| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
! XS.xs
+ t/06-nonstr.t
Addressed: RT#94793: encodeURIComponent can't encode integer values
https://rt.cpan.org/Ticket/Display.html?id=94793
! t/03-hashu.t
No longer skips tests 4-6 for Test::Harness->VERSION > 3
! Makefile.PL
Pulled: https://github.com/dankogai/p5-uri-escape-xs/pull/4
! lib/URI/Escape/XS.pm
Pulled: https://github.com/dankogai/p5-uri-escape-xs/pull/3
|
|
- fixed: IO::Socket::SSL related warning (GitHub issue #3)
- fixed: "500 Can't read entity body" with IO::Socket:SSL (GitHub issue #4)
|
|
- Fixed a remotely exploitable hole, please update ASAP
|
|
|
|
Security fixes
~~~~~~~~~~~~~~
* The XSRF token is now encoded with a random mask on each request.
This makes it safe to include in compressed pages without being
vulnerable to the `BREACH attack <http://breachattack.com>`_.
This applies to most applications that use both the ``xsrf_cookies``
and ``gzip`` options (or have gzip applied by a proxy).
Backwards-compatibility notes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* If Tornado 3.2.2 is run at the same time as older versions on the same
domain, there is some potential for issues with the differing cookie
versions. The `.Application` setting ``xsrf_cookie_version=1`` can
be used for a transitional period to generate the older cookie format
on newer servers.
Other changes
~~~~~~~~~~~~~
* ``tornado.platform.asyncio`` is now compatible with ``trollius`` version 0.3.
|
|
|
|
added 'as' form to render_placeholder templatetag to save the result in context
added changeable strings for "?edit", "?edit_off" and "?build" urls
utils.page_resolver has been optimized
the get_page_from_path() api has been changed
fixed manage.py cms uninstall plugin for table-patched plugins
added support for python 3.4
docs updated
publish on apphook subpages no longer redirects to the apphook root
|
|
|
|
- Slovak translation (@jbub).
- Deleting a user no longer deletes the associated revisions (@daaray).
- Improving handling of inline models in admin integration (@blueyed).
- Improving error messages for proxy model registration (@blueyed).
- Improvements to using migrations with custom user model (@aivins).
- Removing sys.exit() in deleterevisions management command, allowing it to be used internally by Django projects (@tongwang).
- Fixing some backwards-compatible admin deprecation warnings (Thomas Schreiber).
- Fixing tests if RevisionMiddleware is used as a decorator in the parent project (@jmoldow).
- Derived models, such as those generated by deferred querysets, now work.
- Removed deprecated low-level API methods.
|
|
point releast for django 1.7 compatibility
|
|
package before adding this one. Sorry for the noise.
|
|
dubbed "The heartbleed release." NFI. MASTER_SITES and HOMEPAGE were
updated. Package no longer includes README.
|
|
|
|
Boto is a Python package that provides interfaces to Amazon Web Services.
|
|
2.2.5 (2014-06-05)
------------------
Enhancements
- new meta tag to tell IE to use the highest mode available
- updated Dutch, Finnish, German, and Polish translations
Bug fixes
- avoid crashing when we forward an email with no Subject header
- we no longer try to include attachments when replying to a mail
- fixed ActiveSync repetitive events issues with "Weekly" and "Monthly" ones
- fixed ActiveSync text/plain parts re-encoding issues for Outlook
2.2.4 (2014-05-29)
------------------
New features
- new print option in Calendar module
- now able to save unknown recipient emails to address book on send (#1496)
Enhancements
- Sieve folder encoding is now configurable (#2622)
- SOGo version is now displayed in preferences window (#2612)
- report Sieve error when saving preferences (#1046)
- added the SOGoMaximumSyncWindowSize system default to overwrite the
maximum number of items returned during an ActiveSync sync operation
- updated datepicker
- addressbooks properties are now accessible from a popup window
- extended events and tasks searches
- updated Czech, French, Hungarian, Polish, Russian, Slovak, Spanish (Argentina), and Spanish (Spain) translations
- added more sycned contact properties when using ActiveSync (#2775)
- now possible to configure the default subscribed resource name using SOGoSubscriptionFolderFormat
- now handle server-side folder updates using ActiveSync (#2688)
- updated CKEditor to version 4.4.1
Bug fixes
- fixed saved HTML content of draft when attaching a file
- fixed text nodes of HTML content handler by encoding HTML entities
- fixed iCal7 delegation issue with the "inbox" folder (#2489)
- fixed birth date validity checks (#1636)
- fixed URL handling (#2616)
- improved folder rename operations using ActiveSync (#2700)
- fixed SmartReply/Forward when ReplaceMime was omitted (#2680)
- fixed wrong generation of weekly repetitive events with ActiveSync (#2654)
- fixed incorrect XML data conversion with ActiveSync (#2695)
- fixed display of events having a category with HTML entities (#2703)
- fixed display of images in CSS background (#2437)
- fixed limitation of Sieve script size (#2745)
- fixed sync-token generation when no change was returned (#2492)
- fixed the IMAP copy/move operation between subfolders in different accounts
- fixed synchronization of seen/unseen status of msgs in Webmail (#2715)
- fixed focus of popup windows open through a contextual menu with Firefox on Windows 7
- fixed missing characters in shared folder names over ActiveSync (#2709)
- fixed reply and forward mail templates for Brazilian Portuguese (#2738)
- fixed newline in signature when forwarding a message as attachment in HTML mode (#2787)
- fixed restoration of options (priority & return receipt) when editing a draft (#193)
- fixed update of participation status via CalDAV (#2786)
2.2.3 (2014-04-03)
------------------
Enhancements
- updated Dutch, Hungarian, Russian and Spanish (Argentina) translations
- initial support for ActiveSync event reminders support (#2681)
- updated CKEditor to version 4.3.4
Bug fixes
- fixed possible exception when retrieving the default event reminder value on 64bit architectures (#2678)
- fixed calling unescapeHTML on null variables to avoid JavaScript exceptions in Contacts module
- fixed detection of IMAP flags support on the client side (#2664)
- fixed the ActiveSync issue marking all mails as read when downloading them
- fixed ActiveSync's move operations not working for multiple selections (#2691)
- fixed email validation regexp to allow gTLDs
- improved all-day events support for ActiveSync (#2686)
2.2.2 (2014-03-21)
------------------
Enhancements
- updated French, Finnish, German and Spanish (Spain) translations
- added sanitization support for Outlook/ActiveSync to circumvent Outlook bugs (#2667)
- updated CKEditor to version 4.3.3
- updated jQuery File Upload to version 9.5.7
Bug fixes
- fixed possible exception when retrieving the default event reminder value on 64bit architectures (#2647, #2648)
- disable file paste support in mail editor (#2641)
- fixed copying/moving messages to a mail folder begining with a digit (#2658)
- fixed unseen count for folders beginning with a digit and used in Sieve filters (#2652)
- fixed decoding of HTML entities in reminder alerts (#2659)
- fixed check for resource conflict when creating an event in the resource's calendar (#2541)
- fixed construction of mail folders tree
- fixed parsing of ORG attribute in cards (#2662)
- disabled ActiveSync provisioning for now (#2663)
- fixed messages move in Outlook which would create duplicates (#2650)
- fixed translations for OtherUsersFolderName and SharedFoldersName folders (#2657)
- fixed handling of accentuated characters when filtering contacts (#2656)
- fixed classification icon of events (#2651)
- fixed ActiveSync's SendMail with client version <= 12.1 (#2669)
|
|
Changes from 2.5.1 are too many to write here, please refer
readme.txt file.
|
|
to make it easier for the two to replace each other.
|
|
4.1.3
Known Issues
1. The makefiles for building mod_wsgi on Windows are currently
broken and need updating. As most new changes relate to mod_wsgi
daemon mode, which is not supported under Windows, you should keep
using the last available binary for version 3.X on Windows instead.
Bugs Fixed
1. The setup.py file wasnât always detecting the Python library
version suffix properly when setting it up to be linked into the
resulting mod_wsgi.so. This would cause an error message at link
time of:
4.1.2
Bugs Fixed
1. The integration for Django management command was looking for
the wrong name for the admin script to start mod_wsgi express.
2. The code which connected to the mod_wsgi daemon process was
passing an incorrect size into the connect() call for the size of
the address structure. On some Linux systems this would cause an
error similar to:
(22)Invalid argument: mod_wsgi (pid=22944): Unable to connect to
\
WSGI daemon process 'localhost:8000' on \
'/tmp/mod_wsgi-localhost:8000:12145/wsgi.22942.0.1.sock'
This issue was only introduced in 4.1.0 and does not affect older
versions.
3. The deadlock detection thread could try and acquire the Python
GIL after the Python interpreter had been destroyed on Python
shutdown resulting in the process crashing. This issue cannot be
completely eliminated, but the deadlock thread will now at least
check whether the flag indicating process shutdown is happening
has been set before trying to acquire the Python GIL
4.1.1
Bugs Fixed
1. Compilation would fail on Apache 2.4 due to a change in the
Apache API to determine the name of the MPM being used.
4.1.0
Bugs Fixed
1. If a UNIX signal received by daemon mode process while still
being initialised to signal that it should be shutdown, the process
could crash rather than shutdown properly due to not registering
the signal pipe prior to registering signal handler.
2. Python doesnât initialise codecs in sub interpreters automatically
which in some cases could cause code running in WSGI script to fail
due to lack of encoding for Unicode strings when converting them.
The error message in this case was:
LookupError: no codec search functions registered: can't find
encoding
The âasciiâ encoding is now forcibly loaded when initialising sub
interpreters to get Python to initialise codecs.
3. Fixed reference counting bug under Python 3 in SSL var_lookup()
function which can be used from an auth handler to look up SSL
variables.
4. The WWW-Authenticate headers returned from a WSGI application
when run under daemon mode are now always preserved as is.
Because of previously using an internal routine of Apache, way back
in time the values of multiple WWW-Authenticate headers would be
merged when there was more than one. This would cause an issue with
some browsers.
A workaround was subsequently implemented above the Apache routine
to break apart the merged header to create separate ones again,
however, if the value of a header validly had a â,â in it, this
would cause the header value to be broken apart where it wasnât
meant to. This could issues with some type of WWW-Authenticate
headers.
Features Removed
1. No longer support the use of mod_python in conjunction with
mod_wsgi. When this is attempted an error is forced and Apache will
not be able to start. An error message is logged in main Apache
error log.
2. No longer support the use of Apache 1.3. Minimum requirement is
now Apache 2.0.
Features Changed
1. Use of kernel sendfile() function by wsgi.file_wrapper is now
off by default. This was originally always on for embedded mode
and completely disabled for daemon mode. Use of this feature can
be enabled for either mode using WSGIEnableSendfile directive,
setting it to On to enable it.
The default is now off because kernel sendfile() is not always able
to work on all file objects. Some instances where it will not work
are described for the Apache EnableSendfile directive.
http://httpd.apache.org/docs/2.2/mod/core.html#enablesendfile
Although Apache has use of sendfile() enabled by default for static
files, they are moving to having it off by default in future version
of Apache. This change is being made because of the problems which
arise and users not knowing how to debug it and solve it.
Thus also erring on side of caution and having it off by default
but allowing more knowledgeable users to enable it where they know
always using file objects which will work with sendfile().
2. The HTTPS variable is no longer set within the WSGI environment.
The authoritative indicator of whether a SSL connection is used is
wsgi.url_scheme and a WSGI compliant application should check for
wsgi.url_scheme. The only reason that HTTPS was supplied at all
was because early Django versions supporting WSGI interface werenât
correctly using wsgi.url_scheme. Instead they were expecting to
see HTTPS to exist.
This change will cause non conformant WSGI applications to finally
break. This possibly includes some Django versions prior to Django
version 1.0.
Note that you can still set HTTPS in Apache configuration using
the SetEnv or SetEnvIf directive, or via a rewrite rule. In that
case, that will override what wsgi.url_scheme is set to and once
wsgi.url_scheme is set appropriately, the HTTPS variable will be
removed from the set of variables passed through to the WSGI
environment.
3. The wsgi.version variable has been reverted to 1.0 to conform
to the WSGI PEP 3333 specification. It was originally set to 1.1
on expectation that revised specification would use 1.1 but that
didnât come to be.
4. The inactivity-timeout option to WSGIDaemonProcess now only
results in the daemon process being restarted after the idle timeout
period where there are no active requests. Previously it would also
interrupt a long running request. See the new request-timeout option
for a way of interrupting long running, potentially blocked requests
and restarting the process.
5. If the home option is used with WSGIDaemonProcess, in addition
to that directory being made the current working directory for the
process, an empty string will be added to the start of the Python
module search path. This causes Python to look in the current
working directory for Python modules when they are being imported.
This behaviour brings things into line with what happens when
running the Python interpreter from the command line. You must
though be using the home option for this to come into play.
Do not that if your application then changes the working directory,
it will start looking in the new current working directory and not
that which is specified by the home option. This again mirrors what
the normal Python command line interpreter does.
New Features
1. Add supplementary-groups option to WSGIDaemonProcess to allow
group membership to be overridden and specified comma separate list
of groups used instead.
2. Add a graceful-timeout option to WSGIDaemonProcess. This option
is applied in a number of circumstances.
When maximum-requests and this option are used together, when
maximum requests is reached, rather than immediately shutdown,
potentially interupting active requests if they donât finished with
shutdown timeout, can specify a separate graceful shutdown period.
If the all requests are completed within this time frame then will
shutdown immediately, otherwise normal forced shutdown kicks in.
In some respects this is just allowing a separate shutdown timeout
on cases where requests could be interrupted and could avoid it if
possible.
When cpu-time-limit and this option are used together, when CPU
time limit reached, rather than immediately shutdown, potentially
interupting active requests if they donât finished with shutdown
timeout, can specify a separate graceful shutdown period.
3. Add potentially graceful process restart option for daemon
processes when sent a graceful restart signal. Signal is usually
SIGUSR1 but is platform dependent as using same signal as Apache
would use. If the graceful-timeout option had been provided to
WSGIDaemonProcess, then the process will attempt graceful shutdown
first based on the that timeout, otherwise normal shutdown procedure
used as if received a SIGTERM.
4. Add memory-limit option to WSGIDaemonProcess to allow memory
usage of daemon processes to be restricted. This will have no affect
on some platforms as RLIMIT_AS/RLIMIT_DATA with setrlimit() isnât
always implemented. For example MacOS X and older Linux kernel
versions do not implement this feature. You will need to test
whether this feature works or not before depending on it.
5. Add virtual-memory-limit option to WSGIDaemonProcess to allow
virtual memory usage of daemon processes to be restricted. This
will have no affect on some platforms as RLIMIT_VMEM with setrlimit()
isnât always implemented. You will need to test whether this feature
works or not before depending on it.
6. Access, authentication and authorisation hooks now have additional
keys in the environ dictionary for mod_ssl.is_https and
mod_ssl.var_lookup. These equate to callable functions provided by
mod_ssl for determining if the client connection to Apache used
SSL and what the values of variables specified in the SSL certifcates,
server or client, are. These are only available if Apache 2.0 or
later is being used.
7. For Python 2.6 and above, the WSGIDontWriteBytecode directive
can be used at global scope in Apache configuration to disable
writing of all byte code files, ie., .pyc, by the Python interpreter
when it imports Python code files. To disable writing of byte code
files, set directive to On.
Note that this doesnât prevent existing byte code files on disk
being used in preference to the corresponding Python code files.
Thus you should first remove .pyc files from web application
directories if relying on this option to ensure that .py file is
always used.
8. Add request-timeout option to WSGIDaemonProcess to allow a
separate timeout to be applied on how long a request is allowed to
run for before the daemon process is automatically restarted to
interrupt the request.
This is to counter the possibility that a request may become blocked
on some backend service, thereby using up available requests threads
and preventing other requests to be handled.
In the case of a single threaded process, then the timeout will
happen at the specified time duration from the start of the request
being handled.
Applying such a timeout in the case of a multithreaded process is
more problematic as doing a restart when a single requests exceeds
the timeout could unduly interfere with with requests which just
commenced.
In the case of a multi threaded process, what is instead done is
to take the total of the current running time of all requests and
divide that by the number of threads handling requests in that
process. When this average time exceeds the time specified, then
the process will be restarted.
This strategy for a multithreaded process means that individual
requests can actually run longer than the specified timeout and a
restart will only be performed when the overall capacity of the
processes appears to be getting consumed by a number of concurrent
long running requests, or when a specific requests has been blocked
for an excessively long time.
The intent of this is to allow the process to still keep handling
requests and only perform a restart when the available capacity of
the process to handle more requests looks to be potentially on the
decline.
9. Add connect-timeout option to WSGIDaemonProcess to allow a
timeout to be specified on how long the Apache child worker processes
should wait on being able to obtain a connection to the mod_wsgi
daemon process.
As UNIX domain sockets are used, connections should always succeed,
however there have been some incidences seen which could only be
explained by the operating system hanging on the initial connect
call without being added to the daemon process socket listener
queue. As such the timeout has been added. The timeout defaults to
15 seconds.
This timeout also now dictates how long the Apache child worker
process will attempt to get a connection to the daemon process when
the connection is refused due to the daemon socket listener queue
being full. Previously how long connection attempts were tried was
based on an internal retry count rather than a configurable timeout.
10. Add socket-timeout option to WSGIDaemonProcess to allow the
timeout on indvidual read/writes on the socket connection between
the Apache child worker and the daemon process to be specified
separately to the Apache Timeout directive.
If this option is not specified, it will default to the value of
the Apache Timeout directive.
11. Add queue-timeout option to WSGIDaemonProcess to allow a request
to be aborted if it never got handed off to a mod_wsgi daemon
process within the specified time. When this occurs a â503 Service
Unavailableâ response will be returned.
This is to allow one to control what to do when backlogging of
requests occurs. If the daemon process is overloaded and getting
behind, then it is more than likely that a user will have given up
on the request anyway if they have to wait too long. This option
allows you to specify that a request that was queued up waiting
for too long is discarded, allowing any transient backlog to be
quickly discarded and not simply cause the daemon process to become
even more backlogged.
12. Add listen-backlog option to WSGIDaemonProcess to allow the
daemon process socket listener backlog size to be specified. By
default this limit is 100, although this is actually a hint, as
different operating systems can have different limits on the maximum
value or otherwise treat it in special ways.
13. Add WSGIPythonHashSeed directive to allow Python behaviour
related to initial hash seed to be overridden when the interpreter
supports it.
This is equivalent to setting the PYTHONHASHSEED environment variable
and should be set to either random or a number in the range in
range [0; 4294967295].
14. Implemented a new streamlined way of installing mod_wsgi as a
Python package using a setup.py file or from PyPi. This includes
a mod_wsgi-express script that can then be used to start up
Apache/mod_wsgi with an auto generated configuration on port 8000.
This makes it easy to run up Apache for development without
interfering with the main Apache on the system and without having
to worry about configuring Apache. Command line options can be used
to override behaviour.
Once the mod_wsgi package has been installed into your Python
installation, you can run:
mod_wsgi-express start-server
Then open your browser on the listed URL. This will verify that
everything is working. Enter CTRL-C to exit the server and shut it
down.
You can now point it at a specific WSGI application script file:
mod_wsgi-express start-server wsgi.py
For options run:
mod_wsgi-express start-server --help
If you already have another web server running on port 8000, you
can override the port to be used using the --port option:
mod_wsgi-express start-server wsgi.py --port 8001
15. Implemented a Django application plugin to add a runmodwsgi
command to the Django management command script. This allows the
automatic run up of the new mod_wsgi express script, with it hosting
the Django web site the plugin was added to.
To enable, once the mod_wsgi package has been installed into your
Python installation, add mod_wsgi.server to the INSTALLED_APPS
setting in your Django settings file.
After having run the collectstatic Django management command, you
can then run:
python manage.py runmodwsgi
For options run:
python manage.py runmodwsgi --help
To enable automatic code reloading in a development setting, use
the option:
python manage.py runmodwsgi --reload-on-changes
16. The maximum size that a response header/value can be that is
returned from a WSGI application under daemon mode can now be
configured. The default size has also now been increased from 8192
bytes to 32768 bytes. The name of the option to WSGIDaemonProcess
to set the buffer size used is header-buffer-size.
|
|
Security Issues
Local privilege escalation when using daemon mode. (CVE-2014-0240)
The issue is believed to affect Linux systems running kernel versions
>= 2.6.0 and < 3.1.0.
The issue affects all versions of mod_wsgi up to and including
version 3.4.
The source of the issue derives from mod_wsgi not correctly handling
Linux specific error codes from setuid(), which differ to what
would be expected to be returned by UNIX systems conforming to the
Open Group UNIX specification for setuid().
http://man7.org/linux/man-pages/man2/setuid.2.html
http://pubs.opengroup.org/onlinepubs/009695399/functions/setuid.html
This difference in behaviour between Linux and the UNIX specification
was believed to have been removed in version 3.1.0 of the Linux
kernel.
https://groups.google.com/forum/?fromgroups=#!topic/linux.kernel/u6cKf4D1D-k
The issue would allow a user, where Apache is initially being
started as the root user and where running code under mod_wsgi
daemon mode as an unprivileged user, to manipulate the number of
processes run by that user to affect the outcome of setuid() when
daemon mode processes are forked and so gain escalated privileges
for the users code.
Due to the nature of the issue, if you provide a service or allow
untrusted users to run Python web applications you do not control
the code for, and do so using daemon mode of mod_wsgi, you should
update mod_wsgi as soon as possible.
Bugs Fixed
1. Python 3 installations can add a suffix to the Python library.
So instead of libpythonX.Y.so it can be libpythonX.Ym.so.
2. When using daemon mode, if an uncaught exception occurred when
handling a request, when response was proxied back via the Apache
child process, an internal value for the HTTP status line was not
cleared correctly. This was resulting in a HTTP status in response
to client of â200 Errorâ rather than â500 Internal Server Errorâ.
Note that this only affected the status line and not the actual
HTTP status. The status would still be 500 and the client would
still interpret it as a failed request.
3. Null out Apache scoreboard handle in daemon processes for Apache
2.4 to avoid process crash when lingering close cleanup occurs.
4. Workaround broken MacOS X XCode Toolchain references in Apache
apxs build configuration tool and operating system libtool script.
This means it is no longer necessary to manually go into:
Applications/Xcode.app/Contents/Developer/Toolchains
and manually add symlinks to define the true location of the compiler
tools.
Restore ability to compile mod_wsgi source code under Apache
1.3.
6. Fix checks for whether the ITK MPM is used and whether ITK MPM
specific actions should be taken around the ownership of the mod_wsgi
daemon process listener socket.
7. Fix issue where when using Python 3.4, mod_wsgi daemon processes
would actually crash when the processes were being shutdown.
8. Made traditional library linking the default on MacOS X. If
needing framework style linking for the Python framework, then use
the --enable-framework option. The existing --disable-framework
has now been removed given that the default action has been swapped
around.
New Features
1. For Linux 2.4 and later, enable ability of daemon processes to
dump core files when Apache CoreDumpDirectory directive used.
2. Attempt to log whether daemon process exited normally or was
killed off by an unexpected signal.
|
|
* Fix CVE-2014-0119
Changelog:
Tomcat 7.0.54 (violetagg)
Catalina
fix Fix custom UTF-8 decoder so that a byte of value 0xC1 is always rejected immediately as it is never valid in a UTF-8 byte sequence. Update UTF-8 decoder tests to account for UTF-8 decoding improvements in Java 8. The custom UTF-8 decoder is still required due to bugs in the UTF-8 decoder provided by Java. Java 8's decoder is better than Java 7's but it is still buggy. (markt)
fix 56027: Add more options for managing FIPS mode in the AprLifecycleListener. (schultz/kkolinko)
fix 56321: When a WAR is modified, undeploy the web application before deleting any expanded directory as the undeploy process may refer to classes that need to be loaded from the expanded directory. If the expanded directory is deleted first, any attempt to load a new class during undeploy will fail. (markt)
fix 56339: Avoid an infinite loop if an application calls session.invalidate() from the session destroyed event for that session. (markt)
update 56365: Simplify file name pattern matching code in StandardJarScanner. Ignore leading and trailing whitespace and empty strings when configuring patterns. Improve documentation. (kkolinko)
fix 56369: Ensure that removing an MBean notification listener reverts all the operations performed when adding an MBean notification listener. (markt)
add 56382: Information about finished deployment and its execution time is added to the log files. Patch is provided by Danila Galimov. (violetagg)
add 56383: Properties for disabling server information and error report are added to the org.apache.catalina.valves.ErrorReportValve. Based on the patch provided by Nick Bunn. (violetagg/kkolinko)
fix Only create XML parsing objects if required and fix associated potential memory leak in the default Servlet. (markt)
fix Modify generic exception handling so that StackOverflowError is not treated as a fatal error and can handled and/or logged as required. (markt)
fix 56409: Avoid StackOverflowError on non-Windows systems if a file named \ is encountered when scanning for TLDs. (markt)
add 56430: Extend checks for suspicious URL patterns to include patterns of the form *.a.b which are not valid patterns for extension mappings. (markt)
add Extend XML factory, parser etc. memory leak protection to cover some additional locations where, theoretically, a memory leak could occur. (markt)
fix Ensure that a TLD parser obtained from the cache has the correct value of blockExternal. (markt)
fix 56441: Raise the visibility of exceptions thrown when a problem is encountered calling a getter or setter on a component attribute. The logging level is raised from debug to warning. (markt)
fix 56451: Make resources accessed via a context alias accessible via JNDI in the same way standard resources are available. (markt)
add 56463: Property for disabling server information is added to the DefaultServlet. Server information is presented in the response sent to the client when directory listings is enabled. (violetagg)
add Add the org.apache.naming package to the packages requiring code to have the defineClassInPackage permission when running under a security manager. (markt)
add Add the org.apache.naming.resources package to the packages requiring code to have the accessClassInPackage permission when running under a security manager. (markt)
fix Make the naming context tokens for containers more robust. Require RuntimePermission when introducing a new token. (markt/kkolinko)
fix 56472: Allow NamingContextListener to clean up on stop if its start failed. (kkolinko)
add 56492: Avoid eclipse debugger pausing on uncaught exceptions when tomcat renews its threads. (slaurent)
fix Minor fixes to ThreadLocalLeakPreventionListener. Do not trigger threads renewal for failed contexts. Do not ignore threadRenewalDelay setting. Improve documentation. (kkolinko)
fix Correct regression introduced in r797162 that broke authentication of users when using the JAASMemoryLoginModule. (markt)
fix 56501: HttpServletRequest.getContextPath() should return the undecoded context path used by the user agent. (markt)
fix 56523: When using SPNEGO authentication, log the exceptions associated with failed user logins at debug level rather than error level. (markt)
fix 56536: Ensure that HttpSessionBindingListener.valueUnbound() uses the correct class loader when the SingleSignOn valve is used. (markt)
Coyote
add 56399: Assert that both Coyote and Catalina request objects have been properly recycled. (kkolinko)
fix 56416: Correct documentation for default value of socket linger for the AJP and HTTP connectors. (markt)
Jasper
fix 56334: Fix a regression in the handling of back-slash escaping introduced by the fix for 55735. (markt/kkolinko)
fix 56425: Improve method matching for EL expressions. When looking for matching methods, an exact match between parameter types is preferred followed by an assignable match followed by a coercible match. (markt)
fix Correct the handling of back-slash escaping in the EL parser and no longer require that \$ or \# must be followed by { in order for the back-slash escaping to take effect. (markt)
fix 56529: Avoid NoSuchElementException while handling attributes with empty string value in custom tags. Patch provided by Hariprasad Manchi. (violetagg)
Cluster
fix Remove cluster and replicationValve from cluster manager template. These instance are not necessary to template. (kfujino)
fix Add support for cross context session replication to org.apache.catalina.ha.session.BackupManager. (kfujino)
fix Remove the unnecessary cross context check. It does not matter whether the context that is referenced by other context is set to crossContext=true. The context that refers to the different context must be set to crossContext=true. (kfujino)
code Move to org.apache.catalina.ha.session.ClusterManagerBase common logics of org.apache.catalina.ha.session.BackupManager and org.apache.catalina.ha.session.DeltaManager. (kfujino)
code Simplify the code of o.a.c.ha.tcp.SimpleTcpCluster. In order to add or remove cluster valve to Container, use pipeline instead of IntrospectionUtils. (kfujino)
fix There is no need to set cluster instance when SimpleTcpCluster.unregisterClusterValve is called. Set null than cluster instance for cleanup. (kfujino)
code Backport refactoring of AbstractReplicatedMap to implement Map rather than extend ConcurrentHashMap to enable Tomcat 7 to be built with Java 8. (markt)
WebSocket
fix 56343: Avoid a NPE if Tomcat's Java WebSocket 1.0 implementation is used with the Java WebSocket 1.0 API JAR from the reference implementation. (markt)
fix Increase the default maximum size of the executor used by the WebSocket implementation for call backs associated with asynchronous writes from 10 to 200. (markt)
add Add a warning if the thread group created for WebSocket asynchronous write call backs can not be destroyed when the web application is stopped. (markt)
fix Ensure that threads created to support WebSocket clients are stopped when no longer required. This will happen automatically for WebSocket client connections initiated by web applications but stand alone clients must call WsWebSocketContainer.destroy(). (markt)
fix 56449: When creating a new session, add the message handlers to the session before calling Endpoint.onOpen() so the message handlers are in place should the onOpen() method trigger the sending of any messages. (markt)
fix 56458: Report WebSocket sessions that are created over secure connections as secure rather than as not secure. (markt)
fix Stop threads used for secure WebSocket client connections when they are no longer required and give them better names for easier debugging while they are running. (markt)
Web applications
fix Add Support for copyXML attribute of Host to Host Manager. (kfujino)
fix Ensure that "name" request parameter is used as a application base of host if "webapps" request parameter is not set when adding host in HostManager Application. (kfujino)
fix Correct documentation on Windows service options, aligning it with Apache Commons Daemon documentation. (kkolinko)
update 55215: Improve log4j configuration example. Clarify access logging documentation. Based on patches provided by Brian Burch. (kkolinko)
update 55383: Backport improved HTML markup for tables and code fragments from Tomcat 8 documentation. (kkolinko)
fix 56418: Ensure that the Manager web application does not report success for a web application deployment that fails. (slaurent)
fix Fix target and rel attributes on links in documentation. They were lost during XSLT transformation. (kkolinko)
update Improve valves documentation. Split valves into groups. (kkolinko)
Other
fix Align DisplayName of Tomcat installed by service.bat with one installed by the *.exe installer. Print a warning in case if neither server nor client jvm is found by service.bat. (kkolinko)
update 56363: Update to version 1.1.30 of Tomcat Native library. (schultz)
update Update package renamed Apache Commons BCEL to r1593495 to pick up some additional changes for Java 7 support and some code clean up. (markt)
add In tests: allow to configure directory where JUnit reports and access log are written to. (kkolinko)
|
|
MacOS X < 10.6 had an undocumented behavior concerning execve(2)
inside a threaded process. If a process tried to call execve(2) and
had more than one active thread, the kernel returned ENOTSUP. So we
have to either fork(2) or vfork(2) before calling execve(2) to make
sure the caller is single-threaded as otherwise the application fails
to restart itself.
|
|
Upstream changes:
5.04 2014-06-03
- Added expect_close attribute to Mojo::Content.
- Improved support for broken responses to CONNECT requests.
5.03 2014-06-02
- Fixed bug where Mojo::DOM::HTML could not handle certain broken tags.
5.02 2014-05-31
- Added multi-name support to cookie and signed_cookie methods in
Mojolicious::Controller.
- Added multi-name support to cookie and upload methods in Mojo::Message.
- Improved Mojolicious::Command::generate::plugin to use better directory
names.
- Fixed bug where Mojo::DOM::HTML could not handle tags with lots of
attributes.
5.01 2014-05-30
- Fixed continuation line handling in Mojo::Headers.
5.0 2014-05-29
- Code name "Tiger Face", this is a major release.
- Changed heuristics for number detection in Mojo::JSON to better line up
with user expectations.
- Changed lock and unlock callbacks in Mojo::IOLoop to not receive an
invocant.
- Changed return value of path_for method in Mojolicious::Routes::Match.
- Changed return value and arguments of error method in Mojo::Message.
- Removed deprecated support for "X-Forwarded-HTTPS".
- Removed return values from wait method in Mojo::IOLoop::Delay.
- Removed list context support from header method in Mojo::Headers.
- Removed generate_port method from Mojo::IOLoop.
- Replaced reserved stash value partial with render_to_string method.
- Replaced format method in Mojo::Log with an attribute.
- Replaced check_file method in Mojo::Server::Morbo with check method.
- Added with_compression method to Mojo::Transaction::WebSocket.
- Added catch method to Mojo::EventEmitter.
- Added append method to Mojo::Log.
- Updated jQuery to version 2.1.1.
- Improved Mojo::IOLoop::Delay to automatically check if the event loop is
already running.
- Improved Mojo::Parameters to consistently accept arrays.
- Improved Mojo::Collection to perform actual boolean checks. (marcus)
- Fixed Mojo::DOM::HTML to handle slashes in unquoted attribute values
correctly.
- Fixed Mojo::IOLoop::Server to work correctly with newer versions of
IO::Socket::SSL. (noxxi)
- Fixed rendering bug where rewritten arguments could not be localized.
- Fixed verification bug in Mojo::IOLoop::Server.
- Fixed path generation bug in Mojolicious::Routes::Match.
- Fixed warnings in Mojo::IOLoop::Delay.
4.99 2014-05-12
- Added support for performing blocking and non-blocking requests at the
same time with Mojo::UserAgent.
- Added nb_url method to Mojo::UserAgent::Server.
- Improved Mojo::IOLoop::Server and Mojo::Server::Daemon to be able to
listen on random ports.
|
|
|
|
A simple HTTP and REST client for Ruby, inspired by the Sinatra
microframework style of specifying actions: get, put, post, delete.
|
|
Upstream changes:
Please visit: http://support.sugarcrm.com/02_Documentation/01_Sugar_Editions/05_Sugar_Community_Edition/
|
|
|
|
------------------
* Commands that take pathspecs on the command line misbehaved when
the pathspec is given as an absolute pathname (which is a
practice not particularly encouraged) that points at a symbolic
link in the working tree.
* An earlier fix to the shell prompt script (in contrib/) for using
the PROMPT_COMMAND interface did not correctly check if the extra
code path needs to trigger, causing the branch name not to appear
when 'promptvars' option is disabled in bash or PROMPT_SUBST is
unset in zsh.
|
|
Add missing php module zlib
Update minimum php version to 5.4.4
Upstream changes:
Please visiti: http://docs.moodle.org/27/en/New_features
|
|
|
|
perl>=5.19.1 contains Module::Build>=0.4004
|
|
|
|
A flexible & capable API layer for Django.
Creating delicious APIs for Django apps since 2010.
|
|
|
|
A Python library to aid in implementing HTTP Digest Authentication.
This is the python 3.x-only version of the package. See www/py-python-digest
for the python 2.x version.
|
|
A Python library to aid in implementing HTTP Digest Authentication.
This is the python 2.x-only version of the package. See www/py-python3-digest
for the python 3.x version.
|
|
|
|
A module provides basic functions for parsing mime-type names and matching them
against a list of media-ranges.
This module provides basic functions for handling mime-types. It can handle
matching mime-types against a list of media-ranges. See section 14.1 of the HTTP
specification [RFC 2616] for a complete explanation:
http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.1
Contents:
* parse_mime_type(): Parses a mime-type into its component parts.
* parse_media_range(): Media-ranges are mime-types with wild-cards and a "q"
quality parameter.
* quality(): Determines the quality ("q") of a mime-type when compared against
a list of media-ranges.
* quality_parsed(): Just like quality() except the second parameter must be
pre-parsed.
* best_match(): Choose the mime-type with the highest quality ("q") from a list
of candidates.
|
|
explicit request a while back. (But use the current version.)
PR 48845.
I don't remember the PR number for the original request but it can be
tracked down if necessary.
|
|
Something should be adjusted in "make print-PLIST" target?
|
|
Changes noted in Changes.md:
0.6.1 (2014-05-07)
------------------
* Fix request `Content-Length` calculation for Unicode (@challengeechallengee)
* Add `Response#flush` (@ixti)
* Fix `Response::Body#readpartial` default size (@hannesg, @ixti)
* Add missing `CRLF` for chunked bodies (@hannesg)
* Fix forgotten CGI require (@ixti)
* Improve README (@tarcieri)
0.6.0 (2014-04-04)
------------------
* Rename `HTTP::Request#method` to `HTTP::Request#verb` (@krainboltgreene)
* Add `HTTP::ResponseBody` class (@tarcieri)
* Change API of response on `HTTP::Client.request` and "friends" (`#get`, `#post`, etc) (@tarcieri)
* Add `HTTP::Response#readpartial` (@tarcieri)
* Add `HTTP::Headers` class (@ixti)
* Fix and improve following redirects (@ixti)
* Add `HTTP::Request#redirect` (@ixti)
* Add `HTTP::Response#content_type` (@ixti)
* Add `HTTP::Response#mime_type` (@ixti)
* Add `HTTP::Response#charset` (@ixti)
* Improve error message upon invalid URI scheme (@ixti)
* Consolidate errors under common `HTTP::Error` namespace (@ixti)
* Add easy way of adding Authorization header (@ixti)
* Fix proxy support (@hundredwatt)
* Fix and improve query params handing (@jwinter)
* Change API of custom MIME type parsers (@ixti)
* Remove `HTTP::Chainable#with_response` (@ixti)
* Remove `HTTP::Response::BodyDelegator` (@ixti)
* Remove `HTTP::Response#parsed_body` (@ixti)
* Bump up input buffer from 4K to 16K (@tarcieri)
(Note version 0.5.1 is a maintenance branch and released after 0.6.1)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Upstream changes:
1.22.7
== Security ==
* (bug 65501) SECURITY: Don't parse usernames as wikitext on
Special:PasswordReset.
== Bugfixes in 1.22.7 ==
* (bug 36356) Add space between two feed links.
* (bug 63269) Email notifications were not correctly handling the
[[MediaWiki:Helppage]] message being set to a full URL. This is a regression
from the 1.22.5 point release, which made the default value for it a URL.
If you customized [[MediaWiki:Enotif body]] (the text of email notifications),
you'll need to edit it locally to include the URL via the new variable
$HELPPAGE instead of the parser functions fullurl and canonicalurl; otherwise
you don't have to do anything.
* Add missing uploadstash.us_props for PostgreSQL.
* (bug 56047) Fixed stream wrapper in PhpHttpRequest.
|
|
|
|
split off into its own module in 4.0.
Bump PKGREVISION.
|
