| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
2.15 Thu May 25 09:42:59 EDT 2017
- documentation fixes
2.14 Thu May 25 09:03:05 EDT 2017
- purge trees on re-parse when in tree mode
|
|
2.97 Thu May 18 2017
- Change internal module name HTML::Template::DEFAULT to
HTML::Template::DEF to avoid conflict with
HTML::Template::Default. [Sam Tregar]
2.96 Thu May 18 2017
- Fixed typos in documentation [David Steinbrunner, Steve Kemp]
- Added CGI.pm as a dependency, needed now that it's no longer in core.
[Martin McGrath, Steve Bertrand]
|
|
pkgsrc change:
* Now support php71 using security/php-pecl-mcrypt package.
5.7.5.7 April 28th, 2016
New Features
* Nice column view for thumbnail image browsing (Thanks MrKarlDilkington)
* Added Max Width as an option to the Image Slider block (thanks cryophallion)
* Added configuration option concrete.misc.require_version_comments (defaulted
off) to enable the requiring of version comments (thanks mlocati)
Other improvements and bug fixes are too many to write here, please refer release note: https://documentation.concrete5.org/developers/background/version-history/5757-release-notes.
5.7.5.8 May 23, 2016
* German, Japanese and Russian languages are now included
* Image Slider Bug Fixes
* Using blank alt tags in Image Slider, Image and Content blocks if no alt is
provided, rather than the HtmlObject default ¡È#¡É ones.
5.7.5.9 July 25, 2016
New Features
* Rescan files through the file manager now scans 5 at a time, works through
the queue.
* Added option to ignore page permissions to the Page List block
* Dutch language is now included (Thank you Ramonleenders)
Other improvements and bug fixes are too many to write here, please refer release note: https://documentation.concrete5.org/developers/background/version-history/5759-release-notes.
5.7.5.10 December 1, 2016
* Minor bug fixes
* Fixed insecure use of non-random str_shuffle when creating user tokens
* Improvements to update process for version 8.
5.7.5.11 December 7, 2016
Bug Fixes
* Works again properly on PHP 5.3.
* Fixed bug that made upgrading impossible on PHP < 5.5.9.
* Fixed page not found error when clicking on a topic list to filter the page
list in the blog.
* Controller bug fixes and security updates.
5.7.5.12
Bug Fixes
* Fixed bug with Environment Information not working on PHP below 5.4.
5.7.5.13 December 16, 2016
Bug Fixes
* Once again, Environment Information is now available in the Dashboard.
|
|
libnghttp2
Previously, if libnghttp2 received an invalid header field, it is just ignored, and is treated like it was never happened. This release changes this behaviour, and now libnghttp2 treats an incoming invalid header field as error, and resets the stream with PROTOCOL_ERROR.
nghttp2_on_invalid_frame_callback is now called if validation of altsvc header field fails.
nghttpx
nghttpx now verifies that OCSP response received from a program specified by --fetch-ocsp-response-file. The validation can be turned off by using --no-verify-ocsp option. In this validation, it makes sure that the OCSP response is targeted to the expected certificate. This is important because we pass the file path to the external program (see --fetch-ocsp-response-file), and if the file is replaced because of renewal, and nghttpx has not reloaded its configuration, the certificate nghttpx has loaded and the one included in the file differ. Verifying the OCSP response detects this, and avoids to send wrong OCSP response.
|
|
|
|
4.3.10
* Several bug fixes, especially it fixed a problem of generating
language cache.
|
|
* Tested with PHP 7.1.5
Changelog:
Not available (yet?)
|
|
* Removed deprecated templatetag inclusion
* Added support for Python-3.6
* Added support for MS-SQL
|
|
|
|
mod_auth_mellon is a authentication module for Apache. It authenticates
the user against a SAML 2.0 IdP, and grants access to directories
depending on attributes received from the IdP.
|
|
|
|
Django-filter is a reusable Django application allowing users to
declaratively add dynamic QuerySet filtering from URL parameters.
|
|
* Sync with firefox-53.0.3
|
|
Changelog:
Fixed
Fix excessive resource usage from the captive portal detection service (bug 1359697)
FIx hangs when using a proxy with NTLM authentication (bug 1360574)
Changed
Bump preloaded security information expiration times (bug 1364240)
|
|
Changelog:
Tomcat 8.5.15 (markt)
General
Add: Allow to exclude JUnit test classes using the build property test.exclude and document the property in BUILDING.txt. (rjung)
Catalina
Fix: Review those places where Tomcat re-encodes a URI or URI component and ensure that that correct encoding (path differs from query string) is applied and that the encoding is applied consistently. (markt)
Fix: Avoid a NullPointerException when reading attributes for a initialised HTTP connector where TLS is enabled. (markt)
Fix: Always quote the hostName of an SSLHostConfig element when using it as part of the JMX object name to avoid errors that prevent the associated TLS connector from starting if a wild card hostName is configured (because * is a reserved character for JMX object names). (markt)
Code: Start to switch to using Charset rather than String to store encoding configuration settings to reduce the number of places the associated Charset needs to be looked up. (markt)
Fix: Use a more reliable mechanism for the DefaultServlet when determining if the current request is for custom error page or not. (markt)
Fix: Ensure that when the Default or WebDAV servlets process an error dispatch that the error resource is processed via the doGet() method irrespective of the method used for the original request that triggered the error. (markt)
Fix: If a static custom error page is specified that does not exist or cannot be read, ensure that the intended error status is returned rather than a 404 or 403. (markt)
Fix: When the WebDAV servlet is configured and an error dispatch is made to a custom error page located below WEB-INF, ensure that the target error page is displayed rather than a 404 response. (markt)
Add: 61047: Add MIME mapping for woff2 fonts in the default web.xml. Patch provided by Justin Williamson. (violetagg)
Fix: Correct the logic that selects the encoding to use to decode the query string in the SSIServletExternalResolver so that the useBodyEncodingForURI attribute of the Connector is correctly taken into account. (markt)
Fix: Within the Expires filter, make the content type value specified with the ExpiresByType parameter, case insensitive. (markt)
Coyote
Fix: When a TrustManager is configured that does not support certificateVerificationDepth only log a warning about that lack of support when certificateVerificationDepth has been explicitly set. (markt)
Fix: 60970: Extend the fix for large headers to push requests. (markt)
Fix: Do not include a Date header in HTTP/2 responses with status codes less than 200. (markt)
Jasper
Fix: When no BOM is present and an encoding is detected, do not skip the bytes used to detect the encoding since they are not part of a BOM. (markt)
Update: 61057: Update to Eclipse JDT Compiler 4.6.3. (violetagg)
Fix: 61065: Ensure that once the class is resolved by javax.el.ImportHandler#resolveClass it will be cached with the proper name. (violetagg)
WebSocket
Fix: 61003: Ensure the flags for reading/writing in o.a.t.websocket.AsyncChannelWrapperSecure are correctly reset even if some exceptions occurred during processing. (markt/violetagg)
Web Applications
Add: Add documents for maxIdleTime attribute to Channel Receiver docs. (kfujino)
Other
Add: Modify the Ant build script used to publish to a Maven repository so that it no longer requires artifacts to be GPG signed. This is make it possible for the CI system to upload snapshot builds to the ASF Maven repository. (markt)
Code: Review i18n property files, remove unnecessary escaping and consistently use [...] to delimit inserted values. (markt)
release in progress Tomcat 8.5.14 (markt)
Catalina
Fix: 59825: Log a message that lists the components in the processing chain that do not support async processing when a call to ServletRequest.startAsync() fails. (markt)
Fix: 60926: Ensure o.a.c.core.ApplicationContextFacade#setSessionTimeout will invoke the correct method when running Tomcat with security manager. (markt)
Update: Update the early access Servlet 4.0 API implementation to reflect the change in method name from getPushBuilder() to newPushBuilder(). (markt)
Fix: Correct a regression in the X to comma refactoring that broke JMX operations that take parameters. (markt)
Fix: Avoid a NullPointerException when reading attributes for a running HTTP connector where TLS is not enabled. (markt)
Fix: 60940: Improve the handling of the META-INF/ and META-INF/MANIFEST.MF entries for Jar files located in /WEB-INF/lib when running a web application from a packed WAR file. (markt)
Fix: Pre-load the ExceptionUtils class. Since the class is used extensively in error handling, it is prudent to pre-load it to avoid any failure to load this class masking the true problem during error handling. (markt)
Fix: Avoid potential NullPointerExceptions related to access logging during shutdown, some of which have been observed when running the unit tests. (markt)
Fix: When there is no javax.servlet.WriteListener registered then a call to javax.servlet.ServletOutputStream#isReady will return false instead of throwing IllegalStateException. (violetagg)
Fix: When there is no javax.servlet.ReadListener registered then a call to javax.servlet.ServletInputStream#isReady will return false instead of throwing IllegalStateException. (violetagg)
Coyote
Fix: Align cipher configuration parsing with current OpenSSL master. (markt)
Fix: 60970: Fix infinite loop if application tries to write a large header to the response when using HTTP/2. (markt)
Jasper
Fix: 60925: Improve the handling of access to properties defined by interfaces when a BeanELResolver is used under a SecurityManager. (markt)
jdbc-pool
Code: Refactor the creating a constructor for a proxy class to reduce duplicate code. (kfujino)
Fix: In StatementFacade, the method call on the statements that have been closed throw SQLException rather than NullPointerException. (kfujino)
Other
Fix: Correct comments about Java 8 in Jre8Compat. Patch provided by fibbers via Github. (violetagg)
Fix: 60932: Correctly escape single quotes when used in i18n messages. Based on a patch by Michael Osipov. (markt)
Fix: Update the custom Ant task that integrates with the Symantec code signing service to use the now mandatory 2-factor authentication. (markt)
|
|
Changelog:
Tomcat 8.0.44 (violetagg)
General
Add: Allow to exclude JUnit test classes using the build property test.exclude and document the property in BUILDING.txt. (rjung)
Catalina
Fix: 60940: Improve the handling of the META-INF/ and META-INF/MANIFEST.MF entries for Jar files located in /WEB-INF/lib when running a web application from a packed WAR file. (markt)
Fix: Pre-load the ExceptionUtils class. Since the class is used extensively in error handling, it is prudent to pre-load it to avoid any failure to load this class masking the true problem during error handling. (markt)
Fix: Review those places where Tomcat re-encodes a URI or URI component and ensure that that correct encoding (path differs from query string) is applied and that the encoding is applied consistently. (markt)
Fix: Use a more reliable mechanism for the DefaultServlet when determining if the current request is for custom error page or not. (markt)
Fix: Ensure that when the Default or WebDAV servlets process an error dispatch that the error resource is processed via the doGet() method irrespective of the method used for the original request that triggered the error. (markt)
Fix: If a static custom error page is specified that does not exist or cannot be read, ensure that the intended error status is returned rather than a 404 or 403. (markt)
Fix: When the WebDAV servlet is configured and an error dispatch is made to a custom error page located below WEB-INF, ensure that the target error page is displayed rather than a 404 response. (markt)
Add: 61047: Add MIME mapping for woff2 fonts in the default web.xml. Patch provided by Justin Williamson. (violetagg)
Fix: Correct the logic that selects the encoding to use to decode the query string in the SSIServletExternalResolver so that the useBodyEncodingForURI attribute of the Connector is correctly taken into account. (markt)
Fix: 61072: Respect the documentation statements that allow using the platform default secure random for session id generation. (remm)
Fix: Correct the javadoc for o.a.c.connector.CoyoteAdapter#parseSessionCookiesId. Patch provided by John Andrew (XUZHOUWANG) via Github. (violetagg)
Jasper
Fix: 60925: Improve the handling of access to properties defined by interfaces when a BeanELResolver is used under a SecurityManager. (markt)
Update: 61057: Update to Eclipse JDT Compiler 4.6.3. (violetagg)
Fix: 61065: Ensure that once the class is resolved by javax.el.ImportHandler#resolveClass it will be cached with the proper name. (violetagg)
WebSocket
Fix: 61003: Ensure the flags for reading/writing in o.a.t.websocket.AsyncChannelWrapperSecure are correctly reset even if some exceptions occurred during processing. (markt/violetagg)
Web applications
Add: Document test.threads option in BUILDING.txt. (kkolinko, rjung)
Add: Add documents for maxIdleTime attribute to Channel Receiver docs. (kfujino)
jdbc-pool
Code: Refactor the creating a constructor for a proxy class to reduce duplicate code. (kfujino)
Fix: In StatementFacade, the method call on the statements that have been closed throw SQLException rather than NullPointerException. (kfujino)
Other
Fix: Correct comments about Java 8 in Jre8Compat. Patch provided by fibbers via Github. (violetagg)
Fix: 60932: Correctly escape single quotes when used in i18n messages. Based on a patch by Michael Osipov. (markt)
Fix: Update the custom Ant task that integrates with the Symantec code signing service to use the now mandatory 2-factor authentication. (markt)
|
|
Changelog:
Tomcat 7.0.78 (violetagg)
General
add Allow to exclude JUnit test classes using the build property test.exclude and document the property in BUILDING.txt. (rjung)
Catalina
fix Review those places where Tomcat re-encodes a URI or URI component and ensure that that correct encoding (path differs from query string) is applied and that the encoding is applied consistently. (markt)
fix Use a more reliable mechanism for the DefaultServlet when determining if the current request is for custom error page or not. (markt)
fix Ensure that when the Default or WebDAV servlets process an error dispatch that the error resource is processed via the doGet() method irrespective of the method used for the original request that triggered the error. (markt)
fix If a static custom error page is specified that does not exist or cannot be read, ensure that the intended error status is returned rather than a 404. (markt)
fix When the WebDAV servlet is configured and an error dispatch is made to a custom error page located below WEB-INF, ensure that the target error page is displayed rather than a 404 response. (markt)
add 61047: Add MIME mapping for woff2 fonts in the default web.xml. Patch provided by Justin Williamson. (violetagg)
fix Correct the logic that selects the encoding to use to decode the query string in the SSIServletExternalResolver so that the useBodyEncodingForURI attribute of the Connector is correctly taken into account. (markt)
fix 61072: Respect the documentation statements that allow using the platform default secure random for session id generation. (remm)
fix Correct the javadoc for o.a.c.connector.CoyoteAdapter#parseSessionCookiesId. Patch provided by John Andrew (XUZHOUWANG) via Github. (violetagg)
Jasper
fix 60925: Improve the handling of access to properties defined by interfaces when a BeanELResolver is used under a SecurityManager. (markt)
WebSocket
fix 61003: Ensure the flags for reading/writing in o.a.t.websocket.AsyncChannelWrapperSecure are correctly reset even if some exceptions occurred during processing. (markt/violetagg)
Web applications
add Document the property test.excludePerformance in BUILDING.txt. (rjung)
add Add documents for maxIdleTime attribute to Channel Receiver docs. (kfujino)
jdbc-pool
code Refactor the creating a constructor for a proxy class to reduce duplicate code. (kfujino)
fix In StatementFacade, the method call on the statements that have been closed throw SQLException rather than NullPointerException. (kfujino)
Other
fix Correct comments about Java 8 in Jre8Compat. Patch provided by fibbers via Github. (violetagg)
fix 60932: Correctly escape single quotes when used in i18n messages. Based on a patch by Michael Osipov. (markt)
|
|
|
|
Maintenance release of the Drupal 7 series. Includes a variety of improvements and bug fixes (no major, non-backwards-compatible new functionality).
|
|
Upstream changes:
Major features
Highlights
MDL-55611 - New Course overview dashboard block featuring timeline of events
MDL-58220 - Make use of OAuth 2 services to allow users to authenticate with Google G-Suite or Microsoft Office accounts and manage files from associated drives
MDL-39913 - New Assignment setting for restricting submission file types
MDL-4782 - "Stealth mode" for resources/activities in a course - not displayed on the course page but available for students
MDL-40759 - New Font Awesome icon font for all icons in Moodle
For teachers
MDL-58138 - Activity completion settings for setting activity completion defaults and bulk editing of completion requirements
MDL-48771 - Quiz activity: Option to delete multiple questions
MDL-53814 - Quiz activity: Question type icons are displayed in the quiz manual grading overview
MDL-55459 - Assignment activity: Annotated PDF comments are collapsible
MDL-23919 - Database activity: The setting "Required entries" is now an activity completion condition
MDL-57769 - Topic and weeks course formats: After a course is created, sections can be added and removed only from the course page (it is no longer possible to have "orphaned" activities)
MDL-46929, MDL-57456, MDL-57457 - Forum posts, glossary entries and book chapters may be tagged
MDL-56251 - For courses in weekly format, a new course setting allows for the course end date to be calculated automatically
MDL-47354 - Allow the page size in the Single view report to be configurable
Backup and restore
MDL-34859 - Add site defaults for all restore settings, improve UI around "Overwrite course configuration" select
MDL-40838 - Allow to restore non-default enrollment methods without restoring users
MDL-57769 - When restoring/importing big courses in Weeks and Topics formats into small existing courses ajust the number of sections automatically
For administrators
Please read carefully: Possible issues that may affect you in Moodle 3.3
MDL-46375 - Support for storing files not on the local drive (there are no open-source solutions at the moment, developer's help is required to implement custom cloud storage)
MDL-55528, MDL-58280 - New document converter plugin type allows alternatives to unoconv, such as the Google Drive converter
MDL-55980 - Run individual scheduled tasks from web interface
MDL-57896 - CLI wrapper for get_config() and set_config() methods
MDL-57789 - Use Cache-Control: immutable when serving files
MDL-37765 - New capability to bypass access restrictions, separated from capability to view hidden activities
MDL-57913 - Convert external database authentication synchronisation to scheduled task
Plugins removal and deprecation
The repository Skydrive is deprecated; please migrate to the newer OneDrive repository
The Dashboard block Course overview is replaced with a new block Course overview which is a different plugin. If you want to use the old block, you need to download and install it from https://moodle.org/plugins/block_course_overview
Mobile app support
MDL-57410 - Allow admins to add new external links to pages in the main menu of the Mobile app
MDL-57408 - Add new settings for allowing renaming strings in the Mobile app
MDL-49423 - Add new settings for disabling Mobile app functionalities
MDL-57759 - Allow offline attempts via the Mobile app in the lesson module
MDL-57162 - Support Native App install banners for Android as well as iOS for the mobile app
Other improvements
MDL-33483 - Google Docs repository: Save Doc files in different formats to RTF
MDL-42266 - Improve the list of maximum file size options for file uploads
MDL-51853 - Calendar subscriptions from imported files should be editable
MDL-41729 - Add ability to change passwords for users using Shibboleth
MDL-57572, MDL-57570, MDL-57355 - Redis and static caches performance improvements if igbinary library is installed
MDL-56808 - SCORM module: Performance improvements when running SCORM 1.2 packages
MDL-57686 - Add support for PDO databases in external database authentication
MDL-57638 - RSS Block: RSS feeds are more heavily cached and correctly respect skip values
For developers
MDL-55528 - New plugin type 'fileconverter' for file conversions, unoconv is now a plugin that can be replaced with scalable commercial solutions (see File Converters)
MDL-40759 - Font Awesome icon font is used for all icons in Moodle (see Moodle icons)
MDL-46375 - Support for storing files not on the local drive is implemented by allowing to override functionality of file_storage and stored_file classes (see File System API)
MDL-12689 - Convert all authentication plugins to use settings.php (see upgrade.txt)
MDL-53978 - Add extra plugin callbacks for every major stage of page render (see commit)
MDL-58138 - Course modules may provide additional callbacks to participate in bulk editing of activities completion rules in a course
MDL-58220 - Better office integration
MDL-45584 - Multiple caches can be instantiated with the same definition but with different identifiers
MDL-57769 - Course formats: Attribute 'numsections' was removed from topics and weeks, other course formats may want to implement similar changes
MDL-55956 - Priority field for the calendar events allowing to specify the priority of overrides
MDL-58566 - New methods for retrieving calendar events
MDL-55941 - New element to select first name of first/last names is implemented in tablelib or can be used by developers elsewhere (template)
MDL-56519 - Lint behat .feature files
MDL-57273 - New classes (core\persistent, core\form\persistent, core\external\exporter, \core\external\persistent_exporter) used to represent a data-model and export that data in a standard format for webservices (previously was used in competencies) (see Persistent form, Persistent, Exporter)
MDL-57490 - Removed several legacy JS functions from javascript-static.js
MDL-57690 - mcore YUI rollup is no longer included on every single Moodle page (see [forum post])
|
|
but quite a few handy improvements nonetheless.
Scrapy now supports anonymous FTP sessions with customizable user and
password via the new :setting:`FTP_USER` and :setting:`FTP_PASSWORD` settings.
And if you're using Twisted version 17.1.0 or above, FTP is now available
with Python 3.
There's a new :meth:`response.follow <scrapy.http.TextResponse.follow>` method
for creating requests; **it is now a recommended way to create Requests
in Scrapy spiders**. This method makes it easier to write correct
spiders; ``response.follow`` has several advantages over creating
``scrapy.Request`` objects directly:
* it handles relative URLs;
* it works properly with non-ascii URLs on non-UTF8 pages;
* in addition to absolute and relative URLs it supports Selectors;
for ``<a>`` elements it can also extract their href values.
|
|
* Add :meth:`~parsel.selector.SelectorList.get` and :meth:`~parsel.selector.SelectorList.getall`
methods as aliases for :meth:`~parsel.selector.SelectorList.extract_first`
and :meth:`~parsel.selector.SelectorList.extract` respectively
* Add default value parameter to :meth:`~parsel.selector.SelectorList.re_first` method
* Add :meth:`~parsel.selector.Selector.re_first` method to :class:`parsel.selector.Selector` class
* Bug fix: detect ``None`` result from lxml parsing and fallback with an empty document
* Rearrange XML/HTML examples in the selectors usage docs
|
|
Tue May 2 18:37:53 CEST 2017
Update manual. -CG
Add MHD_CONNECTION_INFO_REQUEST_HEADER_SIZE.
Releasing GNU libmicrohttpd 0.9.54. -CG
Thu Apr 27 22:31:00 CEST 2017
Replaced flags MHD_USE_PEDANTIC_CHECKS and MHD_USE_PERMISSIVE_CHECKS by
single option MHD_OPTION_STRICT_FOR_CLIENT. Flag MHD_USE_PEDANTIC_CHECKS
is still supported. -EG
Tue Apr 26 15:11:00 CEST 2017
Fixed shift in HTTP reasons strings.
Added test for HTTP reasons strings. -EG
Tue Apr 25 19:11:00 CEST 2017
Allow flag MHD_USE_POLL with MHD_USE_THREAD_PER_CONNECTION and without
flag MHD_USE_INTERNAL_POLLING_THREAD for backward compatibility. -EG
Mon Apr 24 17:29:45 CEST 2017
Enforce RFC 7230's rule on no whitespace by default,
introduce new MHD_USE_PERMISSIVE_CHECKS to disable. -CG
Sun Apr 23 20:05:44 CEST 2017
Enforce RFC 7230's rule on no whitespace in HTTP header
field names if MHD_USE_PEDANTIC_CHECKS is set. -CG
Sun Apr 23 19:20:33 CEST 2017
Replace remaining occurences of sprintf() with
MHD_snprintf_(). Thanks to Ram for pointing this out. -CG
Sat Apr 22 20:39:00 MSK 2017
Fixed builds in Linux without epoll.
Check for invalid --with-thread= configure parameters.
Fixed support for old libgcrypt on W32 with W32 threads. -EG
|
|
6.15 2017-05-12 14:57:02+02:00 Europe/Paris
- Fix t/rt-112313.t (Shoichi Kaji)
|
|
0.52 2017-03-31
- Add . to lib in Makefile.PL to support perl 5.25.11
|
|
alsa is not supported upstream, and checks for failures by calling assert,
which means the default setup crashes whenever audio is played.
bump pkgrevision
|
|
Bug fixes.
|
|
- Unset USE_LANGUAGES list (no C compiler is needed).
- Bump PKGREVISION.
Discussed with <wiz>
|
|
This fixes audio and H.264 support. From ryoon@ originally, on 46.0nb1 at
the time.
"commit" maya@
|
|
This also reflects the current situation in www/firefox.
Bumps PKGREVISION.
|
|
|
|
|
|
|
|
A Python library for automating interaction with websites.
MechanicalSoup automatically stores and sends cookies, follows
redirects, and can follow links and submit forms. It doesn't do
Javascript.
|
|
|
|
Upstream changes:
MediaWiki 1.28.2
This is a security release of the MediaWiki 1.28 branch.
Due to a mistake in packaging, the releases 1.27.2 and 1.28.1 did not contain the fix for SyntaxHighlight_GeSHi. This new release does contain that fix.
|
|
Fixed SecureTransport issue that would cause long delays in response body delivery.
Fixed regression in 1.21 that threw exceptions when users passed the socket_options flag to the PoolManager.
Fixed regression in 1.21 that threw exceptions when users passed the assert_hostname or assert_fingerprint flag to the PoolManager.
|
|
* Sync with firefox45-45.9.0
|
|
Changelog:
Security fixes:
#CVE-2017-5433: Use-after-free in SMIL animation functions
#CVE-2017-5435: Use-after-free during transaction processing in the editor
#CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2
#CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS
#CVE-2017-5459: Buffer overflow in WebGL
#CVE-2017-5434: Use-after-free during focus handling
#CVE-2017-5432: Use-after-free in text input selection
#CVE-2017-5460: Use-after-free in frame selection
#CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing
#CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing
#CVE-2017-5440: Use-after-free in txExecutionState destructor during XSLT processing
#CVE-2017-5441: Use-after-free with selection during scroll events
#CVE-2017-5442: Use-after-free during style changes
#CVE-2017-5464: Memory corruption with accessibility and DOM manipulation
#CVE-2017-5443: Out-of-bounds write during BinHex decoding
#CVE-2017-5444: Buffer overflow while parsing application/http-index-format content
#CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data
#CVE-2017-5447: Out-of-bounds read during glyph processing
#CVE-2017-5465: Out-of-bounds read in ConvolvePixel
#CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor
#CVE-2016-10196: Vulnerabilities in Libevent library
#CVE-2017-5469: Potential Buffer overflow in flex-generated code
#CVE-2017-5445: Uninitialized values used while parsing application/http-index-format content
#CVE-2017-5462: DRBG flaw in NSS
#CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1
|
|
|
|
separated to a separate project. This is that project.
This framework can be used to attach comments to any model, so you can use it
for comments on blog entries, photos, book chapters, or anything else.
|
|
* Added the `Tag.get_attribute_list` method, which acts like `Tag.get` for
getting the value of an attribute, but which always returns a list,
whether or not the attribute is a multi-value attribute.
* It's now possible to use a tag's namespace prefix when searching,
e.g. soup.find('namespace:tag')
* Improved the handling of empty-element tags like <br> when using the
html.parser parser.
* HTML parsers treat all HTML4 and HTML5 empty element tags (aka void
element tags) correctly.
* Namespace prefix is preserved when an XML tag is copied. Thanks
to Vikas for a patch and test.
|
|
This is a maintenance release that fix one year of issues reported by users. There is also some additional features, configuration directives all listed here:
http://squidanalyzer.darold.net
|
|
Bug fixes
|
|
* Fixed a security vulnerability in the page redirect field which allowed users
to insert JavaScript code.
* Fixed a security vulnerability where the ``next`` parameter for the toolbar login
was not sanitised and could point to another domain.
|
|
* Sync with firefox52-52.1.1
|
|
Changelog:
Fixed
Various security fixes
Security fixes:
#CVE-2017-5031: Use after free in ANGLE
|
|
* Sync with firefox-53.0.2
|
|
Changelog:
Fixed
Various security fixes
Make form validation errors and date picker panel visible to the user (Bug 1341190)
Changed
The non-standard showDialog argument to window.find is now ignored (Bug 1348409)
Security fixes:
#CVE-2017-5031: Use after free in ANGLE
|
