| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
firewall for nginx.
|
|
* Remove dead link from plugins/teximg. Closes: #664885
* inline: When the pagenames list includes pages that do not exist, skip
them.
* meta: Export author information in html <meta> tag. Closes: #664779
Thanks, Martin Michlmayr
* notifyemail: New plugin, sends email notifications about new and
changed pages, and allows subscribing to comments.
* Added a "changes" hook. Renamed the "change" hook to "rendered", but
the old hook name is called for now for back-compat.
* meta: Support keywords header. Closes: #664780
Thanks, Martin Michlmayr
* passwordauth: Fix url in password recovery email to be absolute.
* httpauth: When it's the only auth method, avoid a pointless and
confusing signin form, and go right to the httpauthurl.
* rename: Allow rename to be started not from the edit page; return to
the renamed page in this case.
* remove: Support removing of pages in the transient underlay. (smcv)
* inline, trail: The pagenames parameter is now a list of absolute
pagenames, not relative wikilink type names. This is necessary to fix
a bug, and makes pagenames more consistent with the pagespec used
in the pages parameter. (smcv)
* link: Fix renaming wikilinks that contain embedded urls.
* graphviz: Handle self-links.
* trail: Improve CSS, also display trail links at bottom of page,
and a bug fix. (smcv)
Add dependency on p5-HTML-Tree, suggested by Matthias Rampke in PR pkg/45688.
|
|
|
|
XXX It would be nice if lessons were learned and no new cases of
XXX multiple versions with the same base name were introduced...
|
|
* Many bugfixes
* Translation updates
|
|
* Bugfixes
* Many improvements
|
|
|
|
* Disable mod_proxy_html explicitly.
Changes with Apache 2.4.2
*) SECURITY: CVE-2012-0883 (cve.mitre.org)
envvars: Fix insecure handling of LD_LIBRARY_PATH that could lead to the
current working directory to be searched for DSOs. [Stefan Fritsch]
*) mod_slotmem_shm: Honor DefaultRuntimeDir [Jim Jagielski]
*) mod_ssl: Fix crash with threaded MPMs due to race condition when
initializing EC temporary keys. [Stefan Fritsch]
*) mod_proxy: Add the forcerecovery balancer parameter that determines if
recovery for balancer workers is enforced. [Ruediger Pluem]
*) Fix MPM DSO load failure on AIX. [Jeff Trawick]
*) mod_proxy: Correctly set up reverse proxy worker. PR 52935.
[Petter Berntsen <petterb gmail.com>]
*) mod_sed: Don't define PATH_MAX to a potentially undefined value, causing
compile problems on GNU hurd. [Stefan Fritsch]
*) core: Add ap_runtime_dir_relative() and DefaultRuntimeDir.
[Jeff Trawick]
*) core: Fix breakage of Listen directives with MPMs that use a
per-directory config. PR 52904. [Stefan Fritsch]
*) core: Disallow directives in AllowOverrideList which are only allowed
in VirtualHost or server context. These are usually not prepared to be
called in .htaccess files. [Stefan Fritsch]
*) core: In AllowOverrideList, do not allow 'None' together with other
directives. PR 52823. [Stefan Fritsch]
*) mod_slotmem_shm: Support DEFAULT_REL_RUNTIMEDIR for file-based shm.
[Jim Jagielski]
*) core: Fix merging of AllowOverrideList and ContentDigest.
[Stefan Fritsch]
*) mod_request: Fix validation of the KeptBodySize argument so it
doesn't always throw a configuration error. PR 52981 [Eric Covener]
*) core: Add filesystem paths to access denied / access failed messages
AH00035 and AH00036. [Eric Covener]
*) mod_dumpio: Properly handle errors from subsequent input filters.
PR 52914. [Stefan Fritsch]
*) Unix MPMs: Fix small memory leak in parent process if connect()
failed when waking up children. [Joe Orton]
*) "DirectoryIndex disabled" now undoes DirectoryIndex settings in
the current configuration section, not just previous config sections.
PR 52845. [Eric Covener]
*) mod_xml2enc: Fix broken handling of EOS buckets which could lead to
response headers not being sent. PR 52766. [Stefan Fritsch]
*) mod_ssl: Properly free the GENERAL_NAMEs. PR 32652. [Kaspar Brand]
*) core: Check during config test that directories for the access
logs actually exist. PR 29941. [Stefan Fritsch]
*) mod_xml2enc, mod_proxy_html: Enable per-module loglevels.
[Stefan Fritsch]
*) mod_filter: Fix segfault with AddOutputFilterByType. PR 52755.
[Stefan Fritsch]
*) mod_session: Sessions are encoded as application/x-www-form-urlencoded
strings, however we do not handle the encoding of spaces properly.
Fixed. [Graham Leggett]
*) Configuration: Example in comment should use a path consistent
with the default configuration. PR 52715.
[Rich Bowen, Jens Schleusener, Rainer Jung]
*) Configuration: Switch documentation links from trunk to 2.4.
[Rainer Jung]
*) configure: Fix out of tree build using apr and apr-util in srclib.
[Rainer Jung]
|
|
*) Security: specially crafted mp4 file might allow to overwrite memory
locations in a worker process if the ngx_http_mp4_module was used,
potentially resulting in arbitrary code execution (CVE-2012-2089).
|
|
* Support for time zones
* Support for in-browser testing frameworks
* Updated default project layout and manage.py
* Custom project and app templates
* Improved WSGI support
* Improved password hashing
* HTML5 doctype
* List filters in admin interface
* Multiple sort in admin interface
* New ModelAdmin methods
More...
|
|
changes:
-new options, minor improvements
-bugfixes
|
|
Contains fix for XSS, https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-002/.
2012-04-17 7bec4f3 [RELEASE] Release of TYPO3 4.6.8 (TYPO3 v4 Release Team)
2012-04-17 e894089 #34348 [SECURITY] XSS in exception handler (Oliver Klee)
2012-04-17 da929e3 [TASK] Raise submodule pointer (TYPO3 v4 Release Team)
2012-04-15 4fb406e #36027 [BUGFIX] Localisation update doesn't work (Sebastian Fischer)
2012-04-14 a444816 #34742 [TASK] Change hardcoded URL to constant (dkd-egerer Sascha Egerer)
2012-04-14 32017dc #33497,#34897 [BUGFIX] t3lib_http_Request can not be loaded in frontend (Philipp Gampe)
2012-04-13 efe107e #34923 [BUGFIX] Hardcoded variable in CookieJar.php (Philipp Gampe)
2012-04-12 f1bb34c #32581 [BUGFIX] Slider doesn't work in IE9 (Jigal van Hemert)
2012-04-12 88135a6 #35202 [BUGFIX] Fix the unit tests to work with PHPUnit 3.6 (Oliver Klee)
2012-04-12 f68a85e #34860,#33685 [BUGFIX] Results from live search and opendocs can't be opened (Stefan Galinski)
2012-04-12 fbde347 #35905 [BUGFIX] Failing test in autoloader with phpunit 3.6 (Christian Kuhn)
2012-04-12 fed2e3c #35897 [BUGFIX] Failing test in caching framework memcache backend (Christian Kuhn)
2012-04-11 87e9436 #35847 [BUGFIX] t3lib_div::getUrl() providing wrong error information (Ingo Renner)
2012-04-11 7825e7a #35272 [BUGFIX] Enable XClassing of t3lib_install by replacing new (Kay Strobach)
2012-04-11 51d1dcf #35126 [BUGFIX] Use state "excludeFromUpdates" in update check (Jigal van Hemert)
2012-04-10 e1c402f #35257 [BUGFIX] ext_icon.gif for EXT:impexp (Georg Ringer)
2012-04-08 f4e9e59 #34695 [BUGFIX] missing parameter for implode (Jigal van Hemert)
2012-04-05 80946db #31831 [BUGFIX] "Allowed excludefields" misses non-tt_content FlexForms (Kai Vogel)
2012-04-05 bd038d6 #32517 [BUGFIX] Set filename to downloaded resource in t3lib_compressor (Morton Jonuschat)
2012-03-29 2df8eda #34625 [BUGFIX] preg_spliti should be preg_split (Georg Ringer)
|
|
Contains fix for XSS, https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-002/.
2012-04-17 7bd7fa7 [RELEASE] Release of TYPO3 4.5.15 (TYPO3 v4 Release Team)
2012-04-17 34cd65d #34348 [SECURITY] XSS in exception handler (Oliver Klee)
2012-04-17 03ed1e3 [TASK] Raise submodule pointer (TYPO3 v4 Release Team)
2012-04-15 bd08193 #36027 [BUGFIX] Localisation update doesn't work (Sebastian Fischer)
2012-04-14 455c288 #34742 [TASK] Change hardcoded URL to constant (dkd-egerer Sascha Egerer)
2012-04-13 d92797c #24884 [BUGFIX] Saving Page Tree states issues in large environments (cybercraft)
2012-04-12 89232cd #35202 [BUGFIX] Fix the unit tests to work with PHPUnit 3.6 (Oliver Klee)
2012-04-12 573c480 #34860,#33685 [BUGFIX] Results from live search and opendocs can't be opened (Stefan Galinski)
2012-04-12 df51e20 #35897 [BUGFIX] Failing test in caching framework memcache backend (Christian Kuhn)
2012-04-11 174d81f #35847 [BUGFIX] t3lib_div::getUrl() providing wrong error information (Ingo Renner)
2012-04-11 8d9854c #35272 [BUGFIX] Enable XClassing of t3lib_install by replacing new (Kay Strobach)
2012-04-10 d5b2b13 #35257 [BUGFIX] ext_icon.gif for EXT:impexp (Georg Ringer)
2012-04-08 f9fe38e #34695 [BUGFIX] missing parameter for implode (Jigal van Hemert)
2012-04-05 c49f742 #31831 [BUGFIX] "Allowed excludefields" misses non-tt_content FlexForms (Kai Vogel)
2012-03-29 2a25362 #34625 [BUGFIX] preg_spliti should be preg_split (Georg Ringer)
2012-03-28 a2b1f8c #25021 [BUGFIX] Creating new pages via drag'n'drop respects page TS (Philipp Kitzberger)
|
|
|
|
* Add some modules like apache22
* Fix lua option build
|
|
bugfixes.
|
|
The lua option is disabled by default.
|
|
|
|
|
|
|
|
|
|
The Apache HTTP Server Project is an effort to develop and maintain an
open-source HTTP server for various modern desktop and server operating
systems, such as UNIX and Windows NT. The goal of this project is to
provide a secure, efficient and extensible server which provides HTTP
services in sync with the current HTTP standards.
This package tracks 2.4.x release.
|
|
|
|
builds on several contributed code bases (nWidgets, Burstlib, f(m)),
which is why we refer to it sometimes as a "unified" toolkit. Dojo
aims to solve some long-standing historical problems with DHTML
which prevented mass adoption of dynamic web application development.
|
|
in case certificates are not installed reported by David Holland
|
|
|
|
This is API incompatible to pkgsrc/www/librest, and can coexist.
|
|
=== RELEASE 2.6 ===
Sat Apr 7 03:54:41 CEST 2012 mikulas:
Fixed reads and writes out of memory in the xbm decoder
It may have security implications
Mon Apr 2 05:34:15 CEST 2012 mikulas:
Fixed character set in the window title in X11
Fri Mar 30 05:10:32 CEST 2012 mikulas:
Check EINTR after each syscall to work around non-working SA_RESTART
on some old Unices
Wed Mar 28 22:11:23 CEST 2012 mikulas:
Fixed access out of allocated memory in the graphics renderer.
It may have security implications --- although just two characters
('-' and 0) were written to the unallocated area.
Tue Mar 27 21:49:38 CEST 2012 mikulas:
Fixed an infinite loop in usemap when invalid html tag was processed
Sun Mar 25 04:46:43 CEST 2012 mikulas:
Fixed a crash if the user runs links with pipe on stdin
Sun Mar 25 02:42:11 MET 2012 mikulas:
Fixed inefficiency when moving or dragging mouse over big documents
Sat Mar 24 01:26:05 CET 2012 mikulas:
Fixed inefficiency when displaying documents with long lines
Wed Mar 7 23:02:27 CET 2012 mikulas:
Fix copy and paste of Unicode characters to/from Xwindow
clipboard
Tue Feb 28 21:04:51 CET 2012 mikulas:
Fixed visual glitches in the select box in text-mode UTF-8
Sun Feb 26 18:31:17 MET 2012 mikulas:
Use key ' to move forward
Thu Feb 23 23:13:35 CET 2012 mikulas:
Fixed access out of memory when pasting too long string from
a clipboard
Thu Feb 23 00:52:09 CET 2012 mikulas:
The NSS encryption library can cause browser lockup. Add a warning.
The user should use OpenSSL instead of NSS.
Wed Feb 22 23:11:45 CET 2012 mikulas:
Fix for big endian Xserver
Tue Feb 21 03:03:33 MET 2012 mikulas:
Restrict textarea and input field width to screen size minus margins
Tue Feb 21 00:29:09 CET 2012 mikulas:
Fixed saving formatted document when UTF-8 is used
Sun Feb 19 22:24:20 MET 2012 mikulas:
Fixed a crash if the user selected "Frame at full-screen" in the menu
and there was no page displayed in the current frame
Mon Feb 13 19:35:07 MET 2012 mikulas:
Reload bookmarks if some other Links instance changes them
Mon Feb 13 18:37:41 MET 2012 mikulas:
Fixed some messages about decompression errors when http authentication
and compression was used at the same time
Sun Feb 12 18:32:26 MET 2012 mikulas:
Display filename and percentage in the download menu
Sun Feb 12 17:50:01 MET 2012 mikulas:
Fixed divide-by-zero crash in the download code
Sun Feb 12 15:22:12 MET 2012 mikulas:
Continue downloads to partially downloaded file
Tue Feb 7 07:13:49 MET 2012 mikulas:
Add information about versions of libraries
Tue Feb 7 00:39:28 cet 2012 mikulas:
Fixed visual glitches in the list editor
Sun Feb 5 20:35:43 cet 2012 mikulas:
Fixed integer overflows if file cache has more than 2GB
Mon Jan 23 21:54:19 MET 2012 mikulas:
Don't compact <br> tags inside <pre> (fixes line numbers in
source code viewer on github)
Mon Jan 23 03:23:07 CET 2012 mikulas:
Support non-english keyboard in the Xwindow driver
Sun Jan 15 01:42:59 cet 2012 mikulas:
When opening a new window, copy html options from the existing session
Sat Jan 14 22:59:53 cet 2012 mikulas:
Support #! translation according to Google specification
Thu Jan 5 02:43:42 CET 2012 mikulas:
Fixed reading of a freed memory if the user deletes a user program
while a query box with user programs is displayed
Fri Dec 30 15:34:11 MET 2011 mikulas:
Allow the user to set local IP address
Thu Dec 29 18:41:51 MET 2011 mikulas:
Allow the user to change colors
|
|
${PLIST.eggfile} from PLISTs and support code from lang/python.
|
|
Remove devel/py-ctypes (only needed by and supporting python24).
Remove PYTHON_VERSIONS_ACCEPTED and PYTHON_VERSIONS_INCOMPATIBLE
lines that just mirror defaults now.
Miscellaneous cleanup while editing all these files.
|
|
course unless fixed. As far as anyone has been able to figure out so
far, this is actually an older version of devel/SOPE.
|
|
|
|
** Add NetBSD and DragonFly uname etc.
* Readd enigmail distfile
|
|
Update Japanese, Latvian, Romanian and Slovak language files.
|
|
(fix CVE-2011-4858)
Tomcat 5.5.35 (jim)
Catalina
* Make configuration issues for security related Valves and Filters
result in the failure of the valve or filter rather than just a
warning message. (markt)
* Ensure changes to the configuration of the RemoteHostValve and the
RemoteAddrValve via JMX are thread-safe. (markt)
* In RequestFilterValve (RemoteAddrValve, RemoteHostValve): refactor
value matching logic into separate method and expose this new method
isAllowed through JMX. (kkolinko)
* Improve performance of parameter processing for GET and POST requests.
Also add an option to limit the maximum number of parameters processed
per request. This defaults to 10000. Excessive parameters are ignored.
Note that FailedRequestFilter can be used to reject the request if
some parameters were ignored. (markt/kkolinko)
* New filter FailedRequestFilter that will reject a request if there
were errors during HTTP parameter parsing. (kkolinko)
* 52384: Do not fail with parameter parsing when debug logging is
enabled. (kkolinko, jim)
* Do not flag extra '&' characters in parameters as parse errors.
(kkolinko, jim)
* Slightly improve performance of UDecoder.convert(). Align %2f handling
between implementations. (kkolinko)
* 52225: Fix ClassCastException when adding an alias for an existing
host via JMX. (kkolinko)
* Do not throw an IllegalArgumentException from a parseParameters() call
when a chunked POST request is too large, but treat it like an IO
error. (kkolinko)
* Add SetCharacterEncodingFilter (similar to the one contained in the
examples web application) to the org.apache.catalina.filters package
so it is available for all web applications. (kkolinko)
General
* Update Eclipse compiler to 3.7 and switch to using ecj.jar. (markt)
Coyote
* Improve multi-byte character handling in all connectors. (rjung)
Jasper
* 52335: Only handle <\% and not \% as escaped in template text. (markt)
Webapps
* 52049: Improve setup instructions for running as a Windows service:
correct information on how a JRE is identified and selected.
(kkolinko)
* 52172: Update Tomcat build instructions. Includes changes proposed by
bmargulies. (kkolinko)
* 52243: Improve windows service documentation to clarify how to include
# and/or ; in the value of an environment variable that is passed to
the service. (markt)
Other
* 52059: Ensure Windows registry keys are removed when using the
un-install option of the Windows installer. (markt)
|
|
* Patches are borrowed from deve/xulrunner
|
|
* Add LDFLAGS.FreeBSD like DragonFly.
|
|
=== Changes since 1.17.2 ===
* (bug 22555) Remove or skip strip markers from tag hooks like <nowiki> in
core parser functions which operate on strings, such as padleft.
* (bug 34212) ApiBlock/ApiUnblock allow action to take place without a token
parameter present.
* (bug 34907) Fixed exposure of tokens through load.php that could have facilitated
CSRF attacks.
* (bug 35317) CSRF in Special:Upload.
|
|
Bump PKGREVISION.
|
|
Bump PKGREVISION.
|
|
Fix security problem of https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/.
2012-03-28 a1b80e1 [RELEASE] Release of TYPO3 4.6.7 (TYPO3 v4 Release Team)
2012-03-28 892bbbc #22748 [SECURITY] Missing escaping for sys_notes (Georg Ringer)
2012-03-28 351084b #25246 [!!!][SECURITY] XSS in filelink element (Georg Ringer)
2012-03-28 5943c54 #29060 [SECURITY] Information disclosure showing DB name (Georg Ringer)
2012-03-28 42cb07b #29397 [SECURITY] XSS in show item (Christian Kuhn)
2012-03-28 8448714 #24474 [SECURITY] Missing escaping in scheduler (Georg Ringer)
2012-03-28 a5e14b2 #30940 [SECURITY] XSS in BE file list (Christian Kuhn)
2012-03-28 7451b95 #30188 [SECURITY] XSS possibility in RemoveXSS (Andreas Wolf)
2012-03-28 5491a24 #29536 [SECURITY] XSS in be_layouts (Georg Ringer)
2012-03-28 a6a9206 #30969 [SECURITY] XSS for extension meta data in About module (Oliver Klee)
2012-03-28 d6f9c2a [TASK] Raise submodule pointer (TYPO3 v4 Release Team)
2012-03-28 f4ae450 #35260 [BUGFIX] Missing column in t3lib_TCEmain::getPreviousLocalizedRecordUid (Francois Suter)
2012-03-25 ddad96b #34771 [TASK] Add missing sql_free_result in alt_doc.php (Wouter Wolters)
2012-03-24 cb92327 #35176 [BUGFIX] Tooltips for items in groupfields are not moved (Jigal van Hemert)
2012-03-23 fa992c7 #35160 [TASK] Code clean-up in t3lib_PageRenderer (Oliver Hader)
2012-03-23 2a968b2 #33791 [BUGFIX] Blank page after Save+Close in page settings (Stefan Galinski)
2012-03-18 b5d1b80 #32756 Revert "[BUGFIX] showAccessRestrictedPages doesn't replace links to restricted subpages" (Helmut Hummel)
2012-03-17 bc18ac6 #30847 [BUGFIX] Fix baseurl handling of IE with RTE htmlArea in FE and realurl (Stanislas Rolland)
2012-03-16 de9937b #34662 [BUGFIX] Fatal error 't3lib_lock' does not exist (Oliver Hader)
|
|
Fix security problem of https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/.
2012-03-28 c8acf67 [RELEASE] Release of TYPO3 4.5.14 (TYPO3 v4 Release Team)
2012-03-28 1d769c4 #22748 [SECURITY] Missing escaping for sys_notes (Georg Ringer)
2012-03-28 b128c41 #30969 [SECURITY] XSS for extension meta data in About module (Oliver Klee)
2012-03-28 4dc50cb #29397 [SECURITY] XSS in show item (Christian Kuhn)
2012-03-28 7b4e3cb #24474 [SECURITY] Missing escaping in scheduler (Georg Ringer)
2012-03-28 d9065bd #30940 [SECURITY] XSS in BE file list (Christian Kuhn)
2012-03-28 0b925b6 #30188 [SECURITY] XSS possibility in RemoveXSS (Andreas Wolf)
2012-03-28 e8ceb36 #25246 [!!!][SECURITY] XSS in filelink element (Georg Ringer)
2012-03-28 fa6a103 #29536 [SECURITY] XSS in be_layouts (Georg Ringer)
2012-03-28 784ffda #29060 [SECURITY] Information disclosure showing DB name (Georg Ringer)
2012-03-28 a4d4c22 [TASK] Raise submodule pointer (TYPO3 v4 Release Team)
2012-03-28 45472a9 #35260 [BUGFIX] Missing column in t3lib_TCEmain::getPreviousLocalizedRecordUid (Francois Suter)
2012-03-26 7689dca #35158 [TASK] Clean-up PHPdoc comments in t3lib_PageRenderer (Kai Vogel)
2012-03-26 afdbb20 #35159 [BUGFIX] Instance properties are defined statically (Kai Vogel)
2012-03-25 0c5402a #34771 [TASK] Add missing sql_free_result in alt_doc.php (Wouter Wolters)
2012-03-25 c828d02 #35176 [BUGFIX] Tooltips for items in groupfields are not moved (Jigal van Hemert)
2012-03-24 0b32e02 #33791 [BUGFIX] Blank page after Save+Close in page settings (Stefan Galinski)
2012-03-23 35153e9 #35160 [TASK] Code clean-up in t3lib_PageRenderer (Oliver Hader)
2012-03-22 c59bd15 #35148 [BUGFIX] Non-static methods in t3lib_cache are called statically (Steffen M«äller)
2012-03-22 7059684 #30050 [BUGFIX] t3lib_div should contain only static methods (Jigal van Hemert)
2012-03-18 8ae8604 #32756 Revert "[BUGFIX] showAccessRestrictedPages doesn't replace links to restricted subpages" (Helmut Hummel)
2012-03-17 f25023e #30847 [BUGFIX] Fix baseurl handling of IE with RTE htmlArea in FE and realurl (Stanislas Rolland)
2012-03-16 56ef45d #34662 [BUGFIX] Fatal error 't3lib_lock' does not exist (Oliver Hader)
|
|
Release notes
Release date: 2012-03-27
Opera 11.62 is a recommended upgrade offering security and stability enhancements.
Changes since Opera 11.61
User interface
Fixed
* Find in page (Ctrl + F) uses last used Find inline type
* Address field focus lost on restart when installing extensions with a
toolbar button
* Submit data-security-warning locks page with two warning dialogs where
only one can be closed
* No window control buttons on the menu bar when disabling the close button
on tabs
* Inefficient loading order of resources
* PDF and SVG options offered in GTK print dialog but not supported
* Opera clipboard incompatible with Synergy/VNC/rdesktop/VMware/VirtualBOX
* Sluggish file dialog in GTK
* No GTK toolkit support under FreeBSD 9
Improved
* Updated tr/hu/cs language strings
Display and scripting
Fixed
* Some progressive JPEGs aren't decoded properly
* Crash when inspecting a UserJSEvent object in Dragonfly
* Facebook chat scrolling problems
* Text cursor position lost when clicking to focus on a search match inside
a textarea
* Error message when sending mail at centrum.cz
* IDNs starting with number are shown with punycode in address bar
* Crash when posting message to extension background process
Mail, news, chat
Fixed
* Selected message not consistent on layout switching
* Last selected message is forgotten through a restart
* Scrolling or switching view is slow when there are messages with many
addressees
* Occasional crash when navigating message list
Network
Fixed
* Support Ctrl+F5 and Shift+F5 for unconditional reload of web page (bypass
cache)
* URL Turbo mode header reduction generates invalid HTTP messages
Presto 2.10 rendering engine
Encoding improvements
* Changed multi-byte encodings to be non-greedy when encountering invalid
byte sequences, which is more compatible with other implementations
Security
Fixed
* Fixed an issue where small windows could be used to trick users into
executing downloads, as reported by Jordi Chancel; see our advisory:
http://www.opera.com/support/kb/view/1010/
* Fixed an issue where overlapping content could trick users into executing
downloads, as reported by Jordi Chancel; see our advisory:
http://www.opera.com/support/kb/view/1011/
* Fixed a printing issue which could allow data leaks to other system users,
or allow them to corrupt data, as reported by Christof Meerwald; see our
advisory:
http://www.opera.com/support/kb/view/1015/
* Fixed an issue where history.state could leak the state data from cross
domain pages; see our advisory:
http://www.opera.com/support/kb/view/1012/
* Fixed an issue which could allow web page dialogs to display the wrong
address in the address field; see our advisory:
http://www.opera.com/support/kb/view/1013/
* Fixed an issue where carefully timed reloads and redirects could spoof the
address field, as reported by Jordi Chancel; see our advisory:
http://www.opera.com/support/kb/view/1014/
|
|
|
|
|
|
For example, fix build on DragonFly 3.0.1.
See https://bugzilla.mozilla.org/show_bug.cgi?id=621446
|
|
Requested by Moritz Wilhelmy on IRC.
Vulnerabilities fixed:
* CVE-2011-2191
Cross-site request forgery (CSRF) vulnerability in Cherokee-admin in Cherokee
before 1.2.99 allows remote attackers to hijack the authentication of
administrators for requests that insert cross-site scripting (XSS) sequences,
as demonstrated by a crafted nickname field to vserver/apply.
* CVE-2011-2190
The generate_admin_password function in Cherokee before 1.2.99 uses time and
PID values for seeding of a random number generator, which makes it easier
for local users to determine admin passwords via a brute-force attack.
New features (excerpt):
* Caching policies support
* Custom header can be defined inside rules
* Improved Index Page
* Kqueue is now used by default on MacOS X and *BSD
* New option to disable the use of SSLv2
* Wild cards are now supported in dirlist fields
* Redirection entries can be reordered
* ${vserver_name_req} in logger 'Custom'
* Cherokee-admin can be shut down from within
* TLS/SSL supports the 'IP per VServer' workaround now
* Virtual Server complex match support (OR rules)
* Redirection error handler has a 'default' option now
* New ${root_domain} macro in Advanced Virtual Hosting
* Failover load balancing plug-in
* cherokee-admin-launcher tool
* Information Source name resolution pre-caching
* Gzip and Default is configurable now (#1054)
* ${http_host}, ${http_referrer}, and ${http_user_agent} (#896)
* Much better OPTIONS support
* Documentation improvements
* Information Sources can be reordered now (*CGI handlers)
* X-Sendfile and X-Accel-Redirect support in the proxy
* Shared memory implementation (no longer SysV) (#537)
* Logger custom. New macro: ${http_cookie}
* Virtual Host regex group replacement (^ parameters)
* --with-cgiroot in configure
* -i / --disable-iocache param in cherokee-admin
* 'Server Info' extended to support accepts and timeouts
* cherokee-admin-launcher accepts SIGHUP now
* CTK_COOKIE security enhancement
* Enhanced pre-saving validations
* Interpreter env. vars can embedded $VARs evaluation
* QA bench can be run without installing Cherokee first
* OS tuning documentation
* Regex against full header match
* Nick name match is optional on VServers (#1075)
* Front-Line Cache (beta)
* Cherokee Distribution (beta)
* CHEROKEE_TRACE special "from=<ip>" support
* SSL/TLS Wizard
* SSI recursive includes
* "UNIX socket in a abstract namespace" support
* Adds SHA512 support to the MySQL validator
* HSTS (HTTP Strict Transport Security) support
|
|
* Update "used by" in comments.
|
|
Please switch to contao211 (or contao210).
|
