES in Makefile.PL (GH #170) - AutoloadClass variables have been removed as AUTOLOAD was removed in v4.14 so these are no longer necessary (GH #172 thanks to alexmv) - Remove dependency on constant - internal DEBUG, XHTML_DTD and EBCDIC constants changes to $_DEBUG, $_XHTML_DTD, and $_EBCDIC
2015-05-31Update to 5.7.4.2ryoon4-4671/+6518
* Update MESSAGES. Changelog: 5.7.4.2 Behavioral Improvements Saving only a custom template on a block will no longer wrap that block in a custom design DIV. Better saving and resetting of custom designs on blocks and areas. Topics improvements: topics can now be created below other topics; the only different between topic categories and topics is that categories cannot be assigned to objects, only topics can. We now include the page ID in the attributes dialog and panel. Feature block now contains an instance of the rich text editor (thanks MrKarlDilkington) Improvements to new update functionality when site can't connect to concrete5.org Improvements to new update functionality to make it more resilient with failures, but error messaging. Adding attributes to a page will ask for it be checked back/approved when clicking the green icon. Theme name and description can now be translated (thanks mlocati) Added an error notice when deleting a page type that’s in use in your site. Bug Fixes Some servers would redirect infinitely when activating a theme or attempting to logout. This has been fixed. Fix bug with multiple redactor instances on the same page and in the same composer window causing problems. Better rendering of empty areas in Firefox (thanks JeramyNS) Fixed problems with “concrete.seo.trailing_slash” set to true leading to an inability to login, other problems. Attributes that had already been filled out were being shown as still required in page check-in panel. Fixed bug where full URLs were incorrectly parsed if asset caching was enabled (thanks mlocati) Fix download file script leading to 404 errors after you go to the dashboard and hit the back button Fixed https://www.concrete5.org/developers/bugs/5-7-4-1/dont-allow-to-create-file-sets-with-names-containing-forbidden-c/ Fix https://www.concrete5.org/developers/bugs/5-7-4-1/cant-replace-a-file-with-one-in-the-incoming-directory/ Fix XSS in conversation author object; fix author name not showing if a user didn't put in a website (thanks jaromirdalecky) Searching files, pages and users by topics now works in the dashboard Picture tag now properly inserted by Redactor when working with themes that use responsive images. Fixed z-index of message author and status in conversations dashboard page. Developer Updates API improvements to the RedactorEditor class. And many improvements and bugfixes including security bugfixes.
2015-05-31Update to 8.0.3ryoon3-42/+54
Version 8.0.3 May 1st 2015 Fix several Constrain Violation Exceptions Fix misleading Maintenance mode message Timezone fixes for countries with 0.5 and 0.75 offsets Fix usage of default share folder location Reenable trashbin after failed rename Fix disabling of APCu Do not show update notification on mobile Fix "Only variables should be passed by reference" error log spam Add timeout to curl Makes repair errors and warnings visible for the user when upgrading on the command line or in the web UI Cron shall not operate in case we are in maintenance mode Disable the cache updater when doing the encryption migration Fix "Error while updating app" error Internal Server Error after attempting to do "occ files:scan" Several smaller fixes
2015-05-29Changes 3.5.5:adam3-11/+11
* Portability: migrate auto_ptr to C++11 unique_ptr * Portability: Define nullptr if not provided * Cleanup: sync ModSelect.cc and ModSelectWin32.cc * Fix segmentation fault inside Adaptation::Icap::Xaction::swanSong * Fix "Not enough space to hold server hello message" error message * Bug 4132: regression in short_icon_urls with global_internal_static on * Prevent unused ssl_crtd helpers being run * Docs: fix debug output on https_port context failure * HTTP/2: publish RFC 7540 * Fix incorrect use of errno in various libcomm.la places * Bug 4236: SSL negotiation error of 'success' * Fix signal.h usage to resolve compiler warning * Bug 3930: assertion 'connIsUsable(http->getConn())' * Fix missing external ACL helper notes * Bug 4238: assertion Read.cc:205: "params.data == data" * Docs: remove 4.0-only info added by rev.13823 * comm_connect_addr on failures returns Comm:OK * Docs: shuffle SMP specific options to the top of squid.conf * CacheMgr: display 'client_db off' instead of 0 clients accessing cache * Fix assertion errorpage.cc:600: "entry->isEmpty()" * Fix assertion MemBuf.cc:380: "new_cap > (size_t) capacity" in SSL I/O buffer
2015-05-28Update to 2.4.9. From Leonardo Taccari in PR 49920.wiz4-36/+18
WebKitGTK+ 2.4.9 released! This is a bug fix release in the stable 2.4 series. What’s new in the WebKitGTK+ 2.4.9 release? o Check TLS errors as soon as they are set in the SoupMessage to prevent any data from being sent to the server in case of invalid certificate. o Clear the GObject DOM bindings internal cache when frames are destroyed or web view contents are updated. o Add HighDPI support for non-accelerated compositing contents. o Fix some transfer annotations used in GObject DOM bindings. o Use latin1 instead of UTF-8 for HTTP header values. o Fix synchronous loads when maximum connection limits are reached. o Fix a crash ScrollView::contentsToWindow() when GtkPluginWidget doesn’t have a parent. o Fix a memory leak in webkit_web_policy_decision_new. o Fix g_closure_unref runtime warning. o Fix a crash due to empty drag image during drag and drop. o Fix rendering of scrollbars with GTK+ >= 3.16. o Fix the build on mingw32/msys. o Fix the build with WebKit2 disabled. o Fix the build with accelerated compositing disabled. o Fix clang version check in configure. o Fix the build with recent versions of GLib that have GMutexLocker. o Fix the build for Linux/MIPS64EL.
2015-05-28Update to 1.25.1wen3-1102/+3243
Upstream changes: == MediaWiki 1.25.1 == This is a bug fix release of the MediaWiki 1.25 branch. == Changes since 1.25.1 == * (T100351) Fix syntax errors in extension.json of ConfirmEdit extension == MediaWiki 1.25 == === Configuration changes in 1.25 === * $wgPageShowWatchingUsers was removed. * $wgLocalVirtualHosts has been added to replace $wgConf->localVHosts. * $wgAntiLockFlags was removed. * $wgJavaScriptTestConfig was removed. * Edit tokens returned from User::getEditToken may change on every call. Token validity must be checked by passing the user-supplied token to User::matchEditToken rather than by testing for equality with a newly-generated token. * (T74951) The UserGetLanguageObject hook may be passed any IContextSource for its $context parameter. Formerly it was documented as receiving a RequestContext specifically. * Profiling was restructured and $wgProfiler now requires an 'output' parameter. See StartProfiler.sample for details. * $wgMangleFlashPolicy was added to make MediaWiki's mangling of anything that might be a flash policy directive configurable. * ApiOpenSearch now supports XML output. The OpenSearchXml extension should no longer be used. If extracts and page images are desired, the TextExtracts and PageImages extensions are required. * $wgOpenSearchTemplate is deprecated in favor of $wgOpenSearchTemplates. * Edits are now prepared via AJAX as users type edit summaries. This behavior can be disabled via $wgAjaxEditStash. * (T46740) The temporary option $wgIncludejQueryMigrate was removed, along with the jQuery Migrate library, as indicated when this option was provided in MediaWiki 1.24. * ProfilerStandard and ProfilerSimpleTrace were removed. Make sure that any StartProfiler.php config is updated to reflect this. Xhprof is available for zend/hhvm. Also, for hhvm, one can consider using its xenon profiler. * Default value of $wgSVGConverters['rsvg'] now uses the 'rsvg-convert' binary rather than 'rsvg'. * Default value of $wgSVGConverters['ImageMagick'] now uses transparent background with white fallback color, rather than just white background. * MediaWikiBagOStuff class removed, make sure any object cache config uses SqlBagOStuff instead. * The 'daemonized' flag must be set to true in $wgJobTypeConf for any redis job queues. This means that mediawiki/services/jobrunner service has to be installed and running for any such queues to work. * $wgAutopromoteOnce no longer supports the 'view' event. For keeping some compatibility, any 'view' event triggers will still trigger on 'edit'. * $wgExtensionDirectory was added for when your extensions directory is somewhere other than $IP/extensions (as $wgStyleDirectory does with the skins directory). === New features in 1.25 === * (T64861) Updated plural rules to CLDR 26. Includes incompatible changes for plural forms in Russian, Prussian, Tagalog, Manx and several languages that fall back to Russian. * (T60139) ResourceLoaderFileModule now supports language fallback for 'languageScripts'. * Added a new hook, "ContentAlterParserOutput", to allow extensions to modify the parser output for a content object before links update. * (T37785) Enhanced recent changes and extended watchlist are now default. Documentation: https://meta.wikimedia.org/wiki/Help:Enhanced_recent_changes and https://www.mediawiki.org/wiki/Manual:$wgDefaultUserOptions. * (T69341) SVG images will no longer be base64-encoded when being embedded in CSS. This results in slight size increase before gzip compression (due to percent-encoding), but up to 20% decrease after it. * Update jStorage to v0.4.12. * MediaWiki now natively supports page status indicators: icons (or short text snippets) usually displayed in the top-right corner of the page. They have been in use on Wikipedia for a long time, implemented using templates and CSS absolute positioning. - Basic wikitext syntax: <indicator name="foo">[[File:Foo.svg|20px]]</indicator> - Usage instructions: https://www.mediawiki.org/wiki/Help:Page_status_indicators - Adjusting custom skins to support indicators: https://www.mediawiki.org/wiki/Manual:Skinning#Page_status_indicators * Edit tokens may now be time-limited: passing a maximum age to User::matchEditToken will reject any older tokens. * The debug logging internals have been overhauled, and are now using the PSR-3 interfaces. * Update CSSJanus to v1.1.1. * Update lessphp to v0.5.0. * Added a hook, "ApiOpenSearchSuggest", to allow extensions to provide extracts and images for ApiOpenSearch output. The semantics are identical to the "OpenSearchXml" hook provided by the OpenSearchXml extension. * PrefixSearchBackend hook now has an $offset parameter. Combined with $limit, this allows for pagination of prefix results. Extensions using this hook should implement supporting behavior. Not doing so can result in undefined behavior from API clients trying to continue through prefix results. * Update jQuery from v1.11.1 to v1.11.3. * External libraries installed via composer will now be displayed on Special:Version in their own section. Extensions or skins that are installed via composer will not be shown in this section as it is assumed they will add the proper credits to the skins or extensions section. They can also be accessed through the API via the new siprop=libraries to ApiQuerySiteInfo. * Update QUnit from v1.14.0 to v1.16.0. * Update Moment.js from v2.8.3 to v2.8.4. * Special:Tags now allows for manipulating the list of user-modifiable change tags. * Added 'managetags' user right and 'ChangeTagCanCreate', 'ChangeTagCanDelete', and 'ChangeTagCanCreate' hooks to allow for managing user-modifiable change tags. * Added 'ChangeTagsListActive' hook, to separate the concepts of "defined" and "active" formerly conflated by the 'ListDefinedTags' hook. * Added TemplateParser class that provides a server-side interface to cachable dynamically-compiled Mustache templates (currently uses lightncandy library). * Clickable anchors for each section heading in the content are now generated and appear in the gutter on hovering over the heading. * Added 'CategoryViewer::doCategoryQuery' and 'CategoryViewer::generateLink' hooks to allow extensions to override how links to pages are rendered within NS_CATEGORY * (T19665) Special:WantedPages only lists page which having at least one red link pointing to it. * New hooks 'ApiMain::moduleManager' and 'ApiQuery::moduleManager', can be used for conditional registration of API modules. * New hook 'EnhancedChangesList::getLogText' to alter, remove or add to the links of a group of changes in EnhancedChangesList. * A full interface for StatsD metric reporting has been added to the context interface, reachable via IContextSource::getStats(). * Move the jQuery Client library from being mastered in MediaWiki as v0.1.0 to a proper, published library, which is now tagged as v1.0.0. * A new message (defaulting to blank), 'editnotice-notext', can be shown to users when they are editing if no edit notices apply to the page being edited. * (T94536) You can now make the sitenotice appear to logged-in users only by editing MediaWiki:Anonnotice and replacing its content with "". Setting it to "-" (default) will continue disable it and fallback to MediaWiki:Sitenotice. * Modifying the tagging of a revision or log entry is now available via Special:EditTags, generally accessed via the revision-deletion-like interface on history pages and Special:Log is likely to be more useful. * Added 'applychangetags' and 'changetags' user rights. * (T35235) LogFormatter subclasses are now responsible for formatting the parameters for API log event output. Extensions should implement the new getParametersForApi() method in their log formatters. ==== External libraries ==== * MediaWiki now requires certain external libraries to be installed. In the past these were bundled inside the Git repository of MediaWiki core, but now they need to be installed separately. For users using the tarball, this will be taken care of and no action will be required. Users using Git will either need to use composer to fetch dependencies or use the mediawiki/vendor repository which includes all dependencies for MediaWiki core and ones used in Wikimedia deployment. Detailed instructions can be found at: https://www.mediawiki.org/wiki/Download_from_Git#Fetch_external_libraries * The following libraries are now required: ** psr/log This library provides the interfaces set by the PSR-3 standard (http://www.php-fig.org/psr/psr-3/) which are used by MediaWiki internally via the MediaWiki\Logger\LoggerFactory class. See the structured logging RfC (https://www.mediawiki.org/wiki/Requests_for_comment/Structured_logging) for more background information. ** cssjanus/cssjanus This library was formerly bundled with MediaWiki core and has been removed. It automatically flips CSS for RTL support. ** leafo/lessphp This library was formerly bundled with MediaWiki core and has been removed. It compiles LESS files into CSS. ** wikimedia/cdb This library was formerly a part of MediaWiki core, and has been moved into a separate library. It provides CDB functions which are used in the Interwiki and Localization caches. More information about the library can be found at https://www.mediawiki.org/wiki/CDB. ** liuggio/statsd-php-client This library provides a StatsD client API for logging application metrics to a remote server. === Bug fixes in 1.25 === * (T73003) No additional code will be generated to try to load CSS-embedded SVG images in Internet Explorer 6 and 7, as they don't support them anyway. * (T69021) On Special:BookSources, corrected validation of ISBNs (both 10- and 13-digit forms) containing "X". * Page moving was refactored into a MovePage class. As part of that: ** The AbortMove hook was removed. ** MovePageIsValidMove is for extensions to specify whether a page cannot be moved for technical reasons, and should not be overridden. ** MovePageCheckPermissions is for checking whether the given user is allowed to make the move. ** Title::moveNoAuth() was deprecated. Use the MovePage class instead. ** Title::moveTo() was deprecated. Use the MovePage class instead. ** Title::isValidMoveOperation() broken down into MovePage::isValidMove() and MovePage::checkPermissions(). * (T18530) Multiple autocomments are now formatted in an edit summary. * (T70361) Autocomments containing "/*" are parsed correctly. * The Special:WhatLinksHere page linked from 'Number of redirects to this page' on action=info about a file page does not list file links anymore. * (T78637) Search bar is not autofocused unless it is empty so that proper scrolling using arrow keys is possible. * (T50853) Database::makeList() modified to handle 'NULL' separately when building IN clause * (T85192) Captcha position modified in Usercreate template. As a result: ** extrafields parameter added to Usercreate.php to insert additional data ** 'extend' method added to QuickTemplate to append additional values to any field of data array * (T86974) Several Title methods now load from the database when necessary (instead of returning incorrect results) even when the page ID is known. * (T74070) Duplicate search for archived files on file upload now omits the extension. This requires the fa_sha1 field being populated. * Removed rel="archives" from the "View history" link, as it did not pass HTML validation. * $wgUseTidy is now set when parserTests are run with the tidy option to match output on wiki. * (T37472) update.php will purge ResourceLoader cache unless --nopurge is passed to it. * (T72109) mediawiki.language should respect $wgTranslateNumerals in convertNumber(). === Action API changes in 1.25 === * (T67403) XML tag highlighting is now only performed for formats "xmlfm" and "wddxfm". * action=paraminfo supports generalized submodules (modules=query+value), querymodules and formatmodules are deprecated * action=paraminfo no longer outputs descriptions and other help text by default. If needed, it may be requested using the new 'helpformat' parameter. * action=help has been completely rewritten, and outputs help in HTML rather than plain text. * Hitting api.php without specifying an action now displays only the help for the main module, with links to submodule help. * API help is no longer displayed on errors. * 'uselang' is now a recognized API parameter; "uselang=user" may be used to explicitly select the language from the current user's preferences, and "uselang=content" may be used to select the wiki's content language. * Default output format for the API is now jsonfm. * Simplified continuation will return a "batchcomplete" property in the result when a batch of pages is complete. * Pretty-printed HTML output now has nicer formatting and (if available) better syntax highlighting. * Deprecated list=deletedrevs in favor of newly-added prop=deletedrevisions and list=alldeletedrevisions. * prop=revisions will gracefully continue when given too many revids or titles, rather than just ignoring the extras. * prop=revisions will no longer die if rvcontentformat doesn't match a revision's content model; it will instead warn and omit the content. * If the user has the 'deletedhistory' right, action=query's revids parameter will now recognize deleted revids. * prop=revisions may be used as a generator, generating revids. * (T68776) format=json results will no longer be corrupted when $wgMangleFlashPolicy is in effect. format=php results will cleanly return an error instead of returning invalid serialized data. * Generators may now return data for the generated pages when used with action=query. * Query page data for generator=search and generator=prefixsearch will now include an "index" field, which may be used by the client for sorting the search results. * ApiOpenSearch now supports XML output. * ApiOpenSearch will now output descriptions and URLs as array indexes 2 and 3 in JSON format. * (T76051) list=tags will now continue correctly. * (T76052) list=tags can now indicate whether a tag is defined. * (T75522) list=prefixsearch now supports continuation * (T78737) action=expandtemplates can now return page properties. * (T78690) list=allimages now accepts multiple pipe-separated values for the 'aimime' parameter. * prop=info with inprop=protections will now return applicable protection types with the 'restrictiontypes' key. * (T85417) When resolving redirects, ApiPageSet will now add the targets of interwiki redirects to the list of interwiki titles. * (T85417) When outputting the list of redirect titles, a 'tointerwiki' property (like the existing 'tofragment' property) will be set. * Added action=managetags to allow for managing the list of user-modifiable change tags. Actually modifying the tagging of a revision or log entry is not implemented yet. * list=tags has additional properties to indicate 'active' status and tag sources. * siprop=libraries was added to ApiQuerySiteInfo to list installed external libraries. * (T88010) Added action=checktoken, to test a CSRF token's validity. * (T88010) Added intestactions to prop=info, to allow querying of Title::userCan() via the API. * Default type param for query list=watchlist and list=recentchanges has been changed from all types (e.g. including 'external') to 'edit|new|log'. * Added formatversion to format=json. Still "experimental" as further changes to the output formatting might still be made. * (T73020) Log event details are now always under a 'params' subkey for list=logevents, and a 'logparams' subkey for list=watchlist and list=recentchanges. * Log event details are changing formatting: * block events now report flags as an array rather than as a comma-separated list. * patrol events now report the 'auto' flag as a boolean (absent/empty string for BC formats) rather than as an integer. * rights events now report the old and new group lists as arrays rather than as comma-separated lists. * merge events use new-style formatting. * delete/event and delete/revision events use new-style formatting. * The root node and various other nodes will now always be an object in formats such as json that distinguish between arrays and objects. * Except for action=opensearch where the spec requires an array. === Action API internal changes in 1.25 === * ApiHelp has been rewritten to support i18n and paginated HTML output. Most existing modules should continue working without changes, but should do the following: * Add an i18n message "apihelp-{$moduleName}-description" to replace getDescription(). * Add i18n messages "apihelp-{$moduleName}-param-{$param}" for each parameter to replace getParamDescription(). If necessary, the settings array returned by getParams() can use the new ApiBase::PARAM_HELP_MSG key to override the message. * Implement getExamplesMessages() to replace getExamples(). * Modules with submodules (like action=query) must have their submodules override ApiBase::getParent() to return the correct parent object. * The 'APIGetDescription' and 'APIGetParamDescription' hooks are deprecated, and will have no effect for modules using i18n messages. Use 'APIGetDescriptionMessages' and 'APIGetParamDescriptionMessages' instead. * Api formatters will no longer be asked to display the help screen on errors. * ApiMain::getCredits() was removed. The credits are available in the 'api-credits' i18n message. * ApiFormatBase has been changed to support i18n and syntax highlighting via extensions with the new 'ApiFormatHighlight' hook. Core syntax highlighting has been removed. * ApiFormatBase now always buffers. Output is done when ApiFormatBase::closePrinter is called. * Much of the logic in ApiQueryRevisions has been split into ApiQueryRevisionsBase. * The 'revids' parameter supplied by ApiPageSet will now count deleted revisions as "good" if the user has the 'deletedhistory' right. New methods ApiPageSet::getLiveRevisionIDs() and ApiPageSet::getDeletedRevisionIDs() are provided to access just the live or just the deleted revids. * Added ApiPageSet::setGeneratorData() and ApiPageSet::populateGeneratorData() to allow generators to include data in the action=query result. * New hooks 'ApiMain::moduleManager' and 'ApiQuery::moduleManager', can be used for conditional registration of API modules. * Added ApiBase::lacksSameOriginSecurity() to allow modules to easily check if the current request was sent with the 'callback' parameter (or any future method that breaks the same-origin policy). * Profiling methods in ApiBase are deprecated and no longer need to be called. * ApiResult was greatly overhauled. See inline documentation for details. * ApiResult will automatically convert objects to strings or arrays (depending on whether a __toString() method exists on the object), and will refuse to add unsupported value types. * An informal interface, ApiSerializable, exists to override the default object conversion. * ApiResult/ApiFormatBase "raw mode" is deprecated. * ApiFormatXml now assumes defaults and so on instead of throwing errors when metadata isn't set. * (T35235) LogFormatter subclasses are now responsible for formatting log event parameters for the API. * Many modules have changed result data formats. While this shouldn't affect clients not using the experimental formatversion=2, code using ApiResult::getResultData() without the transformations for backwards compatibility may need updating, as will code that wasn't following the old conventions for API boolean output. * The following methods have been deprecated and may be removed in a future release: * ApiBase::getDescription * ApiBase::getParamDescription * ApiBase::getExamples * ApiBase::makeHelpMsg * ApiBase::makeHelpArrayToString * ApiBase::makeHelpMsgParameters * ApiBase::getModuleProfileName * ApiBase::profileIn * ApiBase::profileOut * ApiBase::safeProfileOut * ApiBase::getProfileTime * ApiBase::profileDBIn * ApiBase::profileDBOut * ApiBase::getProfileDBTime * ApiBase::getResultData * ApiFormatBase::setUnescapeAmps * ApiFormatBase::getWantsHelp * ApiFormatBase::setHelp * ApiFormatBase::formatHTML * ApiFormatBase::setBufferResult * ApiFormatBase::getDescription * ApiFormatBase::getNeedsRawData * ApiMain::setHelp * ApiMain::reallyMakeHelpMsg * ApiMain::makeHelpMsgHeader * ApiResult::setRawMode * ApiResult::getIsRawMode * ApiResult::getData * ApiResult::setElement * ApiResult::setContent * ApiResult::setIndexedTagName_recursive * ApiResult::setIndexedTagName_internal * ApiResult::setParsedLimit * ApiResult::beginContinuation * ApiResult::setContinueParam * ApiResult::setGeneratorContinueParam * ApiResult::endContinuation * ApiResult::size * ApiResult::convertStatusToArray * ApiQueryImageInfo::getPropertyDescriptions * ApiQueryLogEvents::addLogParams * The following classes have been deprecated and may be removed in a future release: * ApiQueryDeletedrevs === Languages updated in 1.25 === MediaWiki supports over 350 languages. Many localisations are updated regularly. Below only new and removed languages are listed, as well as changes to languages because of Bugzilla reports. * Languages added: ** awa (अवधी / Awadhi), thanks to translator 1AnuraagPandey; ** bgn (بلوچی رخشانی / Western Balochi), thanks to translators Baloch Afghanistan, Ibrahim khashrowdi and Rachitrali; ** ses (Koyraboro Senni), thanks to translator Songhay. * (T66440) Kazakh (kk) wikis should no longer forcefully reset the user's interface language to kk where unexpected. * The Chinese conversion table was substantially updated to fix a lot of bugs and ensure better reading experience for different variants. === Other changes in 1.25 === * (T45591) Links to MediaWiki.org translatable help were added to indicators, mostly in special pages. Local custom target titles can be placed in the relevant '(namespace-X|action name|special page name)-helppage' system message. Extensions can use the addHelpLink() function to do the same. * The skin autodiscovery mechanism, deprecated in MediaWiki 1.23, has been removed. See https://www.mediawiki.org/wiki/Manual:Skin_autodiscovery for migration guide for creators and users of custom skins that relied on it. * Javascript variables 'wgFileCanRotate' and 'wgFileExtensions' now only available on Special:Upload. * (T58257) Set site logo from mediawiki.skinning.interface module instead of inline styles in the HTML. * Removed ApiQueryUsers::getAutoGroups(). (deprecated since 1.20) * Removed XmlDumpWriter::schemaVersion(). (deprecated since 1.20) * Removed LogEventsList::getDisplayTitle(). (deprecated since 1.20) * Removed Preferences::trySetUserEmail(). (deprecated since 1.20) * Removed mw.user.name() and mw.user.anonymous() methods. (deprecated since 1.20) * Removed 'ok' and 'err' parameters in the mediawiki.api modules. (deprecated since 1.20) * Removed 'async' parameter from the mw.Api#getCategories() method. (deprecated since 1.20) * Removed 'jquery.json' module. (deprecated since 1.24) Use the 'json' module and global JSON object instead. * Deprecated OutputPage::readOnlyPage() and OutputPage::rateLimited(). Also, the former will now throw an MWException if called with one or more arguments. * Removed hitcounters and associated code. * The "temp" zone of the upload respository is now considered private. If it already exists (such as under the images/ directory), please make sure that the directory is not web readable (e.g. via a .htaccess file). * BREAKING CHANGE: In the XML dump format used by Special:Export and dumpBackup.php, the <model> and <format> tags now apprear before the <text> tag, instead of after the <text> and <sha1> tags. The new schema version is 0.10, the new schema URI is: https://www.mediawiki.org/xml/export-0.10.xsd * MWFunction::call() and MWFunction::callArray() were removed, having being deprecated in 1.22. * Deprecated the getInternalLinkAttributes, getInternalLinkAttributesObj, and getInternalLinkAttributes methods in Linker, and removed getExternalLinkAttributes method, which was deprecated in MediaWiki 1.18. * Removed Sites class, which was deprecated in 1.21 and replaced by SiteSQLStore. * Added wgRelevantArticleId to the client-side config, for use on special pages. * Deprecated the TitleIsCssOrJsPage hook. Superseded by the ContentHandlerDefaultModelFor hook since MediaWiki 1.21. * Deprecated the TitleIsWikitextPage hook. Superseded by the ContentHandlerDefaultModelFor hook since MediaWiki 1.21. * Changed parsing of variables in schema (.sql) files: ** The substituted values are no longer parsed. (Formerly, several passes were made for each variable, so depending on the order in which variables were defined, variables might have been found inside encoded values. This is no longer the case.) ** Variables are no longer string encoded when the /*$var*/ syntax is used. If string encoding is necessary, use the '{$var}' syntax instead. ** Variable names must only consist of one or more of the characters "A-Za-z0-9_". ** In source text of the form '{$A}'{$B}' or `{$A}`{$B}`, where variable A does not exist yet variable B does, the latter may not be replaced. However, this difference is unlikely to arise in practice. * (T67278) RFC, PMID, and ISBN "magic links" must be surrounded by non-word characters on both sides. * The FormatAutocomments hook will now receive $pre and $post as booleans, rather than as strings that must be prepended or appended to $comment. * (T30950, T31025) RFC, PMID, and ISBN "magic links" can no longer contain newlines; but they can contain &nbsp; and other non-newline whitespace. * The 'mediawiki.action.edit' ResourceLoader module no longer generates the edit toolbar, which has been moved to a separate 'mediawiki.toolbar' module. If you relied on this behavior, update your scripts' dependencies. * HTMLForm's 'vform' display style has been separated to a subclass. Therefore: * HTMLForm::isVForm() is now deprecated. * You can no longer do this: $form = new HTMLForm( … ); $form->setDisplayFormat( 'vform' ); // throws exception Instead, do this: $form = HTMLForm::factory( 'vform', … ); * Deprecated Revision methods getRawUser(), getRawUserText() and getRawComment(). * BREAKING CHANGE: mediawiki.user.generateRandomSessionId: The alphabet of the prior string returned was A-Za-z0-9 and now it is 0-9A-F * (T87504) Avoid serving SVG background-images in CSS for Opera 12, which renders them incorrectly when combined with border-radius or background-size. * Removed maintenance script dumpSisterSites.php. * DatabaseBase class constructors must be called using the array argument style. Ideally, DatabaseBase:factory() should be used instead in most cases. * Deprecated ParserOutput::addSecondaryDataUpdate and ParserOutput::getSecondaryDataUpdates. This is a hard deprecation, with getSecondaryDataUpdates returning an empty array and addSecondaryDataUpdate throwing an exception. These functions will be removed in 1.26, since they interfere with caching of ParserOutput objects. * Introduced new hook 'SecondaryDataUpdates' that allows extensions to inject custom updates. * Introduced new hook 'OpportunisticLinksUpdate' that allows extensions to perform updates when a page is re-rendered. * EditPage::attemptSave has been modified not to call handleStatus itself and instead just returns the Status object. Extension calling it should be aware of this. * Removed class DBObject. (unused since 1.10) * wfDiff() is deprecated. * The -m (maximum replication lag) option of refreshLinks.php was removed. It had no effect since MediaWiki 1.18 and should be removed from any cron jobs or similar scripts you may have set up. * (T85864) The following messages no longer support raw html: redirectto, thisisdeleted, viewdeleted, editlink, retrievedfrom, version-poweredby-others, retrievedfrom, thisisdeleted, viewsourcelink, lastmodifiedat, laggedslavemode, protect-summary-cascade * All BloomCache related code has been removed. This was largely experimental. * $wgResourceModuleSkinStyles no longer supports per-module local or remote paths. They can only be set for the entire skin. * Removed global function swap(). (deprecated since 1.24) * Deprecated the ".php5" file extension entry points and the $wgScriptExtension configuration variable. Refer to the ".php" files instead. If you want ".php5" URLs to continue to work, set up redirects. In Apache, this can be done by enabling mod_rewrite and adding the following rules to your configuration: RewriteEngine On RewriteBase / RewriteRule ^(.*)\.php5 $1.php [R=301,L] * The global importScriptURI and importStylesheetURI functions, as well as the loadedScripts object, from wikibits.js (deprecated since 1.17) now emit warnings through mw.log.warn when accessed. == Compatibility == MediaWiki 1.25 requires PHP 5.3.3 or later. There is experimental support for HHVM 3.3.0. MySQL is the recommended DBMS. PostgreSQL or SQLite can also be used, but support for them is somewhat less mature. There is experimental support for Oracle and Microsoft SQL Server. The supported versions are: * MySQL 5.0.3 or later * PostgreSQL 8.3 or later * SQLite 3.3.7 or later * Oracle 9.0.1 or later * Microsoft SQL Server 2005 (9.00.1399) == Upgrading == 1.25 has several database changes since 1.24, and will not work without schema updates. Note that due to changes to some very large tables like the revision table, the schema update may take quite long (minutes on a medium sized site, many hours on a large site). If upgrading from before 1.11, and you are using a wiki as a commons repository, make sure that it is updated as well. Otherwise, errors may arise due to database schema changes. If upgrading from before 1.7, you may want to run refreshLinks.php to ensure new database fields are filled with data. If you are upgrading from MediaWiki 1.4.x or earlier, you should upgrade to 1.5 first. The upgrade script maintenance/upgrade1_5.php has been removed with MediaWiki 1.21. Don't forget to always back up your database before upgrading! See the file UPGRADE for more detailed upgrade instructions. For notes on 1.24.x and older releases, see HISTORY. == Online documentation == Documentation for both end-users and site administrators is available on MediaWiki.org, and is covered under the GNU Free Documentation License (except for pages that explicitly state that their contents are in the public domain): https://www.mediawiki.org/wiki/Documentation == Mailing list == A mailing list is available for MediaWiki user support and discussion: https://lists.wikimedia.org/mailman/listinfo/mediawiki-l A low-traffic announcements-only list is also available: https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce It's highly recommended that you sign up for one of these lists if you're going to run a public MediaWiki, so you can be notified of security fixes. == IRC help == There's usually someone online in #mediawiki on irc.freenode.net.
2015-05-28Fix the error of "interpreter does not exist"wen1-1/+3
Reported by: joerg@(Thanks !)
2015-05-27Reset MAINTAINER, resigned ages ago.wiz1-2/+2
2015-05-27Update to 6.09:wiz2-6/+6
2015-05-20 Net-HTTP 6.09 Karen Etheridge (1): No changes since 6.08_002 2015-05-02 Net-HTTP 6.08_002 Karen Etheridge (1): fix foolish $VERSION error in 6.08_001 2015-05-01 Net-HTTP 6.08_001 Mark Overmeer (1): resolve issues with SSL by reading bytes still waiting to be read after the initial 1024 bytes [RT#104122]
2015-05-27Update to 2.13:wiz2-6/+6
2.13 Thu May 21 12:20:46 EDT 2015 - bundled examples html page
2015-05-27Update to 8.0.23ryoon2-6/+6
Changelog: The Apache Tomcat Project is proud to announce the release of version 8.0.23 of Apache Tomcat. Apache Tomcat 8.0.23 includes a numerous fixes for issues identified in 8.0.22 as well as a number of other enhancements and changes. The notable changes since 8.0.22 include: Fixed corruption issues with NIO2 and TLS Added a workaround for SPNEGO authentication and a JRE regression in Java 8 update 40 onwards Added the new HttpHeaderSecurityFilter
2015-05-27Update to 7.0.62ryoon2-6/+6
Changelog: Tomcat 7.0.62 (violetagg) Catalina add Allow logging of the remote port in the access log using the format pattern %{remote}p. (rjung) fix 57765: When checking last modified times as part of the automatic deployment process, account for the fact that File.lastModified() has a resolution of one second to ensure that if a file has been modified within the last second, the latest version of the file is always used. Note that a side-effect of this change is that files with modification times in the future are treated as if they are unmodified. (markt) fix Align redeploy resource modification checking with reload modification checking so that now, in both cases, a change in modification time rather than an increase in modification time is used to determine if the resource has changed. (markt) fix Cleanup o.a.tomcat.util.digester.Digester from debug messages that do not give any valuable information. Patch provided by Polina Genova. (violetagg) fix 57772: When reloading a web application and a directory representing an expanded WAR needs to be deleted, delete the directory after the web application has been stopped rather than before to avoid potential ClassNotFoundExceptions. (markt) fix 57801: Improve the error message in the start script in case the PID read from the PID file is already owned by a process. (rjung) fix 57824: Correct a regression in the fix for 57252 that broke request listeners for non-async requests that triggered an error that was handled by the ErrorReportingValve. (markt/violetagg) fix 57841: Improve error logging during web application start. (markt) fix 57856: Ensure that any scheme/port changes implemented by the RemoteIpFilter also affect HttpServletResponse.sendRedirect(). (markt) fix 57896: Support defensive copying of "cookie" header so that unescaping double quotes in a cookie value does not corrupt original value of "cookie" header. This is an opt-in feature, enabled by org.apache.tomcat.util.http.ServerCookie.PRESERVE_COOKIE_HEADER system property. (kkolinko) Coyote fix 57779: When an I/O error occurs on a non-container thread only dispatch to a container thread to handle the error if using Servlet 3+ asynchronous processing. This avoids potential deadlocks if an application is performing I/O on a non-container thread without using the Servlet 3+ asynchronous API. (markt) fix 57833: When using JKS based keystores for NIO, ensure that the key alias is always converted to lower caes since that is what JKS key stores expect. Based on a patch by Santosh Giri Govind M. (markt) fix 57837: Add text/css to the default list of compressable MIME types. (markt) Jasper fix 57845: Ensure that, if the same JSP is accessed directly and via a <jsp-file> declaration in web.xml, updates to the JSP are visible (subject to the normal rules on re-compilation) regardless of how the JSP is accessed. (markt) fix 57855: Explicitly handle the case where a MethodExpression is invoked with null or the wrong number of parameters. Rather than failing with an ArrayIndexOutOfBoundsException or a NullPointerException throw an IllegalArgumentException with a useful error message. (markt) Cluster add Add new attribute that send all actions for session across Tomcat cluster nodes. (kfujino) fix Remove unused pathname attribute in mbean definition of BackupManager. (kfujino) fix 57338: Improve the ability of the ClusterSingleSignOn valve to handle nodes being added and removed from the Cluster at run time. (markt) fix Avoid unnecessary call of DeltaRequest.addSessionListener() in non-primary nodes. (kfujino) WebSocket fix 57762: Ensure that the WebSocket client correctly detects when the connection to the server is dropped. (markt) fix 57776: Revert the 8.0.21 fix for the permessage-deflate implementation and incorrect op-codes since the fix was unnecessary (the bug only affected trunk) and the fix broke rather than fixed permessage-deflate if an uncompressed message was converted into more than one compressed message. (markt) fix Fix log name typo in WsRemoteEndpointImplServer class, caused by a copy-paste. (markt/kkolinko) fix 57788: Avoid NPE when looking up a class hierarchy without finding anything. (remm) Web applications add 57759: Add information to the keyAlias documentation to make it clear that the order keys are read from the keystore is implementation dependent. (markt) fix 57864: Update the documentation web application to make it clearer that hex values are not valid for cluster send options. Based on a patch by Kyohei Nakamura. (markt) Tribes fix Fix a concurrency issue when a backup message that has all session data and a backup message that has diff data are processing at the same time. This fix ensures that MapOwner is set to ReplicatedMapEntry. (kfujino) fix Clarify the handling of Copy message and Copy nodes. (kfujino) fix Copy node does not need to send the entry data. It is enough to send only the node information of the entry. (kfujino) fix ReplicatedMap should send the Copy message when replicating. (kfujino) fix Fix behavior of ReplicatedMap when member has disappeared. If map entrprimary, rebuild the backup members. If primary node of map entry has disappeared, backup node is promoted to primary. (kfujino) fix When a map member has been added to ReplicatedMap, make sure to add it to backup nodes list of all other members.
2015-05-26Update to 31.7.0ryoon2-246/+246
* Sync with firefox31-31.7.0.
2015-05-26Update to 31.7.0ryoon5-170/+12
Changelog: Fixed in Firefox ESR 31.7 2015-57 Privilege escalation through IPC channel messages 2015-54 Buffer overflow when parsing compressed XML 2015-51 Use-after-free during text processing with vertical text enabled 2015-48 Buffer overflow with SVG content and CSS 2015-47 Buffer overflow parsing H.264 video with Linux Gstreamer 2015-46 Miscellaneous memory safety hazards (rv:38.0 / rv:31.7)
2015-05-23Don't fail if there's no PaxHeader to remove.schmonz1-2/+2
2015-05-23(pkgsrc)mef2-7/+9
- Add BUILD_DEPENDS to p5-Catalyst-Plugin-Authorization-Roles for make test (upstream) - Update to 0.1506 ---------------- 0.1506 2014-04-02 * Fix doc bugs. RT#87372 * Fix calling User->can() as a class method. RT#90715 * Fix Catalyst tutorial link. RT#47043
2015-05-23Update 1.17 to 1.19mef2-6/+6
------------------- 1.19 2015-02-06 09:40:02-06:00 America/Chicago - Make LWP a test dep instead of a hard dep (Fixes GH#3, thanks Alexander Hartmaier for the report!) - Hard dep on JSON::MaybeXS (Fixes RT#101854, thanks Emmanuel Seyman for the report and Karen Etheridge for help tracking down the cause!) 1.18 2015-01-20 12:20:46-06:00 America/Chicago - Fix tests on travisci so that Catalyst proper can run on travisci (Thanks Andrae (André) Walker!)
2015-05-23Update to 2.22mef2-6/+6
-------------- 2.22 Thu May 14 04:04:03 CEST 2015 - ipv6 literals were not correctly parsed (analyzed by Raphael Geissert). - delete the body when mutating request to GET request when redirecting (reported by joe trader). - send proxy-authorization header to proxy when using CONNECT (reported by dzagashev@gmail.com). - do not send Proxy-Authroization header when not using a proxy. - when retrying a persistent request, switch persistency off. - added t/02_ip_literals.t.
2015-05-23Update xsp and ap-mono to the latest and the greatest from mono-projectkefren7-41/+48
Apache 2.4 linking of ap-mono is now possible
2015-05-22Remove the patch .orig file(s) to avoid PLIST problems. (How do otherhauke1-1/+5
python packages deal with this?)
2015-05-22... and update the patch checksum.hauke1-2/+2
2015-05-22In the readmore plugin, use the current flavour before the defaulthauke3-3/+23
one, if available.
2015-05-22Explicitly depend on py-docutils, which some of the core plugins use.hauke1-2/+4
2015-05-22Add patch to mitigate Logjam TLS vulnerabilities (CVE-2015-4000).sborrill3-2/+81
Based on FreeBSD ports.
2015-05-20Use poll instead of select. Fixes CVE-2012-6687.kim3-3/+89
2015-05-20Update to 1.2.0wen4-24/+13
Upstream changes: 1.2.0 2015-04-14 07:13:00+0000 - [core] bundle libyaml #248 (Kazuho Oku) - [core] implement master-worker process mode and daemon mode (bundles Server::Starter) #258 #270 (Kazuho Oku) - [file] more mime-types by default #250 #254 #280 (Tatsuhiko Kubo, George Liu, Kazuho Oku) - [file][http1] fix connection being closed if the length of content is zero #276 (Kazuho Oku) - [headers] fix heap overrun during configuration #251 (Kazuho Oku) - [http2] do not delay sending PUSH_PROMISE #221 (Kazuho Oku) - [http2] reduce memory footprint under high load #271 (Kazuho Oku) - [http2] fix incorrect error sent when number of streams exceed the limit #268 (Kazuho Oku) - [proxy] fix heap overrun when building request sent to upstream #266 #269 (Moto Ishizawa, Kazuho Oku) - [proxy] fix laggy response in case the length of content is zero #274 #276 (Kazuho Oku) - [SSL] fix potential stall while reading data from client #268 (Kazuho Oku) - [SSL] bundle LibreSSL #236 #272 (Kazuho Oku) - [SSL] obtain source-level compatibility with BoringSSL #228 (Kazuho Oku) - [SSL] add directive `listen.ssl.cipher-preference` for controlling the selection logic of cipher-suites #233 (Kazuho Oku) - [SSL] disable TLS compression #252 (bisho) - [libh2o] fix C++ compatibility (do not use empty struct) #225 (Kazuho Oku) - [libh2o] search external dependencies using pkg-config #227 (Kazuho Oku) - [misc] fix GCC version detection bug used for controlling compiler warnings #224 (Kazuho Oku) - [misc] check merory allocation failures in socket pool #265 (Tatsuhiko Kubo) 1.1.1 2015-03-09 06:12:00+0000 - [proxy] fix crash on NetBSD when upstream connection is persistent #217 (Kazuho Oku) - [misc] fix compile error on FreeBSD #211 #212 (Syohei Yoshida) 1.1.0 2015-03-06 06:41:00+0000 - [core][file] send redirects appending '/' as abs-path redirects #209 (Kazuho Oku) - [headers] add directives for manipulating response headers #204 (Kazuho Oku) - [http2] do not send a corrupt response if header value is longer than 126 bytes #193 (Kazuho Oku) - [http2] fix interoperability issue with nghttp2 0.7.5 and above 5c42eb1 (Kazuho Oku) - [proxy] send `via` header to upstream #191 (Kazuho Oku) - [proxy] resolve hostname asynchronously #207 (Kazuho Oku) - [proxy] distribute load between upstream servers (using `rand()`) #208 (Kazuho Oku) - [proxy] fix a bug that may cause a corrupt `location` header being forwarded #190 (Kazuho Oku) - [reproxy] add support for `x-reproxy-url` header #187 #197 (Daisuke Maki, Kazuho Oku) 1.0.1 2015-02-23 05:50:00+0000 - [core] change backlog size from 65,536 to 65,535 #183 (Tatsuhiko Kubo) - [http2] fix assertion failure in HPACK encoder #186 (Kazuho Oku) - [http2] add `extern` to some global variables that were not marked as such #178 (Kazuho Oku) - [proxy] close persistent upstream connection if client abruptly closes the stream #188 (Kazuho Oku) - [proxy] fix internal state corruption in case upstream sends response headers divided into multpile packets #189 (Kazuho Oku) - [SSL] add host header to OCSP request #176 (Masaaki Hirose) - [libh2o] do not require header files under `deps/` when using libh2o #173 (Kazuho Oku) - [libh2o] fix compile error in examples when compiled with `H2O_USE_LIBUV=0` #177 (Kazuho Oku) - [libh2o] in example, add missing / after the reference path #180 (Matthieu Garrigues) - [misc] fix invalid HTML in sample page #175 (Deepak Prakash) 1.0.0 2015-02-18 20:01:00+0000 - [core] add redirect handler #150 (Kazuho Oku) - [core] add `pid-file` directive for specifying the pid file #164 (Kazuho Oku) - [core] connections accepted by host-specific listeners should not be handled by handlers of other hosts #163 (Kazuho Oku) - [core] (FreeBSD) fix a bug that prevented the standalone server from booting when run as root #160 (Kazuho Oku) - [core] switch to pipe-based interthread messaging #154 (Kazuho Oku) - [core] use kqueue on all BSDs #156 (Kazuho Oku) - [access-log] more logging directives: %H, %m, %q, %U, %V, %v #158 (Kazuho Oku) - [access-log] bugfix: header values were not logged when specified using uppercase letters #157 (Kazuho Oku) - [file] add application/json to defalt MIME-types #159 (Tatsuhiko Kubo) - [http2] add support for the finalized version of HTTP/2 #166 (Kazuho Oku) - [http2] fix issues reported by h2spec v0.0.6 #165 (Kazuho Oku) - [proxy] merge the cookie headers before sending to upstream #161 (Kazuho Oku) - [proxy] simplify the configuration directives (and make persistent upstream connections as default) #162 (Kazuho Oku) - [SSL] add configuration directive to preload DH params #148 (Jeff Marrison) - [libh2o] separate versioning scheme using H2O_LIBRARY_VERSION_* #167 (Kazuho Oku) 0.9.2 2015-02-10 04:17:00+0000 - [core] graceful shutdown on SIGTERM #119 (Kazuho Oku) - [core] less TCP errors under high load #81 (Kazuho Oku) - [file] add support for HEAD requests #110 (Mark Hoersken) - [http1] MSIE workaround (send `Cache-Control: private` in place of Vary) #114 (Kazuho Oku) - [http2] support server-push #133 (Kazuho Oku) - [http2] fix spurious RST_STREAMS being sent #132 (Kazuho Oku) - [http2] weight-based distribution of bandwidth #135 (Kazuho Oku) - [proxy] added configuration directive `proxy.preserve-host` #112 (Masahiro Nagano) - [proxy] sends X-Forwarded-For and X-Forwarded-Proto headers #112 (Masahiro Nagano) - [proxy] stability improvements #61 (Kazuho Oku) - [misc] adjustments to make the source code more analyzer-friendly #113,#117 (Nick Desaulniers, Maks Naumov) 0.9.1 2015-01-19 21:13:00+0000 - added configuration directives: ssl/cipher-suite, ssl/ocsp-update-interval, ssl/ocsp-max-failures, expires, file.send-gzip - [http2] added support for draft-16 (draft-14 is also supported) - [http2] dependency-based prioritization - [http2] improved conformance to the specification - [SSL] OCSP stapling (automatically enabled by default) - [SSL] fix compile error with OpenSSL below version 1.0.1 - [file] content negotiation (serving .gz files) - [expires] added support for Cache-Control: max-age - [libh2o] libh2o and the header files installed by `make install` - [libh2o] fix compile error when used from C++ - automatically setuids to nobody when run as root and if `user` directive is not set - automatically raises RLIMIT_NOFILE - uses all CPU cores by default - now compiles on NetBSD and other BSD-based systems
2015-05-19Update to 0.160001wen2-6/+6
Upstream changes: 0.160001 2015-05-14 20:40:10+02:00 Europe/Amsterdam [ BUG FIXES ] * GH #893, #895: Catch config parse errors when Config::Any doesn't throw them. (Russell Jenkins) * GH #899: Minimum YAML version supported is v0.86 (Shlomi Fish) * GH #906: send_file - missing import and fix logic error for streaming by default (Russell Jenkins) [ DOCUMENTATION ] * GH #897: Remove docs for unimplemented 'load' keyword (Fayland Lam) [ ENHANCEMENT ] * GH #894, #898: Add status and headers methods to ::Response::Delayed (Yanick Champoux, Charlie Gonzalez)
2015-05-19Update of apache-roller to version 5.1.2spz3-15/+16
An approximate changelog 5.0.3 to 5.1.2 (resolved issues from Jira): ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Bug ROL-2057 Missing NPE check in Roller PageServlet class Unassigned Kohei Nozaki Major 30/Mar/15 Bug ROL-2058 No salt renewal on POST request David Johnson Kohei Nozaki Major 30/Mar/15 Bug ROL-2059 Comment preview is invisible in Gaurav theme David Johnson Kohei Nozaki Major 30/Mar/15 Bug ROL-2061 Wrong next month link of Calendar David Johnson Kohei Nozaki Major 30/Mar/15 Bug ROL-2062 Missing NPE check in IndexOperation#getDocument() David Johnson Kohei Nozaki Major 30/Mar/15 Improvement ROL-2064 Add viewport meta tag to Gaurav theme David Johnson Kohei Nozaki Trivial 30/Mar/15 Bug ROL-2065 Gaurav sometimes displaying empty summary as unresolved "$entry.summary" David Johnson Kohei Nozaki Minor 30/Mar/15 Bug ROL-2066 Comment URLs using https:// not saving properly in Gaurav theme David Johnson Kohei Nozaki Trivial 30/Mar/15 Bug ROL-2067 Velocity configuration improvement David Johnson David Johnson Major 30/Mar/15 Documentation ROL-2056 Wrong pointer (section number) in Install Guide at section 11.2 Unassigned Kohei Nozaki Minor 05/Jan/15 Bug ROL-2052 Custom stylesheets not being updated correctly when user switches between shared and custom themes. Unassigned Glen Mazza Major 06/Oct/14 Bug ROL-2051 Roller not falling back to standard theme renditions when mobile one unavailable. Unassigned Glen Mazza Critical 02/Oct/14 Bug ROL-1387 In creating tag aggregate counts, count tags only from published blog entries Glen Mazza linda skrocki Major 02/Oct/14 Bug ROL-1620 Plus signs in categories lead to a 404 category RSS/Atom feeds Glen Mazza linda skrocki Major 02/Oct/14 Bug ROL-2055 Comment search should be case insensitive Glen Mazza Glen Mazza Minor 02/Oct/14 Bug ROL-2054 Newly saved categories not appearing on blog Glen Mazza Glen Mazza Major 02/Oct/14 Bug ROL-1974 Roller's ROME Propono dependency needs updating to use newer JARs David Johnson Glen Mazza Minor 25/Aug/14 Bug ROL-1973 ROME dependency used by Roller needs updating David Johnson Glen Mazza Minor 25/Aug/14 Bug ROL-1942 Uploaded media file not selectable in media file view Greg Huber Budi Ariyanto Major 25/Aug/14 Bug ROL-1948 getRealPath() null not handled Unassigned Jürgen Weber Major 25/Aug/14 Task ROL-2039 Rename webpage and roller_templatecode tables Glen Mazza Glen Mazza Major 25/Aug/14 Improvement ROL-2041 gaurav theme -- render full blog entries on main blog page if no summary given Gaurav Saini Glen Mazza Major 25/Aug/14 Improvement ROL-1999 Switch from Referrers to storing tracking codes (e.g., Google Analytics) Unassigned Glen Mazza Major 25/Aug/14 Bug ROL-1980 When deleting categories, Roller allows you to move its entries to invisible "root" category. Glen Mazza Glen Mazza Major 25/Aug/14 Bug ROL-1981 Allow user to specify order of blog categories Glen Mazza Glen Mazza Major 25/Aug/14 Task ROL-1979 Remove subcategory functionality from Roller 5.1 Glen Mazza Glen Mazza Major 25/Aug/14 Bug ROL-1554 Listing Box "Invite a new user to join..." does not have a horizontal scrolling bar Glen Mazza Davis Nguyen Major 25/Aug/14 Improvement ROL-2038 Add dualTheme element to themes.xml descriptor Glen Mazza Glen Mazza Blocker 25/Aug/14 Improvement ROL-1938 Switch to mobile template only in standard template's index page Unassigned Tiger Gui Major 25/Aug/14 Improvement ROL-1937 Standard and Mobile template switch improvement patch Unassigned Tiger Gui Major 25/Aug/14 New Feature ROL-1934 LDAP Comment Authenticator Dave Johnson (Inactive) Nick Padilla Major 25/Jan/12 25/Aug/14 Task ROL-1977 Remove unused properties from ApplicationResources.properties Glen Mazza Anil Gangolli Minor 25/Aug/14 Improvement ROL-1881 Add delete blog entry option to entries page Unassigned Nicolas Muller Major 25/Aug/14 Bug ROL-1571 missing graphic alt text Unassigned mike duigou Major 25/Aug/14 Bug ROL-1928 Missing 500-to-510-migration.vm file in Roller Mobile branch David Johnson David Johnson Major 25/Aug/14 Task ROL-2043 Switch from YUI3 to JQuery UI for autocomplete, tabs, dialogs Glen Mazza Glen Mazza Major 25/Aug/14 Task ROL-2022 Add Categories, demote tags from gaurav theme Gaurav Saini Glen Mazza Major 25/Aug/14 Task ROL-2008 In "switch to (media) folder" drop-down, don't list the current folder the user is in. Greg Huber Glen Mazza Major 25/Aug/14 Bug ROL-1273 resource item error Glen Mazza Jian Liu Major 25/Aug/14 Task ROL-1434 lots of UI messaging needs to be converted to i18n keys in resource bundles Glen Mazza Allen Gilliland Major 25/Aug/14 Bug ROL-2044 Member management page allows user to remove himself from blog. Glen Mazza Glen Mazza Major 25/Aug/14 Bug ROL-1966 Search highlight problem Glen Mazza Maciej Rumianowski Major 25/Aug/14 Bug ROL-1957 Unable to find RSD template Unassigned Harsh Gupta Major 25/Aug/14 Bug ROL-1792 Hit count increments with <link rel="stylesheet" type="text/css" media="all" href="$model.weblog.stylesheet"> Greg Huber Greg Huber Trivial 25/Aug/14 Bug ROL-1716 a bug found when call getPopularTags with the limit=-1 (v4 m1) Unassigned guoweizhan Major 25/Aug/14 Bug ROL-1414 Email scrambler not detecting hyphens in email addresses Allen Gilliland linda skrocki Major 25/Aug/14 Improvement ROL-1649 Korean translation resource file Unassigned Woonsan Ko Minor 25/Aug/14 Bug ROL-1930 Saving Template causes Null Pointer Exception David Johnson David Johnson Blocker 25/Aug/14 Task ROL-1983 Only expose AJAX User List Servlet to admin users Glen Mazza Glen Mazza Major 25/Aug/14 Task ROL-1986 Stop sending re-confirmation email after blogger approves comment. Greg Huber Glen Mazza Minor 25/Aug/14 Improvement ROL-1978 Switch to more SEO-friendly hyphens instead of underscores to separate blog titles Glen Mazza Glen Mazza Minor 25/Aug/14 Bug ROL-1616 Input fields not emptied after creating a new user Unassigned Ronald Iwema Minor 25/Aug/14 Bug ROL-1638 Problem with themes on case sensitive file systems Unassigned German Eichberger Major 25/Aug/14 New Feature ROL-1021 Referrer queue warning / filling up in logs. unclosed sessions. Unassigned Rob Wilson Major 25/Aug/14 Bug ROL-1927 Roller 5 MSSQL Issues/Fixes David Johnson Nick Padilla Major 25/Aug/14 Improvement ROL-2034 Hide Profile Password fields with SSO Glen Mazza Jürgen Weber Major 25/Aug/14 Bug ROL-1794 file uploads with spaces in their names are 404ing (incorrect URL escaping?) Greg Huber Dick Davies Major 25/Aug/14 Improvement ROL-1370 Support of email notifications preference for blog commentors Unassigned linda skrocki Major 25/Aug/14 Bug ROL-1346 Weblog Calendar incorrectly assuming Sunday is first day of week for every locale. Unassigned Vahid Zaboli Major 25/Aug/14 Test ROL-2033 Test Roller 5.1 with a weblog client David Johnson David Johnson Major 25/Aug/14 Task ROL-2010 Update User's Guide with new app screen shots Glen Mazza Glen Mazza Major 25/Aug/14 Bug ROL-2002 https:// URLs not being processed correctly in the comment URL field Greg Huber Glen Mazza Major 25/Aug/14 Task ROL-1994 Switch to Apache Commons Collections 4.0 Unassigned Glen Mazza Minor 25/Aug/14 Bug ROL-1870 Duplicate bookmarks not showing Unassigned Greg Huber Major 25/Aug/14 Bug ROL-1925 Patch for the bug of OpenID only authentication Glen Mazza Shutra Major 25/Aug/14 Improvement ROL-929 Resign | "Are you sure?" Confirmation Glen Mazza Greg Hamer Minor 25/Aug/14 Improvement ROL-2015 Add a description element to theme descriptor file (theme.xml) Greg Huber Glen Mazza Major 25/Aug/14 Task ROL-1997 Switch WeblogEntry's pub status fields (DRAFT, PUBLISHED, PENDING, SCHEDULED) to an enum type Unassigned Glen Mazza Minor 25/Aug/14 Task ROL-1995 Switch to JPA Typed Queries Glen Mazza Glen Mazza Major 25/Aug/14 Task ROL-1984 ./app/src/test/resources/WEB-INF/security.xml needs updating to Spring & Spring Security 3.x namespaces Unassigned Glen Mazza Major 25/Aug/14 Bug ROL-1738 Charset of E-Mail Subject Needs to be configurable Unassigned SATO Naoki Major 25/Aug/14 Bug ROL-1715 SiteModel's getWeblogsByLetterPager not documented correctly Glen Mazza David Johnson Minor 25/Aug/14 Task ROL-2028 Separate the Basic Theme into Basic and Basic Mobile Themes David Johnson Glen Mazza Major 25/Aug/14 Bug ROL-2018 "Notify me of new comments" not working on trunk. Glen Mazza Glen Mazza Major 25/Aug/14 Task ROL-2000 Change current rol_ prefix for two newest tables Unassigned Glen Mazza Minor 25/Aug/14 Bug ROL-1992 Blogroll OPML import page raising 500 Security Error Unassigned Glen Mazza Major 25/Aug/14 Task ROL-1991 Switch publish date pop-up calendar to one with year entry option Unassigned Glen Mazza Minor 25/Aug/14 Improvement ROL-1907 Inefficient use of key set iterator. Unassigned Shelan Perera Minor 25/Aug/14 Bug ROL-2032 Test Roller 5.1 with blogs.apache.org database & themes David Johnson David Johnson Major 25/Aug/14 Bug ROL-2007 Changing values in Media File Editor frequently results in permissions error. Greg Huber Glen Mazza Major 25/Aug/14 Bug ROL-1988 Category search not working if space exists in category Glen Mazza Glen Mazza Major 25/Aug/14 Bug ROL-1952 Roller 5.0.1 does not work with PostgreSQL 9.1 Unassigned Matthias Wimmer Major 25/Aug/14 Bug ROL-1746 Uploaded file names are lower-cased with AtomPub. Greg Huber Tatsuya Noyori Major 25/Aug/14 Bug ROL-1596 Frontpage theme lose record! Glen Mazza xiaojf Major 25/Aug/14 Improvement ROL-1430 French Translation (based on version 4.0 files) Unassigned Denis Balazuc Minor 25/Aug/14 Improvement ROL-1965 Searching with locale on Multi Language blog Glen Mazza Maciej Rumianowski Major 25/Aug/14 Bug ROL-2016 roller-startup.log not created on startup Greg Huber Greg Huber Minor 25/Aug/14 Bug ROL-2009 Custom template theme folder creation isn't working Unassigned Glen Mazza Major 25/Aug/14 Improvement ROL-1947 Provide a blog entry-level description field that can go into HTML header field Dave Johnson (Inactive) Glen Mazza Major 25/Aug/14 Bug ROL-1956 ValidateSaltFilter not working on file upload Greg Huber Matthias Wimmer Major 25/Aug/14 Bug ROL-1954 user weblogs cannot be managed when admin logs in and select any user via Server Aministration and clicks on eit Unassigned Harsh Gupta Major 25/Aug/14 Bug ROL-1795 Posting comments with SchemeEnforcementFilter in operation. Greg Huber Greg Huber Minor 25/Aug/14 Task ROL-2030 Replace Xinha editor with something more recent Unassigned Glen Mazza Minor 25/Aug/14 Task ROL-1968 Upgrade Spring Security from 2.0.7 to 3.1.4 Unassigned Glen Mazza Major 25/Aug/14 Improvement ROL-1964 SearchServlet does not preserve locale Unassigned Maciej Rumianowski Minor 25/Aug/14 Task ROL-2005 Switch to top-level folders only for Media Files Unassigned Glen Mazza Major 25/Aug/14 Bug ROL-1739 Missing constraint on weblogentrytagagg table Glen Mazza David Johnson Major 25/Aug/14 Bug ROL-1778 Blog entry preview before first publish not working with Derby database Glen Mazza José Arthur Benetasso Villanova Major 25/Aug/14
2015-05-19Update to Tomcat 6.0.44spz3-9/+9
Upstream changelog: Catalina ++++++++ fix Correct typo in the message shown by HttpServlet for unexpected HTTP method. (kkolinko) add Allow to configure RemoteAddrValve and RemoteHostValve to adopt behavior depending on the connector port. Implemented by optionally adding the connector port to the string compared with the patterns allow and deny. Configured using addConnectorPort attribute on valve. (rjung) fix 56608: Fix IllegalStateException for JavaScript files when switching from Writer to OutputStream. The special handling of this case in the DefaultServlet was broken due to a MIME type change for JavaScript. (markt) fix 57675: Correctly quote strings when using the extended access log. (markt) Coyote ++++++ fix 57234: Make SSL protocol filtering to remove insecure protocols case insensitive. Correct spelling of filterInsecureProtocols method. (kkolinko/schultz) fix When applying the maxSwallowSize limit to a connection read that many bytes first before closing the connection to give the client a chance to read the response. (markt) fix 57544: Fix a potential infinite loop when preparing a kept alive HTTP connection for the next request. (markt) add 57570: Make the processing of chunked encoding trailing headers optional and disabled by default. (markt) fix 57581: Change statistics byte counter in coyote Request object to be long to allow values above 2Gb. (kkolinko) update Update the minimum recommended version of the Tomcat Native library (if used) to 1.1.33. (markt) Jasper ++++++ fix Fix potential issue with BeanELResolver when running under a security manager. Some classes may not be accessible but may have accessible interfaces. (markt) fix Simplify code in ProtectedFunctionMapper class of Jasper runtime. (kkolinko) fix 57801: Improve the error message in the start script in case the PID read from the PID file is already owned by a process. (rjung) Web applications ++++++++++++++++ fix Update documentation for CGI servlet. Recommend to copy the servlet declaration into web application instead of enabling it globally. Correct documentation for cgiPathPrefix. (kkolinko) update Improve Tomcat Manager documentation. Rearrange, add section on HTML GUI, document /expire command and Server Status page. (kkolinko) add 54143: Add display of the memory pools usage (including PermGen) to the Status page of the Manager web application. (kkolinko) fix Fix several issues with status.xsd schema in Manager web application, testing it against actual output of StatusTransformer class. (kkolinko) update Align algorithm that generates anchor names in Tomcat documentation with Tomcat 7/8/9. No visible changes, but may help with future updates to the documentation. (kkolinko) fix 56058: Add links to the AccessLogValve documentation for configuring reverse proxies and/or Tomcat to ensure that the desired information is used entered in the access log when Tomcat is running behind a reverse proxy. (markt) fix 57503: Make clear that the JULI integration for log4j only works with log4j 1.2.x. (markt) update 57644: Update examples to use Apache Standard Taglib 1.2.5. (jboynes/kkolinko) fix 57706: Clarify the documentation for the AJP connector to make clearer that when using tomcatAuthentication="false" the user provided by the reverse proxy will not be associated with any roles. (markt) fix Correct the documentation for deployOnStartup to make clear that if a WAR file is updated while Tomcat is stopped and unpackWARs is true, Tomcat will not detect the changed WAR file when it starts and will not replace the unpacked WAR file with the contents of the updated WAR. (markt) add 57759: Add information to the keyAlias documentation to make it clear that the order keys are read from the keystore is implementation dependent. (markt) fix 57864: Update the documentation web application to make it clearer that hex values are not valid for cluster send options. Based on a patch by Kyohei Nakamura. (markt) Other +++++ add 57344: Provide sha1 checksum files for Tomcat downloads. (kkolinko) fix 57558: Change catalina-tasks.xml to use all jars in ${catalina.home}/lib to define Tomcat Ant tasks. This fixes a NoClassDefFoundError with validate task. (kkolinko) update Update to Tomcat Native Library version 1.1.33 to pick up the Windows binaries that are based on OpenSSL 1.0.1m and APR 1.5.1. (markt)
2015-05-19Fix build with Ruby 2.2.ryoon2-1/+31
2015-05-17Add Ruby 2.2 to RUBY_VERSION_SUPPORTEDsevan1-2/+2
2015-05-17Update 6.08 to 6.11mef2-6/+6
------------------- 6.11 2015-05-16 - Deprecated build_body and build_headers methods in Mojo::Content. - Added headers_contain method to Mojo::Content. - Updated jQuery to version 2.1.4. - Fixed indentation of ASCII art in documentation browser. (jberger) - Fixed bug where inline was not considered a reserved stash value. 6.10 2015-04-26 - Removed support for user/group switching, because it never worked correctly, which means that this security feature has become an attack vector itself. If you depend on this functionality, you can now use the CPAN module Mojolicious::Plugin::SetUserGroup instead. - Removed group and user attributes from Mojo::Server. - Removed setuidgid method from Mojo::Server. - Removed group and user settings from Hypnotoad. - Removed -g/--group and -u/--user options from daemon and prefork commands. - Added next_tick method to Mojo::Reactor::Poll. - Improved next_tick callbacks to run in the same order in which they were registered. 6.09 2015-04-25 - Improved HTML Living Standard compliance of Mojo::Parameters. (riche, sri) - Fixed bug in Mojolicious::Types where the json MIME type did not specify a charset. (kaktus)
2015-05-16sqlite3>=3.8.9 is also required.tsutsui1-2/+2
2015-05-16Reset PKGREVISION along with php{54,55,56} update.taca1-2/+1
2015-05-16Fix PR pkg/49905.ryoon1-2/+2
* Update nss requirement.
2015-05-15Update to 2.9wen2-6/+6
Upstream changes is too long, please visit: https://docs.moodle.org/dev/Moodle_2.9_release_notes
2015-05-15Update to 38.0.1ryoon2-270/+270
* Sync with firefox-38.0.1.
2015-05-15Update to 38.0.1ryoon2-7/+6
Changelog: Fixed Systems with first generation NVidia Optimus graphics cards may crash on start-up Fixed Users who import cookies from Google Chrome can end up with broken websites Fixed WebRTC H264 video streams from CiscoSpark native clients are not decoded correctly. (Fixed in Firefox ESR 38.0.1; was already fixed in Firefox 38.0) Fixed Large animated images may fail to play and may stop other images from loading
2015-05-14Update distinfo for patch-media_libcubeb_src_cubeb__alsa.c.bad1-2/+2
2015-05-14Make ALSA support build again. Handle EBADFD only if it is #defined.bad1-34/+36
2015-05-14GCC 4.6 doesn't cut the mustard anymore. Require 4.8 as that is the bestbad3-5/+6
supported version on NetBSD. PKGREVISION++
2015-05-14(pkgsrc note)mef2-7/+6
- Nothing changed, but just a note. 'make test' fails at t/12-html_fragment_ok.t. It is because the randomness of error output, saying either <head><title><html> is missing (if neither of them exists). (To see, try 'make test' several times). (upstream) - update 2.20 to 2.22 ------------------- 2.22 Mon Apr 6 15:47:11 CDT 2015 [CHANGES THAT COULD BREAK YOUR CODE] Previously, html_ok() would not check the entire structure of a web page to check for <html>, <head>, <title> and <body> tags. Now it will. If you want to check fragments of HTML for validity but know that they are not valid HTML documents on their own, use the new html_fragment_ok(). [ENHANCEMENTS] Added new error, elem-input-alt-missing, that warns of <input type="image"> tags that are missing an alt="" attribute. This helps for accessability to make sure that any images have alternate text for screen readers. Added ability to modify HTML::Lint's table of known tags and attributes, so you could do this: # Add an attribute that your company uses. HTML::Lint::HTML4::add_attribute( 'body', 'proprietary-attribute' ); # Add the HTML 5 <canvas> tag. HTML::Lint::HTML4::add_tag( 'canvas' ); HTML::Lint::HTML4::add_attribute( 'canvas', $_ ) for qw( height width ); [FIXES] Test::HTML::Lint::html_ok() would not call the HTML::Lint eof() method, which meant it wouldn't do document-wide tests.
2015-05-13Uodate to 8.0.22ryoon3-8/+7
Changelog: Change the format of the Tomcat specific URLs for resources inside JARs that are in turn packed in a WAR. The ^/ sequence has been replaced by */ so that the resulting URLs are compliant with RFC 2396 and do not trigger exceptions when converted to URIs. The old format will continue to be accepted. Allow logging of the remote port in the access log using the format pattern %{remote}p. When checking last modified times as part of the automatic deployment process, account for the fact that File.lastModified() has a resolution of one second to ensure that if a file has been modified within the last second, the latest version of the file is always used. Note that a side-effect of this change is that files with modification times in the future are treated as if they are unmodified. Align redeploy resource modification checking with reload modification checking so that now, in both cases, a change in modification time rather than an increase in modification time is used to determine if the resource has changed. Note: There is a known issue with NIO2 and SSL/TLS in this and previous releases that can result in dropped connections. It is not recommended that NIO2 is used in production with SSL/TLS until this issue is resolved (the fix is expected in 8.0.23).
2015-05-12Update to 38.0ryoon3-363/+627
* Sync with firefox-38.0.
2015-05-12Update to 38.0ryoon43-821/+853
Changelog: New New tab-based preferences New Ruby annotation support New Base for the next ESR release. Changed autocomplete=off is no longer supported for username/password fields Changed URL parser avoids doing percent encoding when setting the Fragment part of the URL, and percent decoding when getting the Fragment in line with the URL spec Changed RegExp.prototype.source now returns "(?:)" instead of the empty string for empty regular expressions Changed Improved page load times via speculative connection warmup HTML5 WebSocket now available in Web Workers HTML5 BroadcastChannel API implemented HTML5 Implemented srcset attribute and <picture> element for responsive images HTML5 Implemented DOM3 Events KeyboardEvent.code HTML5 Mac OS X: Implemented a subset of the Media Source Extensions (MSE) API to allow native HTML5 playback on YouTube HTML5 Implemented Encrypted Media Extensions (EME) API to support encrypted HTML5 video/audio playback (Windows Vista or later only) HTML5 Automatically download Adobe Primetime Content Decryption Module (CDM) for DRM playback through EME (Windows Vista or later only) Developer Optimized-out variables are now visible in Debugger UI Developer XMLHttpRequest logs in the web console are now visually labelled and can be filtered separately from regular network requests Developer WebRTC now has multistream and renegotiation support Developer copy command added to console Fixed Various security fixes Fixed in Firefox 38 2015-58 Mozilla Windows updater can be run outside of application directory 2015-57 Privilege escalation through IPC channel messages 2015-56 Untrusted site hosting trusted page can intercept webchannel responses 2015-55 Buffer overflow and out-of-bounds read while parsing MP4 video metadata 2015-54 Buffer overflow when parsing compressed XML 2015-53 Use-after-free due to Media Decoder Thread creation during shutdown 2015-52 Sensitive URL encoded information written to Android logcat 2015-51 Use-after-free during text processing with vertical text enabled 2015-50 Out-of-bounds read and write in asm.js validation 2015-49 Referrer policy ignored when links opened by middle-click and context menu 2015-48 Buffer overflow with SVG content and CSS 2015-47 Buffer overflow parsing H.264 video with Linux Gstreamer 2015-46 Miscellaneous memory safety hazards (rv:38.0 / rv:31.7)
2015-05-11Security and maintenance update to version 4.2.2.morr3-10/+7
WordPress 4.2.2 fixes a cross-site scripting vulnerability contained in an HTML file shipped with recent Genericons packages included in the Twenty Fifteen theme as well as a number of popular plugins by removing the file. Version 4.2.2 also improves on a fix for a critical cross-site scripting vulnerability introduced in 4.2.1. The release also includes hardening for a potential cross-site scripting vulnerability when using the Visual editor. In addition to the security fixes, WordPress 4.2.2 contains fixes for 13 bugs from 4.2.1, including: o Fixes an emoji loading error in IE9 and IE10 o Fixes a keyboard shortcut for saving from the Visual editor on Mac o Fixes oEmbed for YouTube URLs to always expect https o Fixes how WordPress checks for encoding when sending strings to MySQL o Fixes a bug with allowing queries to reference tables in the dbname.tablename format o Lowers memory usage for a regex checking for UTF-8 encoding o Fixes an issue with trying to change the wrong index in the wp_signups table on utf8mb4 conversion o Improves performance of loop detection in _get_term_children() o Fixes a bug where attachment URLs were incorrectly being forced to use https in some contexts o Fixes a bug where creating a temporary file could end up in an endless loop.
2015-05-10Update 3.0501 to 3.09 (Changes from 3.06 to 3.09 is not known)mef2-8/+9
--------------------- VERSION 3.06 Maintenance release with a couple new features: support for "charset: utf8" in "Source::File", add_before_option/add_after_option c/o Victor Porton, and support for HTML5 type names c/o Wolfgang Radke.
2015-05-10(pkgsrc)mef2-7/+8
- Adjust following depends for 'make test' Convert DEPENDS to BUILD_DEPENDS, p5-CPAN-Changes Add BUILD_DEPENDS p5-Test-Deep-[0-9]* (upstream) - Update 2.07 to 2.09 ------------------- 2.09 2015-03-08 [DOCUMENTATION] - Clarify order of use statements when using both CGI and CGI::Fast - Replace indirect object notation with ->new [TESTING] - Tests for CGI imports and load order
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-04 06:18:52 +0000