| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
This release fixes heap-use-after-free bug in idle stream handling code. We strongly recommend to upgrade the older installation to this latest version as soon as possible. Other than that we have minor polish up in libnghttp2 code base, and some new features to asio library, and h2load.
|
|
before committing it.
|
|
2015-12-21 b1ca8df [RELEASE] Release of TYPO3 6.2.17 (TYPO3 Release Team)
2015-12-18 2c7781e #72322 [BUGFIX] Prevent Javascript error for Flexform sections (Oliver Hader)
2015-12-17 b2b531c #72273 [!!!][BUGFIX] Severe data-loss on workspaces publishing action (Oliver Hader)
2015-12-17 f1c4c17 #72285 [BUGFIX] DBAL: use correct default value for native connection (Melanie Kalka)
2015-12-17 dc0134b #72291 [TASK] Extend workspace functional tests on placeholder deletion (Oliver Hader)
2015-12-17 bfa250a #72252 [BUGFIX] substituteMarkerArrayCached() must accept special chars (Markus Klein)
2015-12-17 5c14b25 #72289 [BUGFIX] Missing check before foreach loop (Oliver Hader)
2015-12-17 e6bee88 #72265 [BUGFIX] Disclose exceptions on CLI in production context (Helmut Hummel)
2015-12-16 cc59676 #72256 [TASK] Provide labels for all log types (Anja Leichsenring)
2015-12-16 2b1e896 #72263 [BUGFIX] Empty row in table content element shows (Wouter Wolters)
|
|
Upstream changes:
MediaWiki 1.26.2
This is a maintenance release of the MediaWiki 1.26 branch.
Changes since 1.26.1
(bug T121892) Various special pages resulted in fatal errors.
|
|
* Remove databases/php-mysql dependency, it is not used
Changelog:
Version 8.2.2 December 22 2015
Sharing improvements
Passing an empty base in this diagnosis call will not result in LDAP errors
Send sharing link to more than one recipient
Cannot share at all when share with link is disabled globally
Delete share hotspot not wide enough
Can't access a shared folder on external storage
Fix S2S error handling, making WebDAV work and get rid of undeletable files
Files/folders created while the users group was included in 'Exclude groups from sharing' cannot be shared even if the group is removed from the excluded groups.
"unshare" action should be called "unshare" in the action menu and not "delete"
Fix shared files of deleted users, detect DN change when checking for existence on LDAP
Etag isn't propagated to the root of the share owner if the file is uploaded to a group reshare
Empty etag after moving shared file into a commonly received share
The ajax code path unshares a link share when updating the password
Other fixes
MySQL file socket not working during initial setup
Multiple PUT requests to new DAV backend results in locked file
Dont output paths in scan.php
Activity oracle sql error for favorites
Check the expiration date for null
Stray locks not being cleaned: server replied: Locked
Login attributes tab. Other attributes combobox does not keep the selection if the users click away
Fix trashbin wrapper when no user is logged in
Handle non existing files in version previews
Properly preserve home folder naming enforcement setting
User details not saved unless click Enter
User management: Password change error display behavior
Add listener for URL change and then close the PDF viewer - files_pdfviewer
Remove white area below pdf viewer on public page - files_pdfviewer
Unable to move /srv/http/owncloud/_oc-upgrade/8.2.1.4/core/resources to /srv/http/owncloud/resources - updater
Fix minification quirks - updater
Accessibility Bug for 8.2 UI
Several UI improvements
Security improvements
Many small improvements
Version 8.2.1 November 18 2015
Sharing improvements:
Show path to file in error message about sharing with owner
Replaced error numbers with details in the sharing error message
Fix pagination on public link share page
Deal with NoUserException in sharing code
Fix cannot change share info after switching sections
Fix changing expiration date of shared link breaks password
Various other fixes
Performance improvements:
Optimize multiple shared locks for a single process
Don't lock if we're only reading cache metadata
Escape like parameter in cache operations
Storage improvements:
Improve dealing with Dropbox and Google Drive
Moving files makes them disappear (SWIFT object store)
Transactional file locking database backend warning is only shown when there is another warning.
Don't lock /$user/files
Include the final update in the transaction when moving a folder in the cache
WebDAV MOVE on a non existing file results in Internal Server Error #20069
Catch all exception if table doesn't exist #19884 #19893
Various other objectstore fixes
Usability and UI:
Made error message about file not found more specific in federated sharing
Improved CSS, fonts, text color on various buttons, login screen, menu and settings
Hide strength indication after password change and hide notifications after time-out or on delete
Fixes to inconsistent language and translation support, show language code for unknown languages
Fix icons for share/public folders, fix spinner positions in share tab
Close user menu when clicking on other menus
Sidebar fixes and hiding sidebar for trashbin view
Move alt text for favorite action to image
Sidebar should not open, when renaming a file on mobile
Do not register sidebar panels when no sidebar
Update process: state which step we are going to start and warn if it might be slow
User Management and LDAP fixes:
LDAP fixes for quota, user mapper, initial user creation and connectivity
Fix group admin settings, group assignment when group name is a number
Enable proper CardDAV cookie authentication
Documentation, reliability and stability fixes:
Expose syslog tag in the configuration
Update list of deprecated methods (documentation)
Fixes to text editor
Fixes to activity app
Create several repair steps in update process to clean up shares
Update certificate bundle
Fix multiple issues for IE 8 and 9
Memcache warning with memcached
Fix File versioning with encryption
Update the unencrypted size for versions
Fix mtime PROPPATCH to be "lastmodified" instead of "getlastmodified"
Make sure that remote shares use the correct uid casing
Variables don't have a class, so we can't use toString() on it
Use IRequest's `getScriptName` functionality instead of $_SERVER
Don't trigger the scroll event of every single item we filter in the file list
|
|
|
|
|
|
Changelog:
Tomcat 8.0.30 (markt)
Catalina
Fix: 34319: Only load those keys in StoreBase.processExpire from JDBCStore, that are old enough, to be expired. Based on a patch by Tom Anderson. (fschumacher)
Add: 56917: As per RFC7231 (HTTP/1.1), allow HTTP/1.1 and later redirects to use relative URIs. This is controlled by a new attribute useRelativeRedirects on the Context and defaults to true. (markt)
Fix: 58629: Allow an embedded Tomcat instance to start when the Service has no Engine configured. (markt)
Fix: 58635: Enable break points to be set within agent code when running Tomcat with a Java agent. Based on a patch by Huxing Zhang. (markt)
Fix: 58660: Correct a regression in 8.0.29 caused by the change that moved the redirection for context roots from the Mapper to the Default Servlet. (markt)
Fix: Fixed potential NPE in HostConfig while deploying an application. Issue reported by coverity scan. (violetagg)
Fix: 58655: Fix an IllegalStateException when calling HttpServletResponse.sendRedirect() with the RemoteIpFilter. This was caused by trying to correctly generate the absolute URI for the redirect. With the fix for 56917, redirects may now be relative making the sendRedirect() implementation for the RemoteIpFilter much simpler. This also addresses issues where the redirect may not have behaved as expected when redirecting from http to https to from https to http. (markt)
Fix: 58657: Exceptions in a Servlet 3.1 ReadListener or WriteListener do not need to be immediately fatal to the connection. Allow an error response to be written. (markt)
Coyote
Fix: Improve upgrade context classloader handling by using Context.bind and unbind. (remm)
Jasper
Fix: 57136#c25: Change default value of quoteAttributeEL setting in Jasper to be true for better compatibility with other implementations and older versions of Tomcat (8.0.26/7.0.64 and earlier). Add command line option -no-quoteAttributeEL in JspC. (kkolinko)
Cluster
Fix: Fix potential integer overflow in DeltaSession. Reported by coverity scan. (fschumacher)
WebSocket
Add: 55006: The WebSocket client now honors the java.net.java.net.ProxySelector configuration (using the HTTP type) when establishing WebSocket connections to servers. Based on a patch by Niki Dokovski. (markt)
Fix: 58624: Correct a thread safety issue that meant that blocking message writes could block indefinitely if the WebSocket connection was closed while a message write was in progress. (markt)
Web Applications
Fix: 58631: Correct the continuation character use in the Windows Service How-To page of the documentation web application. (markt)
Tribes
Fix: Ensure that the static member is registered to the add suspect list even if the static member that is registered to the remove suspect list has disappeared. (kfujino)
Fix: Correct the warning log of when the member that is not registered in the membership is detected. (kfujino)
Fix: When using a static cluster, add the members that have been cached in the membership service to the map members list in order to ensure that the map member is a static member. (kfujino)
jdbc-pool
Fix: Correct evaluation of system property org.apache.tomcat.jdbc.pool.onlyAttemptCurrentClassLoader. It was basically ignored before. Reported by coverity scan. (fschumacher)
Fix: Fix potential integer overflow in ConnectionPool and PooledConnection. Reported by coverity scan. (fschumacher)
Other
Update: Update optional Checkstyle library to 6.13. (kkolinko)
2015-11-24 Tomcat 8.0.29 (markt)
General
Update: 58596: Clarify the description in RUNNING.txt of how environment variables are used. (markt)
Catalina
Add: Extend the fix for 57136 to provide a JSP Servlet initialisation parameter per web application that controls whether or not EL in JSP attributes is processed as if it uses JSP attribute quoting. By default, EL does not use JSP attribute quoting. (markt)
Fix: 57799: InputStream.available() was causing an IO operation to occur even in blocking mode, which caused problems with NIO2. (remm)
Add: Extend the fix for 58228 to include ServletContext.getRealPath(). (markt)
Add: 58486: Protect against two further possible memory leaks associated with XML parsing. (markt)
Fix: 58490: Fixed NPE thrown when scanning for javax.servlet.ServletContainerInitializer in case the web application is not extracted. (violetagg)
Code: 58497: Make AbstractHttp11Processor easy to extend. (markt)
Fix: 58508: Escape role names when generating associated MBeans in case the role name contains characters not permitted in an MBean name. (markt)
Fix: 58518: Correct a regression in the fix for 56777 that added support for URIs in config file locations. File paths on Windows could previously be specified with \ or / as the separator. 56777 broke that. (markt)
Fix: 58519: Fix ISE thrown by web application classloader in some error conditions due to trying to call initCause() on a ClassNotFoundException which is not permitted. (markt)
Fix: 58534: Removed repeated conditional tests in o.a.tomcat.websocket.pojo.PojoMethodMapping and o.a.tomcat.util.net.AprEndpoint Patch provided by Anthony Whitford. (violetagg)
Fix: 58535: Use Collections.reverseOrder when a reverse ordering is needed. (violetagg)
Fix: 58537, 58546: Some of the inner classes in o.a.catalina.valves.ExtendedAccessLogValve and o.a.tomcat.util.net.SecureNio2Channel are made static. Patch provided by Anthony Whitford. (violetagg)
Fix: 58540: Removed unused code from o.a.catalina.connector.Request. Patch provided by Anthony Whitford. (violetagg)
Fix: 58541, 58544: It is more efficient to call Integer.toString(int) instead of Integer.valueOf(int).toString() when only a string representation of a primitive is needed. Based on a patch provided by Anthony Whitford. (violetagg)
Fix: 58541, 58547: It is more efficient to call valueOf(...) instead of Number constructor. Based on a patch provided by Anthony Whitford. (violetagg)
Fix: 58545: In some use cases it is more efficient to use Map.entrySet() instead of Map.keySet() Based on a patch provided by Anthony Whitford. (violetagg)
Fix: Ensure that ServletRequest.getContentLengthLong is used instead of ServletRequest.getContentLength for servlets and valves provided by Tomcat. The API is available since Servlet specification 3.1. (violetagg)
Add: Add a new RestCsrfPreventionFilter that provides basic CSRF protection for REST APIs. (violetagg)
Fix: 58578: Avoid NPE accessing cookies during access logging for request that had no context mapping. (remm)
error page fails, fall back to the standard error page rather than throwing an NPE. Based on a patch by Huxing Zhang. (markt)
Fix: 58582: Combined realm should perform background processing on its sub-realms. Based upon a patch provided by Aidan. (schn additional check that a client provided session ID is in use in at least one other web application before allowing it to be used as the ID for a new session in the current web application. (markt)
Add: Add support for DIGEST authentication to the JN
Fix: Ensure that in an embedded Tomcat the logging configuration is not lost during garbage collection. (violetagg)
Add: Move the functionality that provides redirects for context roots and directories where a trailing / is added from the Mapper to the DefaultServlet. This enables such requests to be processed by any configured Valves and Filters before the redirect is made. This behaviour is configurable via the mapperContextRootRedirectEnabled and mapperDirectoryRedirectEnabled attributes of the Context which may be used to restore the previous behaviour. (markt)
Coyote
Fix: Cancel pending blocking IO operation following a timeout in the NIO2 connector. (remm)
Fix: Add instance manager support for upgrade handlers, and set context class loader. (remm)
Update: Synchronize OpenSSL to JSSE cipher mapping to recent OpenSSL changes. In particular, TLSv1.0 is now an alias for those ciphers that require TLSv1 and will not work with SSLv3. TLSv1 remains an alias for SSLv3. (markt)
Jasper
Add: Deprecate the STRICT_QUOTE_ESCAPING system property and replace it with an initialisation parameter for the JSP Servlet. This enables per web application control of this configuration setting. (markt)
Cluster
Fix: Optimize the session lock range in DeltaManager.requestCompleted. (kfujino)
Fix: Enable an explicit configuration of local member in the static cluster membership. (kfujino)
Tribes
Code: Distinguish the handling of the shutdown payload and member verification clearly. When handling shutdown payload, verification completion message is not required. (kfujino)
Fix: When starting the StaticMembershipInterceptor, StaticMembershipInterceptor checks the required Interceptors. If the required Interceptor does not exist, it issues warning logs. (kfujino)
WebSocket
Fix: Use instance manager for server endpoint instances. (remm)
Web applications
Add: Make it clear in the documentation for the CGI servlet that the debug page is not considered secure and should not be used in production. (markt)
Fix: The domain attribute of StaticMember is not required but optional. (kfujino)
jdbc-pool
Fix: 58489: Correct QueryStatsComparator to hold up the general contract for Comparator. (fschumacher)
Fix: When creating a QueryStats object, ensure that maxQueries is checked. If maxQueries is a value less than or equal to 0, QueryStats are never created. (kfujino)
Other
Update: Update optional Checkstyle library to 6.12.1. (kkolinko)
Add: Add support for creating a FindBugs report when building Tomcat. It is disabled by default. (violetagg)
2015-10-12 Tomcat 8.0.28 (markt)
Catalina
Add: Add support for the custom classpath protocol in URLs. It an be used anywhere Tomcat accepts a URL for a configuration parameter. (markt)
Fix: 56777: Allow file based configuration resources (user database, certificate revocation lists, keystores and trust stores) to be configured using URLs as well as files. (markt)
Fix: Perform null-checking on input and stored credentials in all Realms before passing credentials off to CredentialHandlers for matching. (schultz)
Coyote
Update: Add the new ciphers from RFC6655 and RFC7251 to the OpenSSL to JSSE cipher mapping. (markt)
Update: Remove DES, RC2 and RC4 from DEFAULT for the OpenSSL to JSSE cipher mapping to align with the OpenSSL development branch. (markt)
Jasper
Fix: Improve the error message when JSP parser encounters an error parsing an attribute value. (markt)
Web applications
Update: 58474: Provide a reference to the differences between CATALINA_HOME and CATALINA_BASE in the sample application that is part of the documentation web application. (markt)
Extras
Fix: Ensure JULI adapters does not include the LogFactoryImpl class. Patch provided by Benjamin Gandon. (markt)
2015-10-01 Tomcat 8.0.27 (markt)
Catalina
Fix: 58187: Correct a regression in the fix for 57765 that meant that deployment of web applications deployed via the Manager application was delayed until the next execution of the automatic deployment background process. (markt)
Fix: 58284: Correctly implement session serialization so non-serializable attributes are skipped with a warning. Patch provided by Andrew Shore. (markt)
Fix: 58313: Fix concurrent access of encoders map when clearing encoders prior to switch to async. (markt)
Fix: 58320: Fix concurrent access of request attributes which is possible during asynchronous processing. (markt)
Fix: 58352: Always trigger a thread dump if Tomcat fails to stop gracefully from catalina.sh even if using -force. Patch provided by Alexandre Garnier. (markt)
Fix: 58368: Fix a rare data race in the code that obtains the ApplicationFilterFactory instance. (markt)
Fix: 58369: Fix a rare data race in the code that obtains the CookieProcessor for a StandardContext instance. (markt)
Fix: Ensure the JAASRealm uses the configured CredentialHandler. (markt)
Fix: 58372: Fix rare data races closed and suspended flags that could be triggered by async and/or comet processing. (markt)
Fix: 58373: Fix rare data race with the application event listeners for StandardContext. (markt)
Fix: 58374: Fix a rare data race in the AsyncContext implementation for access to the internal Tomcat request object to which it holds a reference. (markt)
Fix: 58380: Fix two rare data races in the standard session implementation on the flag that tracks if the session is new and on the field that tracks the maximum inactive period. (markt)
Fix: 58385: Fix a rare data race in the internal flag Tomcat uses to keep track of whether or not a request is being used for Comet processing. (markt)
Fix: 58394: Fix a rare data race in Mapper when adding or removing a host. (markt)
Fix: 58398: Fix a rare data race in LifecycleSupport. (markt)
Fix: 58412: Ensure that the AsyncFileHandler has the source class and method name available for logging. (fschumacher)
Fix: 58416: Correctly detect when a forced stop fails to stop Tomcat because the Tomcat process is waiting on some system call or is uninterruptible. (markt)
Fix: 58436: Fix some rare data races in JULI's ClassLoaderLogManager during shutdown. (markt)
Fix: 58845: Fix off-by one error in calculation of valid characters in a cookie domain. Patch provided by Thorsten Ehlers. (markt)
Coyote
Fix: Correct some edge cases in RequestUtil.normalize(). (markt)
Fix: 58275: The IBM JREs accept cipher suite names starting with TLS_ or SSL_ but when listing the supported cipher suites only the SSL_ version is reported. This can break Tomcat's check that at least one requested cipher suite is supported. Tomcat now includes a work-around so either form of the cipher suite name can be used when running on an IBM JRE. (markt)
Fix: 58357: For reasons not currently understood when the APR/native connector is used with OpenSSL reads can return an error code when there is no apparent error. This was work-around for HTTP upgrade connections by treating this as EAGAIN. The same fix has now been applied to the standard HTTP connector. (markt)
Code: Minor clean-up in NIO2 SSL handshake code to address some theoretical concurrency issues. (markt)
Fix: 58367: Fix a rare data race in the code that obtains the reason phrase for a given HTTP response code. (markt)
Fix: 58370: Fix a rare data race in the connector shutdown code. (markt)
Fix: 58371: Fix a rare data race when accessing request URI in String form when switching from non-async to async due to early triggering of the gathering of request statistics. (markt)
Fix: 58375: Fix a rare data race on the internal flag Tomcat uses to mark a response as committed. (markt)
Fix: 58377: Fix a rare data race on the internal flag Tomcat uses to mark a request as using HTTP keep-alive when switching to asynchronous processing. (markt)
Fix: 58379: Fix a rare data race on the internal reference Tomcat retains to the socket when switching to asynchronous processing. (markt)
Fix: 58387: Fix a rare data race when closing Comet connections. (markt)
Fix: 58388: Fix a data race when determining if Comet processing is occurring on a container or non-container thread. (markt)
Fix: 58389: Fix a rare data race while shutting down the thread pools on Connector stop. (markt)
Code: Clean up use of error flag on socket wrapper prompted by 58390. (markt)
Code: Remove some unnecessary code from the NIO Poller and fix 58396 as a side-effect. (markt)
Fix: 57799: Remove useless sendfile check for NIO SSL. (remm)
Jasper
Fix: 57136: Correct a regression in the previous fix for this issue. \${ should only be an escape for ${ within an EL expression. Within a JSP page \$ should be an escape for $. The EL specification applies when parsing the expression delimited by ${ and }. Parsing of the delimiting ${ and } is the responsibility of the JSP specification. (markt)
Fix: 58296: Fix a memory leak in the JSP unloading feature that meant that using a value other than -1 for maxLoadedJsps triggered a memory leak once the limit was reached. (markt)
Fix: 58327: Cache the expression string for value expression literals since it is frequently used and may be expensive to evaluate. Patch provided by Andreas Kohn. (markt)
Fix: 58340: Improve error reporting for tag files packaged in JARs. (markt)
Fix: 58424: When parsing TLD files, allow whitespace around boolean configuration values. (schultz)
Fix: Fix a possible resource leak reported by coverity scan. (fschumacher)
Fix: 58427: Enforce the JSP specification defined limitations of which elements are allowed in an implicit.tld file. (markt)
Fix: 58444: Ensure that JSPs work with any custom base class that meets the requirements defined in the JSP specification without requiring that base class to implement Tomcat specific code. (markt)
Cluster
Fix: Fix a default clusterListeners in SimpleTcpCluster. The optimal default value is different for each session manager. ClusterSessionListener is never used in BackupManager. (kfujino)
Fix: Correct log messages in case of using BackupManager. (kfujino)
WebSocket
Fix: 58342: Fix a copy and paste error that meant MessageHandler removal could fail for binary and pong MessageHandlers. Patch provided by DJ. (markt)
Fix: Data races detected by RV-Predict, mostly caused by completion handlers running in separate threads. (markt)
Fix: 58414: Correctly handle sending zero length messages when using per message deflate. (markt)
Web applications
Fix: Correct documentation for cluster-howto. (kfujino)
Fix: Add missing documentation for property alwaysAddExpires for the LegacyCookieProcessor. (markt)
Tribes
Add: Add support for configurations of ChannelListener and MembershipListener in server.xml. (kfujino)
Fix: Correct log messages in case of using ReplicatedMap. (kfujino)
Fix: 58381: Fix a rare data race in the NioReceiver. (markt)
Fix: 58382: Fix multiple rare data races in the default membership implementation. (markt)
Fix: 58383: Fix a data race in SenderState. (markt)
Fix: 58386: Fix a data race in ObjectReader. (markt)
Fix: 58391: Fix multiple data races in NonBlockingCoordinator, most of which were associated with ensuring that log messages contained the correct information. (markt)
Fix: 58392: Fix a data race in DomainFilterInterceptor. (markt)
Fix: 58393: Fix a data race on the listener in McastService. (markt)
Fix: 58395: Fix multiple data races in MemberImpl that were likely to cause issues if certain properties were updated concurrently (such updates are unlikely in normal usage). (markt)
Code: Remove some unnecessary code from PooledParallelSender and fix 58397. (markt)
jdbc-pool
Fix: Make sure the pool has been properly configured when attributes that related to the pool size are changed via JMX. (kfujino)
Other
Fix: Ensure logging works for all tests in a class rather than just the first one executed. (markt)
Add: 58344: Add build properties to enable tests to be executed against alternative binaries. Based on a patch by Petr Sumbera. (markt)
|
|
Changelog:
Tomcat 7.0.67 (violetagg)
Catalina
add 56917: As per RFC7231 (HTTP/1.1), allow HTTP/1.1 and later redirects to use relative URIs. This is controlled by a new attribute useRelativeRedirects on the Context and defaults to true. (markt)
fix 58660: Correct a regression in 7.0.66 caused by the change that moved the redirection for context roots from the Mapper to the Default Servlet. (markt)
fix Fixed potential NPE in HostConfig while deploying an application. Issue reported by coverity scan. (violetagg)
fix 58655: Fix an IllegalStateException when calling HttpServletResponse.sendRedirect() with the RemoteIpFilter. This was caused by trying to correctly generate the absolute URI for the redirect. With the fix for 56917, redirects may now be relative making the sendRedirect() implementation for the RemoteIpFilter much simpler. This also addresses issues where the redirect may not have behaved as expected when redirecting from http to https to from https to http. (markt)
WebSocket
fix 58658: Correct a regression in 7.0.66 that prevented Tomcat from starting on Java 6 unless the WebSocket JARs (that require Java 7) were removed. (markt)
Web Applications
add Add a description of the default value of heartbeatSleeptime attribute and optionCheck attribute in the cluster channel docs. (kfujino)
Tribes
fix Fix potential NPE in AbstractReplicatedMap.breakdown(). (kfujino)
Tomcat 7.0.66 (violetagg) not released
General
update 58596: Clarify the description in RUNNING.txt of how environment variables are used. (markt)
Catalina
fix 34319: Only load those keys in StoreBase.processExpire from JDBCStore, that are old enough, to be expired. Based on a patch by Tom Anderson. (fschumacher)
fix 56777: Allow file based configuration resources (user database, certificate revocation lists, keystores and trust stores) to be configured using URLs as well as files. Back-port provided by Huxing Zhang. (markt/violetagg)
add 57741: Enable the CGI servlet to use the standard error page mechanism. Note that if the CGI servlet's debug init parameter is set to 10 or higher then the standard error page mechanism will be bypassed and a debug response generated by the CGI servlet will be returned instead. (markt)
add 58486: Protect against two further possible memory leaks associated with XML parsing. (markt)
code 58497: Make AbstractHttp11Processor easy to extend. (markt)
fix 58508: Escape role names when generating associated MBeans in case the role name contains characters not permitted in an MBean name. (markt)
fix 58522: Fixed concurrency issue when iterating web application's resources. (violetagg)
fix 58534: Removed repeated conditional tests in o.a.tomcat.websocket.pojo.PojoMethodMapping and o.a.tomcat.util.net.AprEndpoint Patch provided by Anthony Whitford. (violetagg)
fix 58535: Use Collections.reverseOrder when a reverse ordering is needed. (violetagg)
fix 58537: Some of the inner classes in o.a.catalina.valves.ExtendedAccessLogValve are made static. Patch provided by Anthony Whitford. (violetagg)
fix 58540: Removed unused code from o.a.catalina.connector.Request. Patch provided by Anthony Whitford. (violetagg)
fix 58541, 58544: It is more efficient to call Integer.toString(int) instead of Integer.valueOf(int).toString() when only a string representation of a primitive is needed. Based on a patch provided by Anthony Whitford. (violetagg)
fix 58541, 58547: It is more efficient to call valueOf(...) instead of Number constructor. Based on a patch provided by Anthony Whitford. (violetagg)
fix 58545: In some use cases it is more efficient to use Map.entrySet() instead of Map.keySet() Based on a patch provided by Anthony Whitford. (violetagg)
add Add a new RestCsrfPreventionFilter that provides basic CSRF protection for REST APIs. (violetagg)
fix 58581: If a custom error page fails, fall back to the standard error page rather than throwing an NPE. Based on a patch by Huxing Zhang. (markt)
fix 58582: Combined realm should perform background processing on its sub-realms. Based upon a patch provided by Aidan. (kkolinko)
fix Handle the unlikely case where different versions of a web application are deployed with different session settings. (markt)
add Add a new Context option, enabled by default, that enables an additional check that a client provided session ID is in use in at least one other web application before allowing it to be used as the ID for a new session in the current web application. (markt)
add Add support for DIGEST authentication to the JNDIRealm. Based on a patch by Alexis Hassler. (markt)
fix 58603: Ensure that HttpServletRequest.getRequestURL() returns the correct value when using the RemoteIpFilter. (markt)
fix Ensure that in an embedded Tomcat the logging configuration is not lost during garbage collection. (violetagg)
add Move the functionality that provides redirects for context roots and directories where a trailing / is added from the Mapper to the DefaultServlet. This enables such requests to be processed by any configured Valves and Filters before the redirect is made. This behaviour is configurable via the mapperContextRootRedirectEnabled and mapperDirectoryRedirectEnabled attributes of the Context which may be used to restore the previous behaviour. (markt)
fix 58635: Enable break points to be set within agent code when running Tomcat with a Java agent. Based on a patch by Huxing Zhang. (markt)
Jasper
fix 57136#c25: Implement a setting that controls what quoting rule is used when parsing EL expressions in attributes on a JSP page (chapter JSP.1.6 of specification). The setting name is quoteAttributeEL and it is configured as initialisation parameter of JSP Servlet (per web application configuration is possible) and as a command line option for JspC. The default value was changed to true, which restores behaviour implemented in Tomcat 7.0.64. It means that attribute quoting is applied on top of EL quoting. This provides better compatibility with older versions of Tomcat and other implementations. (kkolinko)
Cluster
fix Optimize the session lock range in DeltaManager.requestCompleted. (kfujino)
fix Enable an explicit configuration of local member in the static cluster membership. (kfujino)
fix Fix potential integer overflow in DeltaSession. Reported by coverity scan. (fschumacher)
Tribes
code Distinguish the handling of the shutdown payload and member verification clearly. When handling shutdown payload, verification completion message is not required. (kfujino)
fix When starting the StaticMembershipInterceptor, StaticMembershipInterceptor checks the required Interceptors. If the required Interceptor does not exist, it issues warning logs. (kfujino)
fix Ensure that the static member is registered to the add suspect list even if the static member that is registered to the remove suspect list has disappeared. (kfujino)
fix Correct the warning log of when the member that is not registered in the membership is detected. (kfujino)
fix When using a static cluster, add the members that have been cached in the membership service to the map members list in order to ensure that the map member is a static member. (kfujino)
WebSocket
fix Use instance manager for server endpoint instances. (remm)
add 55006: The WebSocket client now honors the java.net.java.net.ProxySelector configuration (using the HTTP type) when establishing WebSocket connections to servers. Based on a patch by Niki Dokovski. (markt)
fix 58624: Correct a thread safety issue that meant that blocking message writes could block indefinitely if the WebSocket connection was closed while a message write was in progress. (markt)
Web applications
add Make it clear in the documentation for the CGI servlet that the debug page is not considered secure and should not be used in production. (markt)
fix The domain attribute of StaticMember is not required but optional. (kfujino)
fix 58631: Correct the continuation character use in the Windows Service How-To page of the documentation web application. (markt)
jdbc-pool
fix 58489: Correct QueryStatsComparator to hold up the general contract for Comparator. (fschumacher)
fix When creating a QueryStats object, ensure that maxQueries is checked. If maxQueries is a value less than or equal to 0, QueryStats are never created. (kfujino)
fix Fix potential integer overflow in ConnectionPool and PooledConnection. Reported by coverity scan. (fschumacher)
Tomcat 7.0.65 (violetagg) released 2015-10-19
Catalina
add 57681: Add a web application class loader implementation that supports the parallel loading of web application classes. Use of this feature requires a Java 7 or later JRE. Based on a patch by Huxing Zhang. (markt)
fix 58187: Correct a regression in the fix for 57765 that meant that deployment of web applications deployed via the Manager application was delayed until the next execution of the automatic deployment background process. (markt)
fix 58284: Correctly implement session serialization so non-serializable attributes are skipped with a warning. Patch provided by Andrew Shore. (markt)
fix 58313: Fix concurrent access of encoders map when clearing encoders prior to switch to async. (markt)
fix 58320: Fix concurrent access of request attributes which is possible during asynchronous processing. (markt)
code In preparation for implementing enhancement 57681, replace the use of the StandardClassLoader with URLClassLoader. This removes the server class loader from JMX. (markt)
fix 58352: Always trigger a thread dump if Tomcat fails to stop gracefully from catalina.sh even if using -force. Patch provided by Alexandre Garnier. (markt)
fix 58416: Correctly detect when a forced stop fails to stop Tomcat because the Tomcat process is waiting on some system call or is uninterruptible. (markt)
fix 58436: Fix some rare data races in JULI's ClassLoaderLogManager during shutdown. (markt)
Coyote
fix Correct some edge cases in RequestUtil.normalize(). (markt)
fix 58275: The IBM JREs accept cipher suite names starting with TLS_ or SSL_ but when listing the supported cipher suites only the SSL_ version is reported. This can break Tomcat's check that at least one requested cipher suite is supported. Tomcat now includes a work-around so either form of the cipher suite name can be used when running on an IBM JRE. (markt)
fix 58357: For reasons not currently understood when the APR/native connector is used with OpenSSL reads can return an error code when there is no apparent error. This was work-around for HTTP upgrade connections by treating this as EAGAIN. The same fix has now been applied to the standard HTTP connector. (markt)
fix 57799: Remove useless sendfile check for NIO SSL. (remm)
Jasper
fix 57136: Correct a regression in the previous fix for this issue. \${ should only be an escape for ${ within an EL expression. Within a JSP page \$ should be an escape for $. The EL specification applies when parsing the expression delimited by ${ and }. Parsing of the delimiting ${ and } is the responsibility of the JSP specification. (markt)
fix 58296: Fix a memory leak in the JSP unloading feature that meant that using a value other than -1 for maxLoadedJsps triggered a memory leak once the limit was reached. (markt)
fix 58340: Improve error reporting for tag files packaged in JARs. (markt)
fix 58444: Ensure that JSPs work with any custom base class that meets the requirements defined in the JSP specification without requiring that base class to implement Tomcat specific code. (markt)
Cluster
fix Fix a default clusterListeners in SimpleTcpCluster. The optimal default value is different for each session manager. ClusterSessionListener is never used in BackupManager. (kfujino)
fix Correct log messages in case of using BackupManager. (kfujino)
WebSocket
fix 58342: Fix a copy and paste error that meant MessageHandler removal could fail for binary and pong MessageHandlers. Patch provided by DJ. (markt)
fix 58414: Correctly handle sending zero length messages when using per message deflate. (markt)
Web applications
fix Correct documentation for cluster-howto. (kfujino)
Extras
fix Ensure JULI adapters does not include the LogFactoryImpl class. Patch provided by Benjamin Gandon. (markt)
Tribes
add Add support for configurations of ChannelListener and MembershipListener in server.xml. (kfujino)
fix Correct log messages in case of using ReplicatedMap. (kfujino)
jdbc-pool
fix Make sure the pool has been properly configured when attributes that related to the pool size are changed via JMX. (kfujino)
|
|
Upstream changes:
MediaWiki 1.26.1
This is a security and bug fix release of the MediaWiki 1.26 branch.
Changes since 1.26
(bug T117899) SECURITY: $wgArticlePath can no longer be set to relative paths that do not begin with a slash. This enabled trivial XSS attacks. Configuration values such as "http://my.wiki.com/wiki/$1" are fine, as are "/wiki/$1". A value such as "$1" or "wiki/$1" is not and will now throw an error
(bug T119309) SECURITY: Use hash_compare() for edit token comparison
(bug T118032) SECURITY: Don't allow cURL to interpret POST parameters starting with '@' as file uploads
(bug T115522) SECURITY: Passwords generated by User::randomPassword() can no longer be shorter than $wgMinimalPasswordLength
(bug T97897) SECURITY: Improve IP parsing and trimming. Previous behavior could result in improper blocks being issued
(bug T109724) SECURITY: Special:MyPage, Special:MyTalk, Special:MyContributions and related pages no longer use HTTP redirects and are now redirected by MediaWiki
Fixed ConfigException in ExpandTemplates due to AlwaysUseTidy.
Fixed stray literal \n in Special:Search.
Fix issue that breaks HHVM Repo Authorative mode.
(bug T120267) Work around APCu memory corruption bug
|
|
|
|
differently upstream.
|
|
From David Bariod
|
|
|
|
This release fixes two security issues:
CVE-2015-5259:
Remotely triggerable heap overflow and out-of-bounds read caused by
integer overflow in the svn:// protocol parser.
http://subversion.apache.org/security/CVE-2015-5259-advisory.txt
CVE-2015-5343:
Remotely triggerable heap overflow and out-of-bounds read in mod_dav_svn
caused by integer overflow when parsing skel-encoded request bodies.
http://subversion.apache.org/security/CVE-2015-5343-advisory.txt
|
|
|
|
|
|
|
|
* Sync with firefox38-38.5.0
|
|
Changelog:
Fixed Various security fixes
Fixed Improved stability with Java (1221448)
Fixed in Firefox ESR 38.5
2015-149 Cross-site reading attack through data and view-source URIs
2015-147 Integer underflow and buffer overflow processing MP4 metadata in libstagefright
2015-146 Integer overflow in MP4 playback in 64-bit versions
2015-145 Underflow through code inspection
2015-139 Integer overflow allocating extremely large textures
2015-138 Use-after-free in WebRTC when datachannel is used after being destroyed
2015-134 Miscellaneous memory safety hazards (rv:43.0 / rv:38.5)
|
|
* Sync with firefox-43.0
|
|
Changelog:
New Private Browsing with Tracking Protection offers choice of blocking additional trackers
New Improved API support for m4v video playback
New Firefox 64-bit for Windows is now available via the Firefox download page
New Users can choose search suggestions from the Awesome Bar
New On-screen keyboard displayed on selecting input field on devices running Windows 8 or greater
New Firefox Health Report has switched to use the same data collection mechanism as telemetry
Developer Markup view shows indicators for pseudo-classes locked for elements
Developer Bind F1 key to open the settings when the toolbox is focused
Developer New 'Use in Console' context menu item in Inspector to store selected element in a temporary variable
Developer Search button next to overridden CSS properties to find similar properties in the rules view
Developer Ability to filter styles from their property names in the rules view
Developer Stack traces are now shown for exceptions inside the console
Developer Added ability to display server-side logs in the console
Developer Ability to choose resolution for the GCLI screenshot command
Developer Subresource integrity allows developers to make their sites more secure
Developer Network requests in Console now link to Network panel instead of opening in a popup
Developer Unprefixed 'hyphens' property is now supported
Developer WebIDE now has a sidebar-based UI
Developer The 'transform-origin' property is now supported on SVG elements
Developer Animation inspector now displays animations in a timeline
Developer Single-process mode is no longer supported for NPAPI plugins
Fixed Eyedropper tool does not work as expected when page is zoomed
Fixed Various security fixes
Fixed in Firefox 43
2015-149 Cross-site reading attack through data and view-source URIs
2015-148 Privilege escalation vulnerabilities in WebExtension APIs
2015-147 Integer underflow and buffer overflow processing MP4 metadata in libstagefright
2015-146 Integer overflow in MP4 playback in 64-bit versions
2015-145 Underflow through code inspection
2015-144 Buffer overflows found through code inspection
2015-143 Linux file chooser crashes on malformed images due to flaws in Jasper library
2015-142 DOS due to malformed frames in HTTP/2
2015-141 Hash in data URI is incorrectly parsed
2015-140 Cross-origin information leak through web workers error events
2015-139 Integer overflow allocating extremely large textures
2015-138 Use-after-free in WebRTC when datachannel is used after being destroyed
2015-137 Firefox allows for control characters to be set in cookies
2015-136 Same-origin policy violation using perfomance.getEntries and history navigation
2015-135 Crash with JavaScript variable assignment with unboxed objects
2015-134 Miscellaneous memory safety hazards (rv:43.0 / rv:38.5)
|
|
Bump PKGREVISION since it uses wrong README file.
|
|
Fix build problem.
|
|
|
|
which got reverted in the 0.11.2 update, despite being documented
in the log:
> Due to a change in packaging the docs themes are currently excluded
> from the pypi distribution, breaking the -docs package. Issue
> ``#761`` should address this upstream; we'll being using GitHub as
> the master site for the time being.
(Also, when touching the base package, make sure the -docs package
still builds. Makefile.common quite visibly mentions it.)
Bump PKGREVISION, and temporarily invent a DIST_SUBDIR so the
different distfile gets picked up until the next update.
|
|
Quote from release announce:
the TYPO3 Community has just released TYPO3 CMS versions 6.2.16 LTS
and 7.6.1 LTS which are now ready for you to download.
All versions are maintenance releases and contain bug fixes and
security fixes.
*IMPORTANT*
These versions include important security fixes to the TYPO3 CMS Core.
The according security bulletins with details have just been released:
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-cor
e-sa-2015-010/
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-cor
e-sa-2015-011/
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-cor
e-sa-2015-012/
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-cor
e-sa-2015-013/
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-cor
e-sa-2015-014/
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-cor
e-sa-2015-015/
|
|
|
|
|
|
to commit yesterday.
Sawyer is an experimental secret user agent built on top of Faraday.
|
|
|
|
Jetty provides a Web server and javax.servlet container, plus support for
HTTP/2, WebSocket, OSGi, JMX, JNDI, JAAS and many other integrations. These
components are open source and available for commercial use and distribution.
This package builds on the existing www/jetty7 package which is retained for
users of that maintenance release, simplifies the packaging, and adds SMF
support.
|
|
Changelog (in Japanese) is at http://basercms.net/release/3_0_8.
|
|
# Liquid Version History
## 3.0.5 / 2015-07-23 / branch "3-0-stable"
* Fix test failure under certain timezones [Dylan Thacker-Smith]
## 3.0.4 / 2015-07-17
* Fix chained access to multi-dimensional hashes [Florian Weingarten]
## 3.0.3 / 2015-05-28
* Fix condition parse order in strict mode (#569) [Justin Li, pushrax]
## 3.0.2 / 2015-04-24
* Expose VariableLookup private members (#551) [Justin Li, pushrax]
* Documentation fixes
## 3.0.1 / 2015-01-23
* Remove duplicate `index0` key in TableRow tag (#502) [Alfred Xing]
## 3.0.0 / 2014-11-12
* Removed Block#end_tag. Instead, override parse with `super` followed by your code. See #446 [Dylan Thacker-Smith, dylanahsmith]
* Fixed condition with wrong data types, see #423 [Bogdan Gusiev]
* Add url_encode to standard filters, see #421 [Derrick Reimer, djreimer]
* Add uniq to standard filters [Florian Weingarten, fw42]
* Add exception_handler feature, see #397 and #254 [Bogdan Gusiev, bogdan and Florian Weingarten, fw42]
* Optimize variable parsing to avoid repeated regex evaluation during template rendering #383 [Jason Hiltz-Laforge, jasonhl]
* Optimize checking for block interrupts to reduce object allocation #380 [Jason Hiltz-Laforge, jasonhl]
* Properly set context rethrow_errors on render! #349 [Thierry Joyal, tjoyal]
* Fix broken rendering of variables which are equal to false, see #345 [Florian Weingarten, fw42]
* Remove ActionView template handler [Dylan Thacker-Smith, dylanahsmith]
* Freeze lots of string literals for new Ruby 2.1 optimization, see #297 [Florian Weingarten, fw42]
* Allow newlines in tags and variables, see #324 [Dylan Thacker-Smith, dylanahsmith]
* Tag#parse is called after initialize, which now takes options instead of tokens as the 3rd argument. See #321 [Dylan Thacker-Smith, dylanahsmith]
* Raise `Liquid::ArgumentError` instead of `::ArgumentError` when filter has wrong number of arguments #309 [Bogdan Gusiev, bogdan]
* Add a to_s default for liquid drops, see #306 [Adam Doeler, releod]
* Add strip, lstrip, and rstrip to standard filters [Florian Weingarten, fw42]
* Make if, for & case tags return complete and consistent nodelists, see #250 [Nick Jones, dntj]
* Prevent arbitrary method invocation on condition objects, see #274 [Dylan Thacker-Smith, dylanahsmith]
* Don't call to_sym when creating conditions for security reasons, see #273 [Bouke van der Bijl, bouk]
* Fix resource counting bug with respond_to?(:length), see #263 [Florian Weingarten, fw42]
* Allow specifying custom patterns for template filenames, see #284 [Andrei Gladkyi, agladkyi]
* Allow drops to optimize loading a slice of elements, see #282 [Tom Burns, boourns]
* Support for passing variables to snippets in subdirs, see #271 [Joost Hietbrink, joost]
* Add a class cache to avoid runtime extend calls, see #249 [James Tucker, raggi]
* Remove some legacy Ruby 1.8 compatibility code, see #276 [Florian Weingarten, fw42]
* Add default filter to standard filters, see #267 [Derrick Reimer, djreimer]
* Add optional strict parsing and warn parsing, see #235 [Tristan Hume, trishume]
* Add I18n syntax error translation, see #241 [Simon Hørup Eskildsen, Sirupsen]
* Make sort filter work on enumerable drops, see #239 [Florian Weingarten, fw42]
* Fix clashing method names in enumerable drops, see #238 [Florian Weingarten, fw42]
* Make map filter work on enumerable drops, see #233 [Florian Weingarten, fw42]
* Improved whitespace stripping for blank blocks, related to #216 [Florian Weingarten, fw42]
## 2.6.3 / 2015-07-23 / branch "2-6-stable"
* Fix test failure under certain timezones [Dylan Thacker-Smith]
|
|
## 1.4.0 / 2015-12-01
* Allow `noscript` fallback to be disabled (#29)
* Use Octokit to fetch Gist content when passed `JEKYLL_GITHUB_TOKEN`
in env(#28)
## 1.3.5 / 2015-10-23
* Fix encoding error for `noscript` code (#23)
* Test against Jekyll 3, 2, and the github-pages gem (#19)
|
|
Now it is not use ruby-pygments.rb any more. Changes are too many to write
here, please refer <https://github.com/jekyll/jekyll/releases>.
|
|
Bump PKGREVISION.
|
|
|
|
Rouge aims to a be a simple, easy-to-extend drop-in replacement for pygments.
|
|
=== unicorn 5.0.0.pre2 - another prerelease! / 2015-07-06 21:37 UTC
There is a minor TCP socket options are now applied to inherited
sockets, and we have native support for inheriting sockets from
systemd (by emulating the sd_listen_fds(3) function).
Dynamic changes in the application to Rack::Utils::HTTP_STATUS
codes is now supported, so you can use your own custom status
lines.
Ruby 2.2 and later is now favored for performance.
Optimizations by using constants which made sense in earlier
versions of Ruby are gone: so users of old Ruby versions
will see performance regressions. Ruby 2.2 users should
see the same or better performance, and we have less code
as a result.
* doc: update some invalid URLs
* apply TCP socket options on inherited sockets
* reflect changes in Rack::Utils::HTTP_STATUS_CODES
* reduce constants and optimize for Ruby 2.2
* http_response: reduce size of multi-line header path
* emulate sd_listen_fds for systemd support
* test/unit/test_response.rb: compatibility with older test-unit
This also includes all changes in unicorn 5.0.0.pre1:
http://bogomips.org/unicorn-public/m/20150615225652.GA16164@dcvr.yhbt.net.html
=== unicorn 5.0.0.pre1 - incompatible changes! / 2015-06-15 22:49 UTC
This release finally drops Ruby 1.8 support and requires Ruby 1.9.3
or later. The horrible "Status:" header in our HTTP response is
finally gone, saving at least 16 precious bytes in every single HTTP
response.
Under Ruby 2.1 and later, the monotonic clock is used for timeout
handling for better accuracy.
Several experimental, unused and undocumented features are removed.
There's also tiny, minor performance and memory improvements from
dropping 1.8 compatibility, but probably nothing noticeable on a
typical real-life (bloated) app.
The biggest performance improvement we made was to our website by
switching to olddoc. Depending on connection speed, latency, and
renderer performance, it typically loads two to four times faster.
Finally, for the billionth time: unicorn must never be exposed
to slow clients, as it will never ever use new-fangled things
like non-blocking socket I/O, threads, epoll or kqueue. unicorn
must be used with a fully-buffering reverse proxy such as nginx
for slow clients.
* ISSUES: update with mailing list subscription
* GIT-VERSION-GEN: start 5.0.0 development
* http: remove xftrust options
* FAQ: add entry for Rails autoflush_log
* dev: remove isolate dependency
* unicorn.gemspec: depend on test-unit 3.0
* http_response: remove Status: header
* remove RubyForge and Freecode references
* remove mongrel.rubyforge.org references
* http: remove the keepalive requests limit
* http: reduce parser from 72 to 56 bytes on 64-bit
* examples: add run_once to before_fork hook example
* worker: remove old tmp accessor
* http_server: save 450+ bytes of memory on x86-64
* t/t0002-parser-error.sh: relax test for rack 1.6.0
* remove SSL support
* tmpio: drop the "size" method
* switch docs + website to olddoc
* README: clarify/reduce references to unicorn_rails
* gemspec: fixup olddoc migration
* use the monotonic clock under Ruby 2.1+
* http: -Wshorten-64-to-32 warnings on clang
* remove old inetd+git examples and exec_cgi
* http: standalone require + reduction in binary size
* GNUmakefile: fix clean gem build + reduce build cruft
* socket_helper: reduce constant lookups and caching
* remove 1.8, <= 1.9.1 fallback for missing IO#autoclose=
* favor IO#close_on_exec= over fcntl in 1.9+
* use require_relative to reduce syscalls at startup
* doc: update support status for Ruby versions
* fix uninstalled testing and reduce require paths
* test_socket_helper: do not depend on SO_REUSEPORT
* favor "a.b(&:c)" form over "a.b { |x| x.c }"
* ISSUES: add section for bugs in other projects
* http_server: favor ivars over constants
* explain 11 byte magic number for self-pipe
* const: drop constants used by Rainbows!
* reduce and localize constant string use
* Links: mark Rainbows! as historical, reference yahns
* save about 200 bytes of memory on x86-64
* http: remove deprecated reset method
* http: remove experimental dechunk! method
* socket_helper: update comments
* doc: document UNICORN_FD in manpage
* doc: document Etc.nprocessors for worker_processes
* favor more string literals for cold call sites
* tee_input: support for Rack::TempfileReaper middleware
* support TempfileReaper in deployment and development envs
* favor kgio_wait_readable for single FD over select
* Merge tag 'v4.9.0'
* http_request: support rack.hijack by default
* avoid extra allocation for hijack proc creation
* FAQ: add note about ECONNRESET errors from bodies
* process SIGWINCH unless stdin is a TTY
* ISSUES: discourage HTML mail strongly, welcome nyms
* http: use rb_hash_clear in Ruby 2.0+
* http_response: avoid special-casing for Rack < 1.5
* www: install NEWS.atom.xml properly
* http_server: remove a few more accessors and constants
* http_response: simplify regular expression
* move the socket into Rack env for hijacking
* http: move response_start_sent into the C ext
* FAQ: reorder bit on Rack 1.1.x and Rails 2.3.x
* ensure body is closed during hijack
|
|
3.4.20 (09 December 2015)
* Fix a bug with the rounding changes from 3.4.14 and 3.4.15 where some
negative numbers would incorrectly be rounded up instead of down.
* Better compression for :nth pseudoselectors with subtraction. Issue #1650
* Add support for the new supports() clause for CSS @import directives.
* Rounding numbers now respects Sass’s precision setting for numbers very
close to half an integer.
* Add support for the q unit, representing one quarter of a millimeter.
* Mitigate a race condition when multiple threads are using the same
Sass::Plugin object at once.
* In compressed mode, numbers between -1 and 1 now have the leading 0 omitted.
* Source maps now include source ranges for comments.
Deprecation – Must Read!
Certain ways of using #{} without quotes in property and variable values have
been deprecated in order to simplify the feature.
Currently, #{} behaves unpredictably. If it’s used near operators, it will
cause those operators to become part of an unquoted string instead of having
their normal meaning. This isn’t an especially useful feature, and it makes
it hard to reason about some code that includes #{}, so we’re getting rid of
it.
In the new world, #{} just returns an unquoted string that acts like any other
unquoted string. For example, foo + #{$var} will now do the same thing as foo
+ $var, instead of doing the same thing as unquote("foo + #{$var}").
In order to ease the transition, Sass will now emit deprecation warnings for
all uses of #{} that will change behavior in 4.0. We don’t anticipate many
warnings to appear in practice, and you can fix most of them automatically by
running sass-convert --in-place on the affected files.
For more details, see the blog post on the deprecation and the GitHub issue in
which it was planned.
|
|
## 1.5.0
* only catch StandardError and not Exception
## 1.4.3
* After overriding the REQUEST_METHOD, store the original request method in "rack.methodoverride.original_method"
## 1.4.1
* Ignore invalid Expires date as per RFC
## 1.4.0
* Not invalidating the cache for preflight CORS request
## 1.3.1 / October 2015
* Support Ruby 1.9
## 1.3 / Octorber 2015
* Ruby 2.0 only
* Gracefully degrade when cache store goes offline
* allow_reload/revalidate is not enabled by default
* Make Rack::Cache multithread friendly
|
|
=== 2.15.3 / 2015-11-07
* 1 bug fix:
* Fix JRuby parser
=== 2.15.2 / 2015-11-06
* 2 bug fixes:
* ext/puma_http11: handle duplicate headers as per RFC
* Only set ctx.ca iff there is a params['ca'] to set with.
* 2 PRs merged:
* Merge pull request #818 from unleashed/support-duplicate-headers
* Merge pull request #819 from VictorLowther/fix-ca-and-verify_null-exception
=== 2.15.1 / 2015-11-06
* 1 bug fix:
* Allow older openssl versions
=== 2.15.0 / 2015-11-06
* 6 minor features:
* Allow setting ca without setting a verify mode
* Make jungle for init.d support rbenv
* Use SSL_CTX_use_certificate_chain_file for full chain
* cluster: add worker_boot_timeout option
* configuration: allow empty tags to mean no tag desired
* puma/cli: support specifying STD{OUT,ERR} redirections and append mode
* 5 bug fixes:
* Disable SSL Compression
* Fix bug setting worker_directory when using a symlink directory
* Fix error message in DSL that was slightly inaccurate
* Pumactl: set correct process name. Fixes #563
* thread_pool: fix race condition when shutting down workers
* 10 doc fixes:
* Add before_fork explanation in Readme.md
* Correct spelling in DEPLOYMENT.md
* Correct spelling in docs/nginx.md
* Fix spelling errors.
* Fix typo in deployment description
* Fix typos (it's -> its) in events.rb and server.rb
* fixing for typo mentioned in #803
* Spelling correction for README
* thread_pool: fix typos in comment
* More explicit docs for worker_timeout
* 18 PRs merged:
* Merge pull request #768 from nathansamson/patch-1
* Merge pull request #773 from rossta/spelling_corrections
* Merge pull request #774 from snow/master
* Merge pull request #781 from sunsations/fix-typo
* Merge pull request #791 from unleashed/allow_empty_tags
* Merge pull request #793 from robdimarco/fix-working-directory-symlink-bug
* Merge pull request #794 from peterkeen/patch-1
* Merge pull request #795 from unleashed/redirects-from-cmdline
* Merge pull request #796 from cschneid/fix_dsl_message
* Merge pull request #799 from annafw/master
* Merge pull request #800 from liamseanbrady/fix_typo
* Merge pull request #801 from scottjg/ssl-chain-file
* Merge pull request #802 from scottjg/ssl-crimes
* Merge pull request #804 from burningTyger/patch-2
* Merge pull request #809 from unleashed/threadpool-fix-race-in-shutdown
* Merge pull request #810 from vlmonk/fix-pumactl-restart-bug
* Merge pull request #814 from schneems/schneems/worker_timeout-docs
* Merge pull request #817 from unleashed/worker-boot-timeout
|
|
Changes summary is not available, please refer:
<http://padrinorb.com/blog/padrino-0-13-0-mustermann-router-performance-enhancements-streaming-support-and-much-more/>.
|
|
|
|
Welcome to Mustermann. Mustermann is your personal string matching expert.
As an expert in the field of strings and patterns, Mustermann keeps its
runtime dependencies to a minimum and is fully covered with specs and
documentation.
Given a string pattern, Mustermann will turn it into an object that behaves
like a regular expression and has comparable performance characteristics.
|
|
[105060c | 2015-10-28 17:15:55 UTC] Michael Fellinger <m.fellinger@gmail.com>
* update dependencies and gem setup
[cde6b36 | 2013-10-16 14:59:44 UTC] Patrik Rak <patrik@raxoft.cz>
* Use correct session class in Current.setup.
Current.setup should honor the passed in arguments even for session.
|
|
Changes summary is not available, please refer:
<https://github.com/nahi/httpclient/commits/master>.
|
|
Faraday 0.9.2
Adapters:
* Enable gzip compression for httpclient
* Fixes default certificate store for httpclient not having default paths.
* Make excon adapter compatible with 0.44 excon version
* Add compatibility with Patron 0.4.20
* Determine default port numbers in Net::HTTP adapters (Addressable
compatibility)
* em-http: wrap "connection closed by server" as ConnectionFailed type
* Wrap Errno::ETIMEDOUT in Faraday::Error::TimeoutError
Utils:
* Add Rack-compatible support for parsing a[][b]=c nested queries
* Encode nil values in queries different than empty strings. Before: a=; now:
a.
* Have Faraday::Utils::Headers#replace clear internal key cache
* Dup the internal key cache when a Headers hash is copied
Env and middleware:
* Ensure env stored on middleware response has reference to the response
* Ensure that Response properties are initialized during on_complete (VCR
compatibility)
* Copy request options in Faraday::Connection#dup
* Env custom members should be copied by Env.from(env)
* Honour per-request request.options.params_encoder
* Fix interval_randomness data type for Retry middleware
* Add maximum interval option for Retry middleware
|
|
2.3.3a (2015-11-18)
-------------------
Bug fixes
- expanded mail folders list is not saved (#3386)
- cleanup translations
2.3.3 (2015-11-11)
------------------
New features
- initial S/MIME support for EAS (#3327)
- now possible to choose which folders to sync over EAS
Enhancements
- we no longer always entirely rewrite messages for Outlook 2013 when using EAS
- support for ghosted elements on contacts over EAS
- added Macedonian (mk_MK) translation - thanks to Miroslav Jovanovic
- added Portuguese (pt) translation - thanks to Eduardo Crispim
Bug fixes
- numerous EAS fixes when connections are dropped before the EAS client receives the response (#3058, #2849)
- correctly handle the References header over EAS (#3365)
- make sure English is always used when generating Date headers using EAS (#3356)
- don't escape quoted strings during versit generation
- we now return all cards when we receive an empty addressbook-query REPORT
- avoid crash when replying to a mail with no recipients (#3359)
- inline images sent from SOGo webmail are not displayed in Mozilla Thunderbird (#3271)
- prevent postal address showing on single line over EAS (#2614)
- display missing events when printing working hours only
- fix corner case making server crash when syncing hard deleted messages when clear offline items was set up (Zentyal)
- avoid infinite Outlook client loops trying to set read flag when it is already set (Zentyal)
- avoid crashing when calendar metadata is missing in the cache (Zentyal)
- fix recurrence pattern event corner case created by Mozilla Thunderbird which made server crash (Zentyal)
- fix corner case that removes attachments on sending messages from Outlook (Zentyal)
- freebusy on web interface works again in multidomain environments (Zentyal)
- fix double creation of folders in Outlook when the folder name starts with a digit (Zentyal)
- avoid crashing Outlook after setting a custom view in a calendar folder (Zentyal)
- handle emails having an attachment as their content
- fixed JavaScript syntax error in attendees editor
- fixed wrong comparison of meta vs. META tag in HTML mails
- fixed popup menu position when moved to the left (#3381)
- fixed dialog position when at the bottom of the window (#2646, #3378)
- fixed addressbrook-only source entires having a c_uid set
|
