Age | Commit message (Collapse) | Author | Files | Lines |
|
- Includes some whitespace changes, to be handled in a separate commit.
|
|
|
|
5.7.8
- Fix regression in restarting kernels in 5.7.5.
The restart handler would return before restart was completed.
- Further improve compatibility with tornado 6 with improved
checks for when websockets are closed.
- Fix regression in 5.7.6 on Windows where .js files could have the wrong mime-type.
- Fix Open Redirect vulnerability (CVE-2019-10255)
where certain malicious URLs could redirect from the Jupyter login page
to a malicious site after a successful login.
5.7.7 contained only a partial fix for this issue.
|
|
This is a semi-manual PKGREVISION bump.
|
|
Version 2.0.8:
- Support recursive (self) ForeignKey relations.
Version 2.0.7:
- Fixed AstroidImportError for DecimalField.
- Add load_configuration() in pylint_django/__init__.py.
- Support ForeignKey relations with to keyword.
|
|
1.25.1:
* Add support for Google's Brotli package.
* Upgrade bundled rfc3986 to v1.3.1
|
|
Version 0.15.2
- Rule code generation uses a filename that coverage will ignore.
The previous value, "generated", was causing coverage to fail.
- The test client removes the cookie header if there are no persisted
cookies. This fixes an issue introduced in 0.15.0 where the cookies
from the original request were used for redirects, causing functions
such as logout to fail.
- The test client copies the environ before passing it to the app, to
prevent in-place modifications from affecting redirect requests.
- The "werkzeug" logger only adds a handler if there is no handler
configured for its level in the logging chain. This avoids double
logging if other code configures logging first.
Version 0.15.1
- :class:~exceptions.Unauthorized takes description as the first
argument, restoring previous behavior. The new www_authenticate
argument is listed second.
Version 0.15.0
- Building URLs is ~7x faster. Each :class:~routing.Rule compiles
an optimized function for building itself.
- :meth:MapAdapter.build() <routing.MapAdapter.build> can be passed
a :class:~datastructures.MultiDict to represent multiple values
for a key. It already did this when passing a dict with a list
value.
- path_info defaults to '/' for
:meth:Map.bind() <routing.Map.bind>.
:pr:1316)
- Change RequestRedirect code from 301 to 308, preserving the verb
and request body (form data) during redirect.
- int and float converters in URL rules will handle negative
values if passed the signed=True parameter. For example,
/jump/<int(signed=True):count>.
- Location autocorrection in :func:Response.get_wsgi_headers()
<wrappers.BaseResponse.get_wsgi_headers> is relative to the current
path rather than the root path.
:pr:1315)
- 412 responses once again include entity headers and an error message
in the body. They were originally omitted when implementing
If-Match
- The Content-Length header is removed for 1xx and 204 responses. This
fixes a previous change where no body would be sent, but the header
would still be present. The new behavior matches RFC 7230.
- :class:~exceptions.Unauthorized takes a www_authenticate
parameter to set the WWW-Authenticate header for the response,
which is technically required for a valid 401 response.
- Add support for status code 424 :exc:~exceptions.FailedDependency.
- :func:http.parse_cookie ignores empty segments rather than
producing a cookie with no key or value.
- :func:~http.parse_authorization_header (and
:class:~datastructures.Authorization,
:attr:~wrappers.Request.authorization) treats the authorization
header as UTF-8. On Python 2, basic auth username and password are
unicode.
- :func:~http.parse_options_header understands :rfc:2231 parameter
continuations.
- :func:~urls.uri_to_iri does not unquote ASCII characters in the
unreserved class, such as space, and leaves invalid bytes quoted
when decoding. :func:~urls.iri_to_uri does not quote reserved
characters. See :rfc:3987 for these character classes.
- get_content_type appends a charset for any mimetype that ends
with +xml, not just those that start with application/.
Known text types such as application/javascript are also given
charsets.
- Clean up werkzeug.security module, remove outdated hashlib
support.
- In :func:~security.generate_password_hash, PBKDF2 uses 150000
iterations by default, increased from 50000.
- :class:~wsgi.ClosingIterator calls close on the wrapped
*iterable*, not the internal iterator. This doesn't affect objects
where __iter__ returned self. For other objects, the method
was not called before.
- Bytes may be used as keys in :class:~datastructures.Headers, they
will be decoded as Latin-1 like values are.
- :class:~datastructures.Range validates that list of range tuples
passed to it would produce a valid Range header.
- :class:~datastructures.FileStorage looks up attributes on
stream._file if they don't exist on stream, working around
an issue where :func:tempfile.SpooledTemporaryFile didn't
implement all of :class:io.IOBase. See
https://github.com/python/cpython/pull/3249.
- :class:CombinedMultiDict.copy() <datastructures.CombinedMultiDict>
returns a shallow mutable copy as a
:class:~datastructures.MultiDict. The copy no longer reflects
changes to the combined dicts, but is more generally useful.
- The version of jQuery used by the debugger is updated to 3.3.1.
- The debugger correctly renders long markupsafe.Markup instances.
- The debugger can serve resources when Werkzeug is installed as a
zip file. DebuggedApplication.get_resource uses
pkgutil.get_data.
- The debugger and server log support Python 3's chained exceptions.
- The interactive debugger highlights frames that come from user code
to make them easy to pick out in a long stack trace. Note that if an
env was created with virtualenv instead of venv, the debugger may
incorrectly classify some frames.
- Clicking the error message at the top of the interactive debugger
will jump down to the bottom of the traceback.
- When generating a PIN, the debugger will ignore a KeyError
raised when the current UID doesn't have an associated username,
which can happen in Docker.
- :class:~exceptions.BadRequestKeyError adds the KeyError
message to the description, making it clearer what caused the 400
error. Frameworks like Flask can omit this information in production
by setting e.args = ().
- If a nested ImportError occurs from :func:~utils.import_string
the traceback mentions the nested import. Removes an untested code
path for handling "modules not yet set up by the parent."
- Triggering a reload while using a tool such as PDB no longer hides
input.
- The reloader will not prepend the Python executable to the command
line if the Python file is marked executable. This allows the
reloader to work on NixOS.
- Fix an issue where sys.path would change between reloads when
running with python -m app. The reloader can detect that a
module was run with "-m" and reconstructs that instead of the file
path in sys.argv when reloading.
- The dev server can bind to a Unix socket by passing a hostname like
unix://app.socket.
- Server uses IPPROTO_TCP constant instead of SOL_TCP for
Jython compatibility.
- When using an adhoc SSL cert with :func:~serving.run_simple, the
cert is shown as self-signed rather than signed by an invalid
authority.
- The development server logs the unquoted IRI rather than the raw
request line, to make it easier to work with Unicode in request
paths during development.
- The development server recognizes ConnectionError on Python 3 to
silence client disconnects, and does not silence other OSErrors
that may have been raised inside the application.
- The environ keys REQUEST_URI and RAW_URI contain the raw
path before it was percent-decoded. This is non-standard, but many
WSGI servers add them. Middleware could replace PATH_INFO with
this to route based on the raw value.
- :class:~test.EnvironBuilder doesn't set CONTENT_TYPE or
CONTENT_LENGTH in the environ if they aren't set. Previously
these used default values if they weren't set. Now it's possible to
distinguish between empty and unset values.
- The test client raises a ValueError if a query string argument
would overwrite a query string in the path.
- :class:test.EnvironBuilder and :class:test.Client take a
json argument instead of manually passing data and
content_type. This is serialized using the
:meth:test.EnvironBuilder.json_dumps method.
- :class:test.Client redirect handling is rewritten.
- The redirect environ is copied from the initial request environ.
- Script root and path are correctly distinguished when
redirecting to a path under the root.
- The HEAD method is not changed to GET.
- 307 and 308 codes preserve the method and body. All others
ignore the body and related headers.
- Headers are passed to the new request for all codes, following
what browsers do.
- :class:test.EnvironBuilder sets the content type and length
headers in addition to the WSGI keys when detecting them from
the data.
- Intermediate response bodies are iterated over even when
buffered=False to ensure iterator middleware can run cleanup
code safely. Only the last response is not buffered.
- :class:~test.EnvironBuilder, :class:~datastructures.FileStorage,
and :func:wsgi.get_input_stream no longer share a global
_empty_stream instance. This improves test isolation by
preventing cases where closing the stream in one request would
affect other usages.
- The default :attr:SecureCookie.serialization_method
<contrib.securecookie.SecureCookie.serialization_method> will
change from :mod:pickle to :mod:json in 1.0. To upgrade existing
tokens, override :meth:~contrib.securecookie.SecureCookie.unquote
to try pickle if json fails.
- CGIRootFix no longer modifies PATH_INFO for very old
versions of Lighttpd. LighttpdCGIRootFix was renamed to
CGIRootFix in 0.9. Both are deprecated and will be removed in
version 1.0.
- :class:werkzeug.wrappers.json.JSONMixin has been replaced with
Flask's implementation. Check the docs for the full API.
- The :doc:contrib modules </contrib/index> are deprecated and will
either be moved into werkzeug core or removed completely in
version 1.0. Some modules that already issued deprecation warnings
have been removed. Be sure to run or test your code with
python -W default::DeprecationWarning to catch any deprecated
code you're using.
- LintMiddleware has moved to :mod:werkzeug.middleware.lint.
- ProfilerMiddleware has moved to
:mod:werkzeug.middleware.profiler.
- ProxyFix has moved to :mod:werkzeug.middleware.proxy_fix.
- JSONRequestMixin has moved to :mod:werkzeug.wrappers.json.
- cache has been extracted into a separate project,
cachelib <https://github.com/pallets/cachelib>_. The version
in Werkzeug is deprecated.
- securecookie and sessions have been extracted into a
separate project,
secure-cookie <https://github.com/pallets/secure-cookie>_. The
version in Werkzeug is deprecated.
- Everything in fixers, except ProxyFix, is deprecated.
- Everything in wrappers, except JSONMixin, is deprecated.
- atom is deprecated. This did not fit in with the rest of
Werkzeug, and is better served by a dedicated library in the
community.
- jsrouting is removed. Set URLs when rendering templates
or JSON responses instead.
- limiter is removed. Its specific use is handled by Werkzeug
directly, but stream limiting is better handled by the WSGI
server in general.
- testtools is removed. It did not offer significant benefit
over the default test client.
- iterio is deprecated.
- :func:wsgi.get_host no longer looks at X-Forwarded-For. Use
:class:~middleware.proxy_fix.ProxyFix to handle that.
- :class:~middleware.proxy_fix.ProxyFix is refactored to support
more headers, multiple values, and more secure configuration.
- Each header supports multiple values. The trusted number of
proxies is configured separately for each header. The
num_proxies argument is deprecated.
- Sets SERVER_NAME and SERVER_PORT based on
X-Forwarded-Host.
- Sets SERVER_PORT and modifies HTTP_HOST based on
X-Forwarded-Port.
- Sets SCRIPT_NAME based on X-Forwarded-Prefix.
- The original WSGI environment values are stored in the
werkzeug.proxy_fix.orig key, a dict. The individual keys
werkzeug.proxy_fix.orig_remote_addr,
werkzeug.proxy_fix.orig_wsgi_url_scheme, and
werkzeug.proxy_fix.orig_http_host are deprecated.
- Middleware from werkzeug.wsgi has moved to separate modules
under werkzeug.middleware, along with the middleware moved from
werkzeug.contrib. The old werkzeug.wsgi imports are
deprecated and will be removed in version 1.0.
- werkzeug.wsgi.DispatcherMiddleware has moved to
:class:werkzeug.middleware.dispatcher.DispatcherMiddleware.
- werkzeug.wsgi.ProxyMiddleware as moved to
:class:werkzeug.middleware.http_proxy.ProxyMiddleware.
- werkzeug.wsgi.SharedDataMiddleware has moved to
:class:werkzeug.middleware.shared_data.SharedDataMiddleware.
- :class:~middleware.http_proxy.ProxyMiddleware proxies the query
string.
- The filenames generated by
:class:~middleware.profiler.ProfilerMiddleware can be customized.
- The werkzeug.wrappers module has been converted to a package,
and its various classes have been organized into separate modules.
Any previously documented classes, understood to be the existing
public API, are still importable from werkzeug.wrappers, or may
be imported from their specific modules.
|
|
Pointed out via PR pkg/54137 by Jonathan Schleifer (used by
libparserutils and netsurf).
Bump PKGREVISION
|
|
1.25:
* Require and validate certificates by default when using HTTPS.
* Upgraded urllib3.utils.parse_url() to be RFC 3986 compliant.
* Added support for key_password for HTTPSConnectionPool to use
encrypted key_file without creating your own SSLContext object.
* Add TLSv1.3 support to CPython, pyOpenSSL, and SecureTransport SSLContext
implementations.
* Switched the default multipart header encoder from RFC 2231 to HTML 5 working draft.
* Fixed issue where OpenSSL would block if an encrypted client private key was
given and no password was given. Instead an SSLError is raised.
* Added support for Brotli content encoding. It is enabled automatically if
brotlipy package is installed which can be requested with
urllib3[brotli] extra.
* Drop ciphers using DSS key exchange from default TLS cipher suites.
Improve default ciphers when using SecureTransport.
* Implemented a more efficient HTTPResponse.__iter__() method.
|
|
Changes from 1.7.5:
SECURITY
Prevent remote code execution vulnerability with mirror repo URL settings (#6593) (#6594)
Resolve 2FA bypass on API (#6676) (#6674)
Prevent the creation of empty sessions for non-logged in users (#6690) (#6677)
BREAKING
Add "ghost" and "notifications" to list of reserved user names. (#6208)
Change sqlite DB path default to data directory (#6198)
Adds MustChangePassword to user create/edit API (#6193)
Disable redirect for i18n (#5910)
Releases API paging (#5831)
Allow Macaron to be set to log through to gitea.log (#5667)
Don't close issues via commits on non-default branch (#5622)
FEATURE
Add regenerate secret feature for oauth2 (#6291)
Expose issue stopwatch toggling via API (#5970)
Add other session providers (#5963)
Pull request conflict files detection (#5951)
Integrate OAuth2 Provider (#5378)
Implement "conversation lock" for issue comments (#5073)
Feature: Archive repos (#5009)
Discord Oauth2 support (#4476)
Allow to set organization visibility (public, internal, private) (#1763)
Added URL mapping for Release attachments like on github.com (#1707)
ENHANCEMENT
Add support for client basic auth for exchanging access tokens (#6293)
Add ability to sort issues by due date (#6206) (#6244)
Style tweaks to issue selection (#6196)
Increase Username and Orgname MaxSize 35 -> 40 (#6178)
Coverage profile with multiple packages (#6167)
Split setting.go to multiple files (#6154)
Allow labels to contain emoji (#6063)
Disable git fsck for mirrored repos by default (#6018)
Add default time out for git operations (#6015)
Split setting.go as multiple files (#6014)
Make dashboard navbar and footer full-width (#6013)
Add lang specific font stacks for CJK (#6007)
Fix header menu misalignment (#6002)
Enhance closed PR and Issue status in the list (#6000)
Make navbar full width (#5998)
Add option to close issues via commit on a non master branch (#5992)
Support n as a line highlight prefix (#5987)
Search for org repos (#3031) (#5986)
Minor UI tweaks (#5980)
Use native golang SSH library but ssh-keygen when enable built-in SSH server to remove dependent on that command lines (#5976)
Dashboard tweaks (#5974)
Fixes for repo topic editor (#5971)
Display the branch name in the commit view (#5950)
handle milestone events for issues and PR (#5947)
Add label names as filter in issue search api (#5946)
Repo header tweaks (#5945)
Better support for long repo names (#5932)
Fix wrapping long code lines (#5927)
Change GPG Validation colors and remove inline CSS (#5404) (#5896)
Fix "pulls.blocked_by_approvals" text (#5879)
Rename reject to 'request changes' (#5858)
Move input fields to add members to a team and repos to a team (#5853)
Config option to disable automatic repo watching (#5852)
New Issue ?body= query (#5851)
Add API to list tags (#5850)
Pagination for git tree API (#5838)
Add InternalTokenURI to load InternalToken from an external file (#5812)
Allow markdown files to read from the LFS (#5787)
Add the ability to use multiple labels as filters (#5786)
Adjust log settings when a user is not found. (#5771)
Log IP of failed ssh connection (#5766)
Moved defaults in defaults.go to setting.go (#5764)
Make DB connect more robust (#5738)
Add Default Pull Request Title (#5735)
Refactor repo.isBare to repo.isEmpty #5629 (#5714)
Add flag to skip repository dumping (#5695)
Prioritize "readme.md" (#5691)
Improve "Fork button" for guests by showing a pop up asking them to log in before forking (#5690)
Allow for user specific themes (#5668)
Display branch name in delete branch confirmation modal. (#5654)
New API routes added (#5594)
Refactor notification for indexer (#5111)
Refactor mail notification (#5110)
Show email if the authenticated user owns the profile page being requested for (#4981)
Optimize pulls merging (#4921)
Sort Repositories widget by most recently updated (#3963) (#4599)
Allow markdown table to scroll (#4401)
Automatically clear stopwatch on merging a PR (#4327)
Add the Owner Name to differentiate when merging (#3807)
Add title attributes to all items in the repo list viewer (#6258) (#6650)
BUGFIXES
Fix dropdown icon padding (#6651) (#6654)
Fix wrong GPG expire date (#6643) (#6644)
Fix forking an empty repository (#6637) (#6653)
Remove call to EscapePound .Link as it is already escaped (#6656) (#6666)
Properly escape on the redirect from the web editor (#6657) (#6667)
Allow resend of confirmation email when logged in (#6482) (#6486)
Fix mail notification when close/reopen issue (#6581) (#6588)
Change API commit summary to full message (#6591) (#6592)
Add option to disable refresh token invalidation (#6584) (#6587)
Fix bug user search API pagesize didn't obey ExplorePagingNum (#6579) (#6586)
Fix new repo alignment (#6583) (#6585)
Prevent server 500 on compare branches with no common history (#6555) (#6558)
Properly escape release attachment URL (#6512) (#6523)
Hacky fix for alignment of the create-organization dialog (#6455) (#6462)
Disable benchmarking during tag events on DroneIO (#6365) (#6366)
Make sure units of a team are returned (#6379) (#6381)
Don't Unescape redirect_to cookie value (#6399) (#6401)
Fix dump table name error and add some test for dump database (#6394) (#6402)
Fix migration v82 to ignore unsynced tags between database and git data; Add missing is_archived column on repository table (#6387) (#6403)
Display correct error for invalid mirror interval (#6414) (#6429)
Clean up ref name rules (#6437) (#6439)
Fix Hook & HookList in Swagger (#6432) (#6440)
Change order that PostProcess Processors are run (#6445) (#6447)
Clean up various use of escape/unescape functions for URL generation (#6334)
Return 409 when creating repo if it already exists. (#6330)
Add same changes from issues page to milestone->issues page (#6328)
Fix ParsePatch function to work with quoted diff --git strings (#6323)
Fix reported issue in repo description (#6306)
Use url.PathEscape to escape the branchname (#6304)
Add robots.txt as reserved username (#6272)
Replace linkRegex with xurls library (#6261)
Remove visitLinksForShortLinks features (#6257)
Add unit types to repo action URL to correctly show 404 when archived (#6247)
Check organization visibility before everything else (#6234) (#6235)
Prevent double-close of issues (#6233)
Override xorm type mapping for U2F counter (#6232)
Add isAdmin to user API response (#6231)
Update git vendor to fix wrong release commit id and add migrations (#6224)
Fix fork button (#6223)
Fix renames over redirects (#6216)
Fix display dashboard even if require to change password (#6214)
Create a repo redirect when transferring ownership (#6210) (#6211)
Fix issue update race condition (#6194)
Fix bug when migrate repository 500 when repo is existed (#6188)
Fix scrollbar always present on page body (#6177)
Fix bug when set indexer as db and add tests (#6173)
Modify linkRegex to require http|https (#6171)
Fix bug user could change private repository to public when force private enabled. (#6156)
Fix admin list user/org API (#6143)
Make repo creation for API similar to UI (#6142)
Make document body a flexbox (#6139)
Refactor issue indexer, add some testing and fix a bug (#6131)
Load Issue attributes for API call (#6122)
Fix bug when update owner team then visit team's repo return 404 (#6119)
Fix heatmap and repository menu display in Internet Explorer 9+ (#6117)
Show private organization for admin, fix #6111 (#6112)
Fix prohibit login check on authorization (#6106)
Move to ldap.v3 to fix #5928 (#6105)
Remove use MakeAssigneeList in webhooks to fix deadlock (#6102)
Allow display of LFS stored Readme.md on directory page (#6073) (#6099)
Make sure labels are actually returned (#6053)
Fix panic: template: repo/issue/list:210: unexpected "=" in operand (#6041)
After deleting a repo on admin panel, UI should remember the last sort type (#6033)
Default create repository on organisation on its dashboard (#6026)
Swagger: Remove spaces in MergePullRequestOption enum (#6016)
Fix metrics auth token detection (#6006)
Fix repo header issues (#5995)
Fix bug when deleting a linked account will removed all (#5989)
Make organization dropdown scrollable when using mouse wheel (#5988)
Fix empty ssh key importing in ldap (#5984)
Admin config page mailertype setting option update (#5973)
Fix redirect loop during forced password change (#5965)
Show user who created the repository instead of the organisation in action feed (#5948)
Remove all CommitStatus when a repo is deleted (#5940)
Fix ssh deploy and user key constraints (#1357) (#5939)
Fix log output (#5938)
Set PusherName and PusherID to owner on deploy key to fix pushing with deploy keys (#5935)
Fix compare button (#5929)
Fix bug when read public repo lfs file (#5912)
Only allow local login if password is non-empty (#5906)
Recover panic in orgmode.Render if bad orgfile (#4982) (#5903)
Provide better panic handling (#5902)
Respect value of REQUIRE_SIGNIN_VIEW (#5901)
Show a 404 not a 500 if a repo does not exist (#5900)
Ensure repo is loaded in mailer (Completely fix #5891) (#5895)
Ensure issue.Poster is loaded in mailIssueCommentToParticipants (#5891)
Correct footer height if screen-width is to small (fixes #5878) (#5889)
In gitea serv switch off console logger to fix #5866 (#5887)
Don't allow pull requests to be created on an archived repository (#5883)
Support reviews on a deleted file path (#5880)
Fix compare button on upstream repo leading to 404 (#5877)
Fix null pointer on not logged in attempt to Sudo (#5872)
Fix new release creation API to allow empty target (#5870)
Fix an error while adding a dependency via UI. (#5862)
Fix failing migration v67 (#5849)
Fix delete correct temp directory (#5839)
Make sure .git/info is created before generating .git/info/sparse-che… (#5825)
Fix topics saving internal error and disable for archived repos (#5821)
Fix TLS errors when using acme/autocert for local connections (#5820)
When creating new repository fsck option should be enabled (#5817)
Request for public keys only if LDAP attribute is set (#5816)
Fix serving of raw wiki files other than .md (#5814)
Fix migration 78 error mssql (#5791)
Disallow empty titles (#5785)
Fix the v78 migration script (#5776)
Ensure valid git author names passed in signatures (#5774)
Fix wrong assumption where a user is always said to have unassigned (her)himself (#5769)
Upgrade go-sql-driver/mysql to fix invalid connection error (#5748)
Fixing PostgreSQL dump creation (#5747)
Add proper CORS preflight origin validation (#5740)
Disable auto-migrate in docker container (#5730)
In basic auth check for tokens before call UserSignIn (#5725)
Pooled and buffered gzip implementation (#5722)
Ensure that sessions are passed into queries that could use the database to prevent deadlocks (#5718)
Keep file permissions during database migration (#5707)
Use correct value for "MSpan Structures Obtained" #4742 (#5706)
Refactor editor upload, update and delete to use git plumbing and add LFS support (#5702)
Update xorm to fix issue #5659 and #5651 (#5680)
Fix public will not be reused as public key after deleting as deploy key (#5671)
When redirecting, clean the path (#5669)
Don't list an issue on its own dependency list UI. (#5658)
Fix commit page showing status for current default branch (#5649) (#5650)
Only count users own actions for heatmap contributions (#5647)
Fix sqlite deadlock when assigning to a PR (#5640)
Refactor issue indexer (#5363)
TESTING
Run benchmark at tag to track performances (#6035)
Add test environment for MySQL8 (#5234)
BUILD
Use go 1.12 for tests and deprecate go 1.9 (#6186)
Makefile changes for Windows and easier development (#6103)
Update bleve dependency to latest master revision (#6100)
Switch to more recent build of xgo (#6070)
Add autoprefixer to css build (#6029)
Update the version of less (#6010)
Make log mailer for testing (#5893)
DOCS
Add more tests and docs for issue indexer, add db indexer type for searching from database (#6144)
update default value of --must-change-password cli flag (#6032)
Update and expand information about building Gitea (#6019)
Update U2F Section of app.ini.sample (#5994)
Update swagger for release API pagination (#5841)
Added docs for the tree api (#5834)
MISC
Add single commit API support (#5843)
Add missing GET teams endpoints (#5382)
Migrate database if app.ini found (#5290)
Changes from 1.7.4:
SECURITY
Prevent remote code execution vulnerability with mirror repo URL settings (#6593) (#6595)
BUGFIXES
Allow resend of confirmation email when logged in (#6482) (#6487)
|
|
ENABLE_WEBGL was renamed to ENABLE_OPENGL, adjust options.mk accordingly.
|
|
Update DEPENDS
Upstream changes:
6.38 2019-03-25 18:58:58Z
- Update Net::HTTP dependency from 6.07 to 6.18 (GH#310) (Olaf Alders)
- Remove s.c.o. from SYNOPSIS (GH#308) (Olaf Alders)
6.37 2019-03-06 20:49:26Z
- Improve ->add_handler documentation (GH #272) (Julien Fiegehenn)
- Alter our rule set to allow IPv6 proxy hosts beginning with [. (GH #237)
- Add a jigsaw test for 307 redirects (GH#285) (Nik LaBelle)
|
|
|
|
|
|
Cliqz develops novel Internet browsers that incorporate features
such as search and anti-tracking. Cliqz desktop browser is based
on Mozilla Firefox.
Cliqz pre-installs the Cliqz add-on, which causes search terms to
be sent to Cliqz as the default search engine. In addition the
HTTPS Everywhere addon is installed, and an addon to manage consent.
|
|
1.24.2:
* Don't load system certificates by default when any other ca_certs, ca_certs_dir or
ssl_context parameters are specified.
* Remove Authorization header regardless of case when redirecting to cross-site.
* Add support for IPv6 addresses in subjectAltName section of certificates.
|
|
3.1.2:
* New thread_critical argument to Local to tell it to not inherit contexts
across threads/tasks.
* Local now inherits across any number of sync_to_async to async_to_sync calls
nested inside each other
3.1.1:
* Local now cleans up storage of old threads and tasks to prevent a memory leak.
3.1.0:
* Added asgiref.local module to provide threading.local drop-in replacement.
3.0.0:
* Updated to match new ASGI 3.0 spec
* Compatibility library added that allows adapting ASGI 2 apps into ASGI 3 apps
losslessly
|
|
Changes with nginx 1.15.12:
*) Bugfix: a segmentation fault might occur in a worker process if
variables were used in the "ssl_certificate" or "ssl_certificate_key"
directives and OCSP stapling was enabled.
Changes with nginx 1.15.11:
*) Bugfix: in the "ssl_stapling_file" directive on Windows.
|
|
lib
This release fixes the bug that on_header callback is still called after stream is closed.
third-party
http-parser is upgraded to v2.9.1.
nghttpx
This release fixes the bug that authority and path altered by per-pattern mruby script can affect backend selection on retry.
It also fixes the bug that HTTP/1.1 chunked request stalls.
Now nghttpx does not log authorization request header field value with -LINFO.
Now nghttpx can be built with modern LibreSSL.
|
|
Changes not found.
|
|
Changes not found.
|
|
|
|
|
|
|
|
Update ruby-rails52 to 5.2.3 which contains security fix of actionpack in
5.2.2.2.
|
|
## Rails 5.2.3 (March 27, 2019) ##
* No changes.
## Rails 5.2.2.1 (March 11, 2019) ##
* No changes.
|
|
* 5.2.2.2 fixes these security problems:
CVE-2019-5418
CVE-2019-5419
CVE-2019-5420
## Rails 5.2.3 (March 27, 2019) ##
* Allow using combine the Cache Control `public` and `no-cache` headers.
Before this change, even if `public` was specified for Cache Control header,
it was excluded when `no-cache` was included. This fixed to keep `public`
header as is.
Fixes #34780.
*Yuji Yaginuma*
* Allow `nil` params for `ActionController::TestCase`.
*Ryo Nakamura*
## Rails 5.2.2.1 (March 11, 2019) ##
* No changes.
|
|
## Rails 5.2.3 (March 27, 2019) ##
* Prevent non-primary mouse keys from triggering Rails UJS click handlers.
Firefox fires click events even if the click was triggered by non-primary mouse keys such as right- or scroll-wheel-clicks.
For example, right-clicking a link such as the one described below (with an underlying ajax request registered on click) should not cause that request to occur.
```
<%= link_to 'Remote', remote_path, class: 'remote', remote: true, data: { type: :json } %>
```
Fixes #34541
*Wolfgang Hobmaier*
## Rails 5.2.2.1 (March 11, 2019) ##
* No changes.
|
|
Update to ruby-rails51 to 5.1.6.2; security fix of actionpack.
|
|
## Rails 5.1.6.2 (March 11, 2019) ##
* No changes.
|
|
www/ruby-actionpack51: Update to 5.1.6.2
* Fix [CVE-2019-5418] and [CVE-2019-5419].
|
|
## Rails 5.1.6.2 (March 11, 2019) ##
* No changes.
|
|
Update ruby-rails24 to 4.2.11.1; security fix of actionpack.
|
|
## Rails 4.2.11.1 (March 11, 2019) ##
* Fix [CVE-2019-5418] and [CVE-2019-5419].
|
|
## Rails 4.2.11.1 (March 11, 2019) ##
* No changes.
|
|
Version 3.5.40 (2019-04-10)
---------------------------
### Fixed
Fix the save callback in the back end password module (see #429).
|
|
- Security: prevent external redirections
- Fix some performances issues
- Fix various issues on plugins loading (cache conflict, bad locales)
- Fix display of documents in tickets
- Fix display of user's pictures
- Fix lost of some relations and sql errors when transferring items
- Feature: add Historical tab on config page
- And many more!
The full changelog is available:
https://github.com/glpi-project/glpi/milestone/32?closed=1
|
|
Sync WEBKIT_JIT_MACHINE_PLATFORMS (platforms where `webkit-jit'
option is suggested) is enabled by default with
Source/cmake/WebKitFeatures.cmake.
While here also disable ENABLE_C_LOOP when ENABLE_JIT is enabled
(the two options are incompatible).
Should workaround PR pkg/54109.
(No PKGREVISION bump since it should only fix platforms where since
update of webkit-gtk 2.24.0 were broken.)
|
|
* Sync with www/firefox-66.0.3
|
|
Changelog:
Fixed
Address bar on tablets running Windows 10 now behaves correctly (Bug 1498973)
Performance issues with some HTML5 games (Bug 1537609)
Fixed a bug with keypress events in IBM cloud applications (Bug 1538970)
Fix for keypress events in some Microsoft cloud applications (Bug 1539618)
Changed
Updated Baidu search plugin
|
|
|
|
pkgsrc change: use SUBST_VARS.
Version 3.5.39 (2019-04-09)
---------------------------
### Fixed
Invalidate the user sessions if a password changes (see CVE-2019-10641).
|
|
Remove support files for Contao 4 and later.
|
|
Changes:
WebKitGTK 2.24.1
=================
- Do not allow changes in active URI before provisional load starts for non-API requests.
- Stop the threaded compositor when the page is not visible or layer tree state is frozen.
- Use WebKit HTTP source element again for adaptive streaming fragments downloading.
- Properly handle empty resources in webkit_web_resource_get_data().
- Add quirk to ensure outlook.live.com uses the modern UI.
- Fix methods returing GObject or boxed types in JavaScriptCore GLib API.
- Ensure callback data is passed to functions and constructors with no parameters in JavaScriptCore GLib API.
- Fix rendering of complex text when the font uses x,y origins.
- Fix sound loop with Google Hangouts and WhatsApp notifications.
- Fix the build with GStreamer 1.12.5 and GST GL enabled.
- Detect SSE2 at compile time.
- Fix several crashes and rendering issues.
- Security fixes: CVE-2019-6251.
|
|
Version 1.7.0:
**This is the last version supporting Python 2!**
- Added a feature called 'response_filter' which enables one to only
cache views depending on the response code.
- A DeprecationWarning got turned into a TypeError.
Version 1.6.0:
- The delete_many function is now able to ignore any errors and continue
deleting the cache. However, in order to preserve backwards compatibility,
the default mode is to abort the deletion process. In order to use the new
deletion mode, one has to flip the config setting CACHE_IGNORE_ERRORS to
True. This was and still is only relevant for the **filesystem** and
**simple** cache backends.
- Re-added the gaememcached CACHE_TYPE for improved backwards compatibility.
- Documentation improvements
|
|
0.3.14:
- Added French translation
- Added German translation
0.3.13:
- Added Czech translation
|
|
pkgsrc changes:
- Add fontconfig and freetype2 dependencies to links-gui in order to adjust
per-upstream defaults
Changes:
2.19
----
- Disable high-DPI scaling on Windows
- Links makes it possible to specify scaling of text and images in the
dialog windows, so this should preferably be used instead of
system-level scaling
- Fixed a crash on invalid IDN URL, such as http://test,ï.com/
(found by lsxvdqe@gmail.com)
- Make it possible to select other fonts, using fontconfig and freetype
- Show certificate authority in the "Document info" box
- Use international error messages
- The -dump switch didn't report an error if write to stdout failed
|
|
0.14.0:
* Bugfix clarify subprotocol type as str not bytes.
* Support HTTP/2 WebSockets. This requires a HTTP/2 parser (not
included), with hyper-h2 recommended. It renames
handshake_extensions and hence is a breaking change.
* Bugfix badly formatted type hints.
* Bugfix minor issues identified by type checking.
0.13.0:
* Introduce a send method on the conenction which accepts the new
events. This requires the following usage changes, ::
connection.accept(subprotocol=subprotocol) -> connection.send(AcceptConnection(subprotocol=subprotocol))
connection.send_data(data) -> connection.send(Message(payload=payload))
connection.close(code) -> connection.send(CloseConnection(code=code))
connection.ping() -> connection.send(Ping())
connection.pong() -> connection.send(Pong())
* The Event structure is altered to allow for events to be sent and
received, this requires the following name changes in existing code, ::
ConnectionRequested -> Request
ConnectionEstablished -> AcceptConnection
ConnectionClosed -> CloseConnection
DataReceived -> Message
TextReceived -> TextMessage
BytesReceived -> BytesMessage
PingReceived -> Ping
PongReceived -> Pong
* Introduce RejectConnection and RejectData events to be used by a
server connection to reject rather than accept a connection or by a
client connection to emit the rejection response. The RejectData
event represents the rejection response body, if present.
* Add an extra_headers field to the AcceptConnection event in order to
customise the acceptance response in server mode or to emit this
information in client mode.
* Switch from Fail events being returned to RemoteProtocolErrors being
raised.
* Switch from ValueErrors to LocalProtocolErrors being raised when
an action is taken that is incompatible with the connection state or
websocket standard.
* Enforce version checking in SERVER mode, only 13 is supported.
* Add an event_hint to RemoteProtocolErrors to hint at how to respond
to issues.
* Switch from a bytes_to_send method to the send method
returning the bytes to send directly. Responses to Ping and Close
messages must now be sent (via send), with the Ping and
CloseConnection events gaining a response method. This
allows ::
if isinstance(event, Ping):
bytes_to_send = connection.send(event.response())
* Separate the handshake from the active connection handling. This
allows the handshake and connection to be seperately used. By
default though WSConnection does both.
* receive_bytes is renamed to receive_data and
WSConnection should be imported from wsproto rather than
wsproto.connection.
0.12.0:
* Support h11 ~0.8.1.
* Support Python 3.7.
* Make the close-handshake more explicit, by sending a close frame on
reciept of a close frame.
* Bugfix fix deflate after a non-compressable message.
* Bugfix connection header acceptance, by accepting Connection header
values that are comma separated lists.
|
|
Allows mod_proxy_html to be supported again. Based on a pull request from
vec4f in joyent/pkgsrc#169.
|
|
19.3.1
Changes:
* Add support for zero-length and RFC 5987 encoded filename for multipart/form-data requests.
* The type of expires attribute of sanic.cookies.Cookie is now enforced to be of type datetime.
* Add support for the stream parameter of sanic.Sanic.add_route() available to sanic.Blueprint.add_route().
* Accept negative values for route parameters with type int or number.
* Deprecated the use of sanic.request.Request.raw_args - it has a fundamental flaw in which is drops repeated query string parameters. Added sanic.request.Request.query_args as a replacement for the original use-case.
* Remove an unwanted None check in Request class repr implementation. This changes the default repr of a Request from <Request> to <Request: None />
* Added 2 new parameters to sanic.app.Sanic.create_server:
return_asyncio_server - whether to return an asyncio.Server.
asyncio_server_kwargs - kwargs to pass to loop.create_server for the event loop that sanic is using.
This is a breaking change.
* Added a set of test cases that test and benchmark route resolution.
* The type of the "max-age" value in a sanic.cookies.Cookie is now enforced to be an integer. Non-integer values are replaced with 0.
* Added the endpoint attribute to an incoming request, containing the name of the handler function.
* Improved request streaming. request.stream is now a bounded-size buffer instead of an unbounded queue. Callers must now call await request.stream.read() instead of await request.stream.get() to read each portion of the body.
This is a breaking change.
Fixes:
* Sanic was prefetching time.time() and updating it once per second to avoid excessive time.time() calls. The implementation was observed to cause memory leaks in some cases. The benefit of the prefetch appeared to negligible, so this has been removed. Fixes
* Fix a bug in the auto-reloader when the process was launched as a module i.e. python -m init0.mod1 where the sanic server is started in init0/mod1.py with debug enabled and imports another module in init0.
* Allow sanic test client to bind to a random port by specifying port=None when constructing a SanicTestClient
* Added the ability to specify middleware on a blueprint group, so that all routes produced from the blueprints in the group have the middleware applied.
* Allow the the use the SANIC_ACCESS_LOG environment variable to enable/disable the access log when not explicitly passed to app.run(). This allows the access log to be disabled for example when running via gunicorn.
Developer infrastructure:
* Update project PyPI credentials
* fix linter issue causing travis build failures
* Fix python version in doc build
* Upgrade setuptools version and use native docutils in doc build
* Upgrade pytest, and fix caplog unit tests
Typos and Documentation:
* Fix typo at the exception documentation
* fix typo in Asyncio example
* Documentation typo
* Fix grammar in README.md
* Added "databases" to the extensions list
* Add sanic-zipkin to extensions list
* Removed link to deleted repo, Sanic-OAuth, from the extensions list
* 18.12 changelog
* Add example of amending request object
* Update README
* Update README
* Update README, including new logo
* fix minor type and pip install instruction mismatch
* Documentation Enhancements
|