| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
* Sync with www/firefox-65.0
|
|
|
|
* Use graphics/libwebp
* Bump devel/cbindgen requirement (PR pkg/53925)
* Enable system's addons, for example langpacks from www/firefox-l10n
* Fix potential configure error from clock_gettime(CLOCK_MONOTONIC, ...)
|
|
|
|
Flask-RESTPlus is an extension for Flask that adds support for
quickly building REST APIs. Flask-RESTPlus encourages best practices
with minimal setup. If you are familiar with Flask, Flask-RESTPlus
should be easy to pick up. It provides a coherent collection of
decorators and tools to describe your API and expose its documentation
properly using Swagger.
|
|
libgnurl is a fork of libcurl. The goal for libgnurl is to support
only HTTP and HTTPS (and only HTTP 1.x) with a single crypto backend
(GnuTLS) to ensure a small footprint and uniform experience for
developers regardless of how libcurl was compiled.
This software is mainly used by GNUnet. The modifications to curl
are kept to the bare minimum, intended to track upstream closely.
gnurl is not a replacement for curl, so different paths are used.
|
|
This is a hotfix release for a regression affecting some Drush
installations that was introduced by the fix for SA-CORE-2019-002. No
other fixes are included.
|
|
|
|
Scrapy 1.6.0:
Highlights:
* better Windows support;
* Python 3.7 compatibility;
* big documentation improvements, including a switch
from .extract_first() + .extract() API to .get() + .getall()
API;
* feed exports, FilePipeline and MediaPipeline improvements;
* better extensibility: :signal:item_error and
:signal:request_reached_downloader signals; from_crawler support
for feed exporters, feed storages and dupefilters.
* scrapy.contracts fixes and new features;
* telnet console security improvements, first released as a
backport in :ref:release-1.5.2;
* clean-up of the deprecated code;
* various bug fixes, small new features and usability improvements across
the codebase.
|
|
2.1.5
Changes:
New: ipdb, pdb and wdb filters
Fix: ForeignKeySearchInput, error with widget render(...) parameters on Django 2.1
Fix: pipchecker, unsupported format string passed to NoneType.format error
Tests: bunch of new test cases
|
|
0.3.11:
Avoid loading admin_static in templates under Django>=1.10
|
|
|
|
Changelog:
New
Enhanced tracking protection: Simplified content blocking settings give users standard, strict, and custom options to control online trackers. A redesigned content blocking section in the site information panel (viewed by expanding the small “i” icon in the address bar) shows what Firefox detects and blocks on each website you visit. To learn more about content blocking, visit the Mozilla Blog.
A better experience for multilingual users: An updated Language section in Preferences allows users to install multiple language packs and order language preferences for Firefox and websites, without having to download locale-specific versions.
Support for Handoff on macOS: Continue browsing across devices. Pick up where you left off with iOS (via Firefox or Safari) on Firefox on Mac.
A better video streaming experience for Windows users: Firefox now supports the next-generation, royalty-free video compression technology called AV1. Read about Mozilla’s contribution to this new open standard.
Improved performance and web compatibility, with support for the WebP image format: WebP brings the same image quality as existing formats at smaller file sizes, which saves bandwidth and speeds up page load.
Fixed
Various security fixes.
Changed
Enhanced security for macOS, Linux, and Android users via stronger stack smashing protection which is now enabled by default for all platforms. "Stack smashing" is a common security attack in which malicious actors corrupt or take control of a vulnerable program.
Firefox will now warn you when closing a window (regardless of whether you have automatic session restore enabled for restart).
Easier performance management: The revamped Task Manager page found at about:performance now reports memory usage for tabs and add-ons.
Improved the pop-up blocker to prevent multiple pop-up windows from being opened by websites at the same time.
Security fixes:
Not available yet.
|
|
1.2.1:
Bugfixes
- When given an IPv6 address in X-Forwarded-For or Forwarded for=
waitress was placing the IP address in REMOTE_ADDR with brackets:
[2001:db8::0], this does not match the requirements in the CGI spec which
REMOTE_ADDR was lifted from. Waitress will now place the bare IPv6
address in REMOTE_ADDR: 2001:db8::0.
|
|
Mostly incremental changes and bugfixes.
|
|
Many improvements and bugfixes.
|
|
Changes include:
- support for tyxml 4.3.x and js_of_ocaml 3.3.x (rendering obsolete a lot
of patches);
- compatibility with lwt 4.x (same);
and several other bugfixes and minor improvements.
|
|
Changes include:
- compatibility with ocaml 4.07
- compatibility with Lwt 4.x (a lot of this was already in patches,
which I've now been able to remove)
- replace tyxml-parser with xml-light
and some other minor bugfixes and improvements.
|
|
|
|
1.3.0:
Added support for Django 1.11, 2.0 and 2.1
Removed support for Django 1.8, 1.9
Adapted testing infrastructure (tox/travis) to incorporate django CMS 3.5 and 3.6
Added isort and adapted imports
Adapted code base to align with other supported addons
|
|
|
|
* [mod_cml,mod_flv_streaming] fix NULL ptr deref
* [mod_simple_vhost] t/test_mod_simple_vhost
* [mod_evhost] split uri handler func for testing
* [mod_evhost] restructure for unit tests
* [mod_evhost] t/test_mod_evhost
* [mod_access] restructure for unit tests
* [mod_access] t/test_mod_access
* [tests] include first.h and NDEBUG early
* [core] use kill_signal for gw_proc_kill()
* [tests] t/test_keyvalue
* [tests] some test config cleanup
* [tests] update skip count in mod-fastcgi.t
* [multiple] reduce initial buffer sz if large POST (fixes #2922)
* [mod_fastcgi] fix NULL ptr deref from bugfix #2922 (fixes #2923)
* [tests] more test config cleanup
* [core] perf: incremental hash of pathname w/o copy
* [core] perf: reuse buffer to redirect to directory
* [core] do not free() reused buffer
* [core] use connected sock port in dir redirect
* [core] http_response_buffer_append_authority()
* [core] use con->server_name for dir redir
* [core] memeq compare rounded to 64, not next 1M
* [core] define MD5_DIGEST_LENGTH 16
* [mod_auth] permit additional auth backends to load
* [core] send Connection: close if reqbody not read (fixes #2924)
* [core] cache rev DNS for localhost for dir redir
* [doc/conf] resolve some mime type conflicts from debian buster,
regenerate mime.conf
* [core] move winsock init to network_init()
* [core] move /dev/stdin graceful restart handling
* [core] network_srv_sockets_append() shared code
* [core] systemd socket activation support
* [build] autotools: try mysqlclient.pc and mariadb.pc (fixes #2925)
* [mod_expire] look up expire fallback "" explicitly
* [multiple] calloc match ptr type (clang --analyze)
* [multiple] quiet clang --analyze where trivial
* [mod_webdav] compare COPY, MOVE Destination scheme
* [core] con->uri.scheme is maintained lowercase
* [mod_openssl] ALPN and acme-tls/1 (fixes #2931)
* [core] Fix recursive include_shell invocations
* [mod_openssl] ssl.privkey directive (optional)
|
|
|
|
Add missing BUILD_DEPENDS
Upstream changes:
0.28
- Released at 2019-01-11T16:25:00+0900
- Now the distribution is made with mbtiny.
- Various improvements of the test suite.
- Rewrite the internally-used testing-purpose HTTP server to allow the control of 'Content-Length' request header.
|
|
Upstream changes:
1.52 Wed Dec 5 10:00:56 CST 2018
------------------------------------
[ENHANCEMENTS]
click_ok() method can now take a button with X/Y coordinates.
Thanks to GitHub user @marderh. (GH #45)
Added the ability to modify the HTML that the html_tidy_ok() validates.
See the content_for_validation() method. (GH #61)
Add a set of methods for existence of IDs: id_exists(), id_exists_ok(),
ids_exist_ok(), lacks_id_ok() and lacks_ids_ok(). (GH #48)
Add button_exists(), button_exists_ok() and lacks_button_ok()
methods. (GH #50)
[FIXES]
Clarified warnings to make it clear that certain modules are
optional. Thanks, Matthew Chae.
|
|
Upstream changes:
1.91 2019-01-10 18:44:33Z
[ENHANCEMENTS]
- Don't install Perl::Critic and Perl::Tidy to run user tests (GH#268)
(Julien Fiegehenn)
- Remove redundant PodSyntaxTests (GH#265) (Andrew Grangaard)
- Add test dependency for Perl::Tidy (GH#263) (Julien Fiegehenn)
|
|
Upstream changes:
1.76 2019-01-09 16:59:54Z
- Revert changes introduced in 1.75
1.75 2019-01-08 19:45:38Z
- $uri->canonical unconditionally returns a clone (GH#58) (Dorian Taylor)
|
|
Upstream changes (from NEWS):
== Ruby-GNOME2 3.3.1: 2019-01-09
This is a release that improves GObject Introspection support.
=== Changes
==== Ruby/GLib2
* Improvements
* (({rbgobj_remove_relative()})): Added support for removing a
relative added by (({rbgobj_add_relative()})).
* Stopped to use raw (({Hash})) to guard objects from GC.
* (({GLib::Idle.remove})): Deprecated. Use
(({GLib::Source.remove})) instead.
* Fixes
* Fixed typos in samples.
[GitHub#1267][Patch by kojix2]
==== Ruby/CairoGObject
* Improvements
* Started to require cairo gem 1.16.2 or later.
==== Ruby/GObjectIntrospection
* Improvements
* Added support for input object validation.
* Added support for callback with module function such as
(({Gdk.threads_add_idle})).
[GitHub#1256][Reported by xetum]
* Added support for converting (({GHash<utf8, GObject>})).
* Added support for transfer full (({GHash})).
* Added support for freeing array of primitive types.
[GitHub#1266][Patch by Yosuke Shiro]
* Improved suitable method detection for array and list.
* Added support for converting an array of (({GObject})).
* Added support for renaming compare operations:
* (({not_equal})): (({!=}))
* (({less_than})): (({<}))
* (({less_than_or_equal})): (({<=}))
* (({greater_than})): (({>}))
* (({greater_than_or_equal})): (({>=}))
==== Ruby/GdkPixbuf2
* Fixes
* Fixed markup.
[GitHub#1250][Patch by kojix2]
* Fixed a bug that data passed to (({GdkPixbuf::Pixbuf.new(data:
array)})) is corrupt by GC.
==== Ruby/Pango
* Improvements
* (({Pango::Layout#get_pixel_extents})): Added for backward
compatibility.
* (({Pango::Rectangle#ascent})): Added for backward
compatibility.
* (({Pango::Rectangle#descent})): Added for backward
compatibility.
* (({Pango::Rectangle#lbearing})): Added for backward
compatibility.
* (({Pango::Rectangle#rbearing})): Added for backward
compatibility.
* (({Pango::Rectangle#left_bearing})): Added.
* (({Pango::Rectangle#right_bearing})): Added.
==== Ruby/GTK2
* Fixes
* Fixed typos in samples.
[GitHub#1268][Patch by kojix2]
==== Ruby/GTK3
* Improvements
* Updated sample to work on HiDPI environment.
[GitHub#1246][Patch by noanoa07]
* Updated samples.
[GitHub#1258][GitHub#1259][GitHub#1260][Patch by kojix2]
==== Ruby/RSVG2
* Fixes
* Fixed typos.
[GitHub#1253][Patch by kojix2]
* Removed needless rsvg2 gem dependency for Windows.
[GitHub#1261][Reported by noanoa07]
==== Ruby/GEGL
* Fixes
* Fixed a typo in README.
[GitHub#1263][Patch by kojix2]
=== Thanks
* noanoa07
* kojix2
* xetum
* Yosuke Shiro
|
|
From wip/vimb2, should hopefully fix build on SunOS.
PKGREVISION++
|
|
|
|
Scrapy 1.5.2:
* *Security bugfix*: Telnet console extension can be easily exploited by rogue
websites POSTing content to http://localhost:6023, we haven't found a way to
exploit it from Scrapy, but it is very easy to trick a browser to do so and
elevates the risk for local development environment.
*The fix is backwards incompatible*, it enables telnet user-password
authentication by default with a random generated password. If you can't
upgrade right away, please consider setting :setting:TELNET_CONSOLE_PORT
out of its default value.
See :ref:telnet console <topics-telnetconsole> documentation for more info
* Backport CI build failure under GCE environemnt due to boto import error.
|
|
1.7.3
- Fix regression with tag names in regards to case sensitivity, and ensure there are tests to prevent breakage
in the future.
- XHTML should always be case sensitive like XML.
|
|
Version 5.0.2 fixed 73 bugs. Details here:
https://wordpress.org/support/wordpress-version/version-5-0-2/
Version 5.0.3 fixed 37 bugs and 7 performance improvements for the block editor.
Details here:
https://wordpress.org/support/wordpress-version/version-5-0-3/
|
|
|
|
|
|
|
|
Changes with Apache 2.4.38
*) SECURITY: CVE-2018-17199 (cve.mitre.org)
mod_session: mod_session_cookie does not respect expiry time allowing
sessions to be reused.
*) SECURITY: CVE-2018-17189 (cve.mitre.org)
mod_http2: fixes a DoS attack vector. By sending slow request bodies
to resources not consuming them, httpd cleanup code occupies a server
thread unnecessarily. This was changed to an immediate stream reset
which discards all stream state and incoming data.
*) SECURITY: CVE-2019-0190 (cve.mitre.org)
mod_ssl: Fix infinite loop triggered by a client-initiated
renegotiation in TLSv1.2 (or earlier) with OpenSSL 1.1.1 and
later.
*) mod_ssl: Clear retry flag before aborting client-initiated renegotiation.
*) mod_negotiation: Treat LanguagePriority as case-insensitive to match
AddLanguage behavior and HTTP specification.
*) mod_md: incorrect behaviour when synchronizing ongoing ACME challenges
have been fixed.
*) mod_setenvif: We can have expressions that become true if a regex pattern
in the expression does NOT match. In this case val is NULL
and we should just set the value for the environment variable
like in the pattern case.
*) mod_session: Always decode session attributes early.
*) core: Incorrect values for environment variables are substituted when
multiple environment variables are specified in a directive.
*) mod_rewrite: Only create the global mutex used by "RewriteMap prg:" when
this type of map is present in the configuration.
*) mod_dav: Fix invalid Location header when a resource is created by
passing an absolute URI on the request line
*) mod_session_cookie: avoid duplicate Set-Cookie header in the response.
*) mod_ssl: clear *SSL errors before loading certificates and checking
afterwards. Otherwise errors are reported when other SSL using modules
are in play.
*) mod_ssl: Fix the error code returned in an error path of
'ssl_io_filter_handshake()'. This messes-up error handling performed
in 'ssl_io_filter_error()'
*) mod_ssl: Fix $HTTPS definition for "SSLEngine optional" case, and fix
authz provider so "Require ssl" works correctly in HTTP/2.
*) mod_proxy: If ProxyPassReverse is used for reverse mapping of relative
redirects, subsequent ProxyPassReverse statements, whether they are
relative or absolute, may fail.
*) mod_lua: Now marked as a stable module
|
|
|
|
Apache Tomcat is an implementation of the Java Servlet and JavaServer Pages
technologies. The Java Servlet and JavaServer Pages specifications are
developed under the Java Community Process.
Apache Tomcat is developed in an open and participatory environment and
released under the Apache Software License. Apache Tomcat is intended to
be a collaboration of the best-of-breed developers from around the world.
We invite you to participate in this open development project.
Apache Tomcat powers numerous large-scale, mission-critical web applications
across a diverse range of industries and organizations.
This package tracks 9.x release branch.
|
|
Changelog:
Tomcat 8.5.37 (markt)
Catalina
Update: Update the recommended minimum Tomcat Native version to 1.2.19. (markt)
Other
Update: Update the packaged version of the Tomcat Native Library to 1.2.19 to pick up the latest Windows binaries built with APR 1.6.5 and OpenSSL 1.1.1a. (markt)
not released Tomcat 8.5.36 (markt)
Catalina
Fix: 62788: Add explicit logging configuration to write log files using UTF-8 to align with Tomcat's use of UTF-8 by default elsewhere. (markt)
Fix: The default Servlet should not override a previously set content-type. (remm)
Add: 62897: Provide a property (clearReferencesThreadLocals) on the standard Context implementation that enables the check for memory leaks via ThreadLocals to be disabled because this check depends on the use of an API that has been deprecated in later versions of Java. (markt)
Fix: Fix more storeconfig issues with duplicated SSL attributes. (remm)
Fix: 62968: Avoid unnecessary (and relatively expensive) getResources() call in the Mapper when processing rule 7. (markt)
Fix: 62978: Update the RemoteIpValve to handle multiple values in the x-forwarded-proto header. Patch provided by Tom Groot. (markt)
Fix: Update the RemoteIpFilter to handle multiple values in the x-forwarded-proto header. Based on a patch provided by Tom Groot. (markt)
Code: 62986: Refactor the code that performs class scanning during web application start to make integration simpler for downstream users. Patch provided by rmannibucau. (markt)
Fix: 62988: Fix the LoadBalancerDrainingValve so it works when the session cookie configuration is not explicitly declared. Based on a patch provided by Andreas Kurth. (markt)
Fix: 63002: Fix setting rewrite qsdiscard flag. (remm)
Fix: Implement the requirements of section 8.2.2 2c of the Servlet specification and prevent a web application from deploying if it has fragments with duplicate names and is configured to use relative ordering of fragments. (markt)
Coyote
Fix: Avoid an exception when using Tomcat Native built with a version of OpenSSL that does not support TLSv1.3. (markt)
Fix: 62899: Prevent the incorrect timing out of connections when Servlet non-blocking I/O is used to read a request body over an HTTP/2 stream. (markt)
Fix: Avoid bad SSLHostConfig JMX registrations before init. (remm)
Jasper
Add: 53737: Extend JspC, the precompilation tool, to include support for resource JARs. (markt)
Fix: 62976: Avoid an IllegalStateException when using background compilation when tag files are packaged in JAR files. (markt)
Web applications
Fix: 62918: Filter out subtype mbeans to avoid breaking the connector status page. (remm)
Other
Fix: Prevent an error when running in a Cygwin shell and the JAVA_ENDORSED_DIRS system property is empty. Patch provided by Zemian Deng. (markt)
Add: 53930: Add support for the CATALINA_OUT_CMD environment variable that defines a command to which captured stdout and stderr will be redirected. Patch provided by Casey Lucas. (markt)
2018-11-07 Tomcat 8.5.35 (markt)
Catalina
Add: 61692: Add the ability to control which HTTP methods are handled by the CGI Servlet via a new initialization parameter cgiMethods. (markt)
Fix: 62687: Expose content length information for resources when using a compressed war. (remm)
Fix: 62737: Fix rewrite substitutions parsing of {} nesting. (remm)
Fix: Add rewrite flags output when getting the rewrite configuration back. (remm)
Fix: Add missing qsdiscard flag to the rewrite flags as a cleaner way to discard the query string. (remm)
Fix: Add documentation about the files context.xml.default and web.xml.default that can be used to customize conf/context.xml and conf/web.xml on a per host basis. (fschumacher)
Fix: Ensure that a canonical path is always used for the docBase of a Context to ensure consistent behaviour. (markt)
Fix: 62803: Fix SSL connector configuration processing in storeconfig. (remm)
Fix: 62797: Pass throwable to keep client aborts with status 200 rather than 500. Patch submitted by zikfat. (remm)
Fix: 62809: Correct a regression in the implementation of DIGEST authentication support for the Deployer Ant tasks (bug 45832) that prevented the DeployTask from working when authentication was required. (markt)
Update: Update the recommended minimum Tomcat Native version to 1.2.18. (markt)
Add: Ignore an attribute named source on Context elements provided by StandardContext. This is to suppress warnings generated by the Eclipse / Tomcat integration provided by Eclipse. Based on a patch by mdfst13. (markt)
Add: 62830: Added JniLifeCycleListener and static methods Library.loadLibrary(libraryName) and Library.load(filename) to load a native library by a shared class loader so that more than one Webapp can use it. (isapir)
Fix: Correct a typo in the Spanish resource files. Patch provided by Diego Agulló. (markt)
Fix: 62868: Order the Enumeration<URL> provided by WebappClassLoaderBase.getResources(String) according to the setting of the delegate flag. (markt)
Coyote
Add: Add TLSv1.3 to the default protocols and to the all alias for JSSE based TLS connectors when running on a JVM that supports TLS version 1.3. One such JVM is OpenJDK version 11. (rjung)
Fix: 62685: Correct an error in host name validatin parsing that did not allow a fully qualified domain name to terminate with a period. Patch provided by AG. (markt)
Fix: 62739: Do not reject requests with an empty HTTP Host header. Such requests are unusual but not invalid. Patch provided by MichaeNIO2 connector when using the OpenSSL backed JSSE implementation. (schultz/markt)
Fix: 62791: Remove an unnecessary check in the NIO TLS implementation that prevented from secure WebSocket connections from being established. (markt)
Fix: Fix servesed by the fix for 53492, that caused the JSP compiler to hang. (markt)
Fix: 62721: Correct generation of web.xml header when using JspC. (markt)
Fix: 62757: Correct a regression in the fix for 62603 that caused NullPointerExceptions when compiling tag files on first access when development mode was disabled and background compilation was enabled. Based on a patch by Jordi Llach. (markt)
WebSocket
Fix: 62731: Make the URI returned by HandshakeRequest.getRequestURI() and Session.getRequestURI() absolute so that the scheme, host and port are accessible. (markt)
Web applications
Fix: 62676: Expand the CORS filter documentation to make it clear that explicit configuration is required to enable support for cross-origin requests. (markt)
Fix: 62712: Correct NPE in Manager application when attempting to view configured certificates for an APR/native TLS connector. (markt)
Fix: 62761: Correct the advanced CORS example in the Filter documentation to use a valid configuration. (markt)
Fix: 62786: Add a note to the Context documentation to explain that, by default, settings for a Context element defined in server.xml will be overwritten by settings specified in a default context file such as conf/context.xml. (markt)
Fix: Create a little visual separation between the Undeploy button and the other buttons in the Manager application. Patch provided by Łukasz Jąder. (markt)
Other
Update: Update the internal fork of Apache Commons Pool 2 to d4e0e88 (2018-09-12) to pick up some bug fixes and enhancements. (markt)
Update: Update the packaged version of the Tomcat Native Library to 1.2.18 to pick up the latest Windows binaries built with APR 1.6.5 and OpenSSL 1.1.1. (markt)
2018-09-10 Tomcat 8.5.34 (markt)
Catalina
Add: Make the isLocked() method of the LockOutRealm public and expose the method via JMX. (markt)
Fix: Improve the handling of path parameters when working with RequestDispatcher objects. (markt)
Fix: 62664: Process requests with content type multipart/form-data to servlets with a @MultipartConfig annotation regardless of HTTP method. (markt)
Fix: 62667: Add recursion to rewrite substitution parsing. (remm)
Fix: 62669: When using the SSIFilter and a resource does not specify a content type, do not force the content type to application/x-octet-stream. (markt)
Fix: 62670: Adjust the memory leak protection for the DriverManager so that JDBC drivers located in $CATALINA_HOME/lib and $CATALINA_BASE/lib are loaded via the service loader mechanism when the protection is enabled. (markt)
Fix: When generating a redirect to a directory in the Default Servlet, avoid generating a protocol relative redirect. (markt)
Coyote
Fix: Fix potential deadlocks when using asynchronous Servlet processing with HTTP/2 connectors. (markt)
Fix: 62620: Fix corruption of response bodies when writing large bodies using asynchronous processing over HTTP/2. (markt)
Fix: 62628: Additional fixes for output corruption of response bodies when writing large bodies using asynchronous processing over HTTP/2. (markt)
Jasper
Fix: Correct the JSP version in the X-PoweredBy HTTP header generated when the xpoweredBy option is enabled. (markt)
Fix: 62662: Fix the corruption of web.xml output during JSP compilation caused by the fix for 53492. Patch provided by Bernhard Frauendienst. (markt)
Web applications
Add: Expand the information in the documentation web application regarding the use of CATALINA_HOME and CATALINA_BASE. Patch provided by Marek Czernek. (markt)
Fix: 62652: Make it clearer that the version of DBCP that is packaged in Tomcat 8.5.x is DBCP 2. Correct the names of some DBCP 2 configuration attributes that changed between 1.x and 2.x. (markt)
Add: 62666: Expand internationalisation support in the Manager application to include the server status page and provide Russian translations in addition to English. Patch provided by Artem Chebykin. (markt)
Other
Fix: Switch the build script to use http for downloads from an ASF mirror using the closer.lua script to avoid failures due to HTTPS to HTTP redirects. (rjung)
2018-08-17 Tomcat 8.5.33 (markt)
Catalina
Fix: Ensure that the HTTP Vary header is set correctly when using the CORS filter and improve the cacheability of requests that pass through the COPRS filter. (markt)
Fix: 62527: Revert restriction of JNDI to the java: namespace. (remm)
Add: Introduce a new class - MultiThrowable - to report exceptions when multiple actions are taken where each action may throw an exception but all actions are taken before any errors are reported. Use this new class when reporting multiple container (e.g. web application) failures during start. (markt)
Fix: Correctly decode URL paths (+ should not be decoded to a space in the path) in the RequestDispatcher and the web application class loader. (markt)
Add: Make logout more robust if JASPIC subject is unexpectedly unavailable. (markt)
Fix: 62547: JASPIC cleanSubject() was not called on logout when the authenticator was configured to cache the authenticated Principal. Patch provided by Guillermo González de Agüero. (markt)
Add: 62559: Add jaxb-*.jar to the list of JARs ignored by StandardJarScanner. (markt)
Add: 62560: Add oraclepki.jar to the list of JARs ignored by StandardJarScanner. (markt)
Add: 62607: Return a non-zero exit code from catalina.[bat|sh] run if Tomcat fails to start. (markt)
Code: Remove ServletException from declaration of Tomcat.addWebapp(String,String) since it is never thrown. Patch provided by Tzafrir. (markt)
Fix: Use short circuit logic to prevent potential NPE in CorsFilter. (fschumacher)
Code: Simplify construction of appName from container name in JAASRealm. (fschumacher)
Coyote
Update: 60560: Add support for using an inherited channel to the NIO connector. Based on a patch submitted by Thomas Meyer with testing and suggestions by Coty Sutherland. (remm)
Fix: 62507: Ensure that JSSE based TLS connectors work correctly with a DKS keystore. Note: DKS keystores require Java 8 or later. (markt)
Fix: Refactor code that adds an additional header name to the Vary HTTP response header to use a common utility method that addresses several additional edge cases. (markt)
Fix: 62515: When a connector is configured (via setting bindOnInit to false) to bind/unbind the server socket during start/stop, close the socket earlier in the stop process so new connections do not sit in the TCP backlog during the shutdown process only to be dropped as stop completes. In this scenario new connections will now be refused immediately. (markt)
Fix: 62526: Correctly handle PKCS12 format key stores when the key store password is configured to be the empty string. (markt)
Fix: Fix error in back-port of HTTP/2 compression that meant compression was never enabled. (markt)
Fix: 62605: Ensure ReadListener.onDataAvailable() is called when the initial request body data arrives after the request headers when using asynchronous processing over HTTP/2. (markt)
Fix: 62614: Ensure that WriteListener.onWritePossible() is called after isReady() returns false and the window size is subsequently incremented when using asynchronous processing over HTTP/2. (markt)
Jasper
Fix: 53011: When pre-compiling with JspC, report all compilation errors rather than stopping after the first error. A new option -failFast can be used to restore the previous behaviour of stopping after the first error. Based on a patch provided by Marc Pompl. (markt)
Add: 53492: Make the Java file generation process multi-threaded. By default, one thread will be used per core. Based on a patch by Dan Fabulich. (markt)
Add: 62453: Add a performance optimisation for using expressions in tags that depend on uninitialised tag attributes with implied scope. Generally, using an explicit scope with tag attributes in EL is the best way to avoid various potential performance issues. (markt)
Fix: Correctly decode URL paths (+ should not be decoded to a space in the path) in the Jasper class loader. (markt)
Fix: 62603: Fix a potential race condition when development mode is disabled and background compilation checks are enabled. It was possible that some updates would not take effect and/or ClassNotFoundExceptions would occur. (markt)
WebSocket
Fix: 62596: Remove the limit on the size of the initial HTTP upgrade request used to establish the web socket connection. (markt)
Web applications
Add: 61565: Add the ability to trigger a reloading of TLS host configuration (certificate and key files, server.xml is not re-parsed) via the Manager web application. (markt)
Add: 62558: Add Russian translations for the Manager and Host Manager web applications. Based on a patch by Ivan Krasnov. (markt)
Add: 62561: Add advanced class loader configuration information regarding the use of the Server and Shared class loaders to the documentation web application. (markt)
Tribes
Fix: Ensures that the specified rxBufSize is correctly set to receiver buffer size. (kfujino)
Other
Update: Support building with Java 9+ while preserving the Java 7 compatibility at runtime (requires Ant 1.9.8 or later). (ebourg)
Update: Update WSDL4J library to version 1.6.3 (from 1.6.2). (kkolinko)
Update: Update JUnit library to version 4.12 (from 4.11). (kkolinko)
Update: Downgrade CGLib library used for testing with EasyMock to version 2.2.2 (from 2.2.3) as version 2.2.3 is not available from Maven Central. (markt/kkolinko)
Add: Implement checksum checks when downloading dependencies that are used to build Tomcat. (kkolinko)
Fix: Fixed spelling. Patch provided by Jimmy Casey via GitHub. (violetagg)
Update: Update the internal fork of Apache Commons Pool 2 to 3e02523 (2018-08-09) to pick up some bug fixes and enhancements. (markt)
Update: Update the internal fork of Apache Commons DBCP 2 to abc0484 (2018-08-09) to pick up some bug fixes and enhancements. (markt)
Fix: Correct various spelling errors throughout the source code and documentation. Patch provided by Kazuhiro Sera. (markt)
|
|
Changelog:
Tomcat 7.0.92 (violetagg)
Catalina
fix Add documentation about the files context.xml.default and web.xml.default that can be used to customize conf/context.xml and conf/web.xml on a per host basis. (fschumacher)
fix Ensure that a canonical path is always used for the docBase of a Context to ensure consistent behaviour. (markt)
fix 62788: Add explicit logging configuration to write log files using UTF-8 to align with Tomcat's use of UTF-8 by default elsewhere. (markt)
fix 62797: Pass throwable to keep client aborts with status 200 rather than 500. Patch submitted by zikfat. (remm)
fix 62809: Correct a regression in the implementation of DIGEST authentication support for the Deployer Ant tasks (bug 45832) that prevented the DeployTask from working when authentication was required. (markt)
update Update the recommended minimum Tomcat Native version to 1.2.18. (markt)
add Ignore an attribute named source on Context elements provided by StandardContext. This is to suppress warnings generated by the Eclipse / Tomcat integration provided by Eclipse. Based on a patch by mdfst13. (markt)
add 62830: Added JniLifeCycleListener and static methods Library.loadLibrary(libraryName) and Library.load(filename) to load a native library by a shared class loader so that more than one Webapp can use it. (isapir)
fix Correct a typo in the Spanish resource files. Patch provided by Diego Agulló. (markt)
fix 62868: Order the Enumeration<URL> provided by WebappClassLoaderBase.getResources(String) according to the setting of the delegate flag. (markt)
Coyote
add Add TLSv1.3 to the default protocols and to the all alias for JSSE based TLS connectors when running on a JVM that supports TLS version 1.3. One such JVM is OpenJDK version 11. (rjung)
fix 62739: Do not reject requests with an empty HTTP Host header. Such requests are unusual but not invalid. Patch provided by Michael Orr. (markt)
add 62748: Add TLS 1.3 support for the APR/Native connector. (schultz/markt)
fix 62791: Remove an unnecessary check in the NIO TLS implementation that prevented from secure WebSocket connections from being established. (markt)
Jasper
fix 62674: Correct a regression in the stand-alone JSP compiler utility, JspC, caused by the fix for 53492, that caused the JSP compiler to hang. (markt)
fix 62721: Correct generation of web.xml header when using JspC. (markt)
fix Fix a regression in the TLD whitespace parsing fix that broke parsing when whitespace was present between the method name and the parameters. (markt)
fix 62757: Correct a regression in the fix for 62603 that caused NullPointerExceptions when compiling tag files on first access when development mode was disabled and background compilation was enabled. Based on a patch by Jordi Llach. (markt)
fix 62808: Fix a regression in the TLD whitespace parsing fix that broke parsing when new lines were present in the method signature. (markt)
WebSocket
fix 62731: Make the URI returned by HandshakeRequest.getRequestURI() and Session.getRequestURI() absolute so that the scheme, host and port are accessible. (markt)
Web applications
fix 62761: Correct the advanced CORS example in the Filter documentation to use a valid configuration. (markt)
fix 62786: Add a note to the Context documentation to explain that, by default, settings for a Context element defined in server.xml will be overwritten by settings specified in a default context file such as conf/context.xml. (markt)
fix Create a little visual separation between the Undeploy button and the other buttons in the Manager application. Patch provided by Łukasz Jąder. (markt)
Other
update Update the packaged version of the Tomcat Native Library to 1.2.18 to pick up the latest Windows binaries built with APR 1.6.5 and OpenSSL 1.1.1. (markt)
Tomcat 7.0.91 (violetagg) released 2018-09-19
Catalina
add 61692: Add the ability to control which HTTP methods are handled by the CGI Servlet via a new initialization parameter cgiMethods. (markt)
fix Ensure that the HTTP Vary header is set correctly when using the CORS filter and improve the cacheability of requests that pass through the COPRS filter. (markt)
fix 62527: Revert restriction of JNDI to the java: namespace. (remm)
add Introduce a new class - MultiThrowable - to report exceptions when multiple actions are taken where each action may throw an exception but all actions are taken before any errors are reported. Use this new class when reporting multiple container (e.g. web application) failures during start. (markt)
fix Correctly decode URL paths (+ should not be decoded to a space in the path) in the RequestDispatcher and the web application class loader. (markt)
add 62559: Add jaxb-*.jar to the list of JARs ignored by StandardJarScanner. (markt)
add 62560: Add oraclepki.jar to the list of JARs ignored by StandardJarScanner. (markt)
add 62607: Return a non-zero exit code from catalina.[bat|sh] run if Tomcat fails to start. (markt)
code Remove ServletException from declaration of Tomcat.addWebapp(String,String) since it is never thrown. Patch provided by Tzafrir. (markt)
fix Use short circuit logic to prevent potential NPE in CorsFilter. (fschumacher)
code Simplify construction of appName from container name in JAASRealm. (fschumacher)
fix Improve the handling of path parameters when working with Requestt type multipart/form-data to servlets with a @MultipartConfig annotation regardless of HTTP method. (markt)
fix 62669: When using the SSIFilter and a resource does not specify a content type, do not force the content type to application/x-octet-s a redirect to a directory in the Default Servlet, avoid generating a protocol relative redirect. (markt)
Coyote
fix Refactor code that adds an additional header name to the Vary HTTP response header to use a common utility method that addresses several additional edge cases. (markt)
fix 62526: Correctly handle PKCS12 format key stores when the key store password is configured to be the empty string. Note that Java 6 does not support PKCS12 key stores configured to use a store password of the empty string. (markt)
fix 62670: Adjust the memory leak protection for the DriverManager so that JDBC drivers located in $CATALINA_HOME/lib and $CATALINA_BASE/lib are loaded via the service loader mechanism when the protection is enabled. (markt)
fix 62685: Correct an error in host name validation parsing that did not allow a fully qualified domain name to terminate with a period. Patch provided by AG. (markt)
Jasper
fix 53011: When pre-compiling with JspC, report all compilation errors rather than stopping after the first error. A new option -failFast can be used to restore the previous behaviour of stopping after the first error. Based on a patch provided by Marc Pompl. (markt)
add 53492: Make the Java file generation process multi-threaded. By default, one thread will be used per core. Based on a patch by Dan Fabulich. (markt)
fix 62603: Fix a potential race condition when development mode is disabled and background compilation checks are enabled. It was possible that some updates would not take effect and/or ClassNotFoundExceptions would occur. (markt)
fix Correct the JSP version in the X-PoweredBy HTTP header generated when the xpoweredBy option is enabled. (markt)
fix 62662: Fix the corruption of web.xml output during JSP compilation caused by the fix for 53492. Patch provided by Bernhard Frauendienst. (markt)
fix Correct parsing of XML whitespace in TLD function signatures that incorrectly only looked for the space character. (markt)
WebSocket
fix 62596: Remove the limit on the size of the initial HTTP upgrade request used to establish the web socket connection. (markt)
Web applications
add 62558: Add Russian translations for the Manager and Host Manager web applications. Based on a patch by Ivan Krasnov. (markt)
add 62561: Add advanced class loader configuration information regarding the use of the Server and Shared class loaders to the documentation web application. (markt)
add Expand the information in the documentation web application regarding the use of CATALINA_HOME and CATALINA_BASE. Patch provided by Marek Czernek. (markt)
fix 62652: Make it clearer that the version of DBCP that is packaged in Tomcat 7.0.x is DBCP 1. (markt)
add 62666: Expand internationalisation support in the Manager application to include the server status page and provide Russian translations in addition to English. Patch provided by Artem Chebykin. (markt)
fix 62676: Expand the CORS filter documentation to make it clear that explicit configuration is required to enable support for cross-origin requests. (markt)
Tribes
fix Ensures that the specified rxBufSize is correctly set to receiver buffer size. (kfujino)
Other
fix Fixed spelling. Patch provided by Jimmy Casey via GitHub. (violetagg)
fix Correct various spelling errors throughout the source code and documentation. Patch provided by Kazuhiro Sera. (markt)
|
|
0.7:
Unknown changes
|
|
Version 2.1:
* Fixed a regression in FilterView introduced in 2.0. An empty QuerySet was
incorrectly used whenever the FilterSet was unbound (i.e. when there were
no GET parameters). The correct, pre-2.0 behaviour is now restored.
A workaround was to set strict=False on the FilterSet. This is no
longer necessary, so you may restore strict behaviour as desired.
* Added IsoDateTimeFromToRangeFilter. Allows From-To filtering using
ISO-8601 formatted dates.
|
|
Version 3.1.0:
**Features**
* Add recognized_tags argument to the linkify Linker class. This
fixes issues when linkifying on its own and having some tags get escaped.
It defaults to a list of HTML5 tags.
**Bug fixes**
* Add six>=1.9 to requirements.
* Fix cases where attribute names could have invalid characters in them.
* Fix problems with LinkifyFilter not being able to match links
across &.
* Fix InputStreamWithMemory when the BleachHTMLParser is
parsing meta tags.
* Fix doctests.
|
|
1.7.2
- **FIX**: Fix HTML detection type selector.
- **FIX**: Fixes for :enabled and :disabled.
- **FIX**: Provide a way for Beautiful Soup to parse selectors in a quirks mode to mimic some of the quirks of the old
select method prior to Soup Sieve, but with warnings. This is to help old scripts to not break during the transitional
period with newest Beautiful Soup. In the future, these quirks will raise an exception as Soup Sieve requires
selectors to follow the CSS specification.
1.7.1
- **FIX**: Fix issue with :has() selector where a leading combinator can only be provided in the first selector in a
relative selector list.
1.7.0
- **NEW**: Add support for :in-range and :out-of-range selectors.
- **NEW**: Add support for :defined selector.
- **FIX**: Fix pickling issue when compiled selector contains a NullSelector object.
- **FIX**: Better exception messages in the CSS selector parser and fix a position reporting issue that can occur in
some exceptions.
- **FIX**: Don't compare prefixes when evaluating attribute namespaces, compare the actual namespace.
- **FIX**: Split whitespace attribute lists by all whitespace characters, not just space.
- **FIX**: :nth-* patterns were converting numbers to base 16 when they should have been converting to base 10.
|
|
Changes:
=== RELEASE 2.18 ===
- Compile links with graphics support on OpenVMS
- Automatically enable tor mode when the socks port is 9050
- When we are in tor mode, invert the colors on the top line and bottom
line, so that the user can immediatelly see it
- Fix an incorrect shift in write_ev_queue that could cause spurious error
if the socket for interprocess communication fills up.
This bug was introduced in Links 2.15.
- Fix 'runtime error: member access within null pointer' sanitizer warning
- Add a menu entry to save and load a clipboard
- Don't synchronize with the Xserver on every pixmap load
It improves performance on remote connections
- Fix a bug that in the "Network options" dialog box, the value in the
field "Timeout when trying multiple addresses" incorrectly set the value
"Timeout when unrestartable".
- Fix a possible integer overflow in decoder_memory_expand
- Work around a bug on OpenVMS where allocations larger than 0x77fffff0
are treated as if they had 16 bytes
- Fix possible pointer arithmetics bugs if the operating system allocated
memory few bytes below the limit 0xffffffff or 0xffffffffffffffff
- Add a button to never accept invalid certificate for a given server
- Fix incorrect strings -html-t-text-color, -html-t-link-color,
-html-t-background-color, -html-t-ignore-document-color in the manual
page and help (reported by Oliver Schode <oliver.schode@online.de>)
- Windows 7 has a bug (or feature) that corrupts the screen when using the
unaccelerated video driver - when a thread draws into window's device context
and the user simultaneously drags the window, the device context coordinates
may not be updated. Subsequent draws are done with incorrect coordinates.
In order to work around this bug, we detect that a drawing operation
possibly raced with window moving. If it did, we allocate a new DC (the
old one is corrupted) and start a timer that asks the main thread to
redraw the whole window using the new DC.
- Add ascii replacement of Romanian S and T with comma
Fix replacement of c with cedilla and a/i with grave accent a/o/u with
diaeresis
- Use static linking in the released binaries on OS/2 because the DLL
names may clash with other programs
- On OS/2, use AF_OS2 for interprocess communication because the loopback
network device may not be properly configured.
Fall back to 127.0.0.1 only if AF_OS2 in not installed.
- Fixed a bug when IPv6 control connection to a ftp server fails and IPv4
control connection succeeds, links would incorrectly try to make the
data connection using IPv6 (this bug was introduced in Links 2.15).
|
|
3.141.0 (2018-10-31)
====================
Edge:
* Added new Edge::Options class that should be used to customize browser
behavior. The instance of options class can be passed to driver
initialization using :options key. Please, note that using options require
insiders builds of Edge.
Chrome:
* Included HasLocation to Chrome driver (thanks @sidonath).
* Updated endpoint to send Chrome Debugging Protocol commands. The old one
has been deprecated in ChromeDriver 40.
Safari:
* Added new Safari::Options class that should be used to customize browser
behavior. The instance of options class can be passed to driver
initialization using :options key. Please, note that using options require
Safari 12+.
Remote:
* Allow passing Options instances to remote driver initialization using
:options key. This feature allows to use browser-specific options classes
(Chrome::Options, Firefox::Options, etc.) and pass them to Server/Grid
instead of capabilities.
|
|
1.2.0:
No changes since the last beta release. Enjoy Waitress!
1.2.0b3:
Bugfixes
- Modified clear_untrusted_proxy_headers to be usable without a
trusted_proxy.
- Modified trusted_proxy_count to error when used without a
trusted_proxy.
1.2.0b2:
Bugfixes
- Fixed logic to no longer warn on writes where the output is required to have
a body but there may not be any data to be written. Solves issue posted on
the Pylons Project mailing list with 1.2.0b1.
1.2.0b1:
Happy New Year!
Features
- Setting the trusted_proxy setting to '*' (wildcard) will allow all
upstreams to be considered trusted proxies, thereby allowing services behind
Cloudflare/ELBs to function correctly whereby there may not be a singular IP
address that requests are received from.
Using this setting is potentially dangerous if your server is also available
from anywhere on the internet, and further protections should be used to lock
down access to Waitress.
- Waitress has increased its support of the X-Forwarded-* headers and includes
Forwarded (RFC7239) support. This may be used to allow proxy servers to
influence the WSGI environment.
This also provides a new security feature when using Waitress behind a proxy
in that it is possible to remove untrusted proxy headers thereby making sure
that downstream WSGI applications don't accidentally use those proxy headers
to make security decisions.
The documentation has more information, see the following new arguments:
- trusted_proxy_count
- trusted_proxy_headers
- clear_untrusted_proxy_headers
- log_untrusted_proxy_headers (useful for debugging)
Be aware that the defaults for these are currently backwards compatible with
older versions of Waitress, this will change in a future release of waitress.
If you expect to need this behaviour please explicitly set these variables in
your configuration, or pin this version of waitress.
Documentation:
https://docs.pylonsproject.org/projects/waitress/en/latest/reverse-proxy.html
- Waitress can now accept a list of sockets that are already pre-bound rather
than creating its own to allow for socket activation. Support for init
systems/other systems that create said activated sockets is not included.
- Server header can be omitted by specifying ident=None or ident=''.
Bugfixes
- Waitress will no longer send Transfer-Encoding or Content-Length for 1xx,
204, or 304 responses, and will completely ignore any message body sent by
the WSGI application, making sure to follow the HTTP standard.
Compatibility
- Waitress has now "vendored" asyncore into itself as waitress.wasyncore.
This is to cope with the eventuality that asyncore will be removed from
the Python standard library in 3.8 or so.
Documentation
- Bring in documentation of paste.translogger from Pyramid. Reorganize and
clean up documentation.
|
|
nghttp2 v1.36.0.
build
CMake build disables shared library if ENABLE_SHARED_LIB is OFF.
third-party
http-parser has been upgraded to v2.9.0.
mruby has been upgraded to v2.0.0.
nghttpx
nghttpx now pools h1 backend connection per address and uses it when the round robin index points to the address.
nghttpx now randomizes backend address round robin order per thread.
The bug that long certificate serial numbers cannot be handled has been fixed.
h2load
An option to write per-request logs has been added.
asio
The API to get the current server port has been added.
|
