| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
Noted about ap-php by tron@ via private mail.
|
|
|
|
|
|
|
|
|
|
1.1.0
-----
Mostly bug fix release. Highlights:
* Inline model editing on the list page
* FileAdmin refactoring and fixes
* FileUploadField and ImageUploadField will work with Required() validator
* Bug fixes
|
|
|
|
For full changes, please refer http://www.piwigo.org/releases/2.7.4 and
related pages.
This release contains these security fixes.
* SQL injection CVE-2015-1517 reported by Schleier, Sven (KPMG Management
Consulting Singapore)
* SQL injection and XSS failures reported and corrected by Steffen Rösemann
|
|
Changes before 6.5.19, please refer: http://support.sugarcrm.com/02_Documentation/01_Sugar_Editions/05_Sugar_Community_Edition/
Fixed Issues
Sugar 6.5.20 is a security update released to address certain security
vulnerabilities identified during our routine QA checks.
We strongly recommend that you install this update at the earliest
opportunity. While we have not experienced any reported incidents relating to
these vulnerabilities to date, failure to install this update could leave you
exposed to the following types of malicious third party attacks:
Unauthenticated users may retrieve contents from system-generated files.
These vulnerabilities as well as an additional issue have been addressed in
release 6.5.20 which is available for download from the Download Manager.
Administrators are strongly encouraged to upgrade their Sugar instances
running 6.5.x or earlier to 6.5.20 to prevent potential exploitation of these
weaknesses.
|
|
|
|
|
|
|
|
|
|
|
|
Bump PKGREVISION.
|
|
IMPORTANT: Liquid 2.6 is going to be the last version of Liquid which maintains explicit Ruby 1.8 compatability.
The following releases will only be tested against Ruby 1.9 and Ruby 2.0 and are likely to break on Ruby 1.8.
## 2.6.1 / 2014-01-10 / branch "2-6-stable"
Security fix, cherry-picked from master (4e14a65):
* Don't call to_sym when creating conditions for security reasons, see #273 [Bouke van der Bijl, bouk]
* Prevent arbitrary method invocation on condition objects, see #274 [Dylan Thacker-Smith, dylanahsmith]
## 2.6.0 / 2013-11-25
* ...
* Bugfix for #106: fix example servlet [gnowoel]
* Bugfix for #97: strip_html filter supports multi-line tags [Jo Liss, joliss]
* Bugfix for #114: strip_html filter supports style tags [James Allardice, jamesallardice]
* Bugfix for #117: 'now' support for date filter in Ruby 1.9 [Notre Dame Webgroup, ndwebgroup]
* Bugfix for #166: truncate filter on UTF-8 strings with Ruby 1.8 [Florian Weingarten, fw42]
* Bugfix for #204: 'raw' parsing bug [Florian Weingarten, fw42]
* Bugfix for #150: 'for' parsing bug [Peter Schröder, phoet]
* Bugfix for #126: Strip CRLF in strip_newline [Peter Schröder, phoet]
* Bugfix for #174, "can't convert Fixnum into String" for "replace" [wǒ_is神仙, jsw0528]
* Allow a Liquid::Drop to be passed into Template#render [Daniel Huckstep, darkhelmet]
* Resource limits [Florian Weingarten, fw42]
* Add reverse filter [Jay Strybis, unreal]
* Add utf-8 support
* Use array instead of Hash to keep the registered filters [Tasos Stathopoulos, astathopoulos]
* Cache tokenized partial templates [Tom Burns, boourns]
* Avoid warnings in Ruby 1.9.3 [Marcus Stollsteimer, stomar]
* Better documentation for 'include' tag (closes #163) [Peter Schröder, phoet]
* Use of BigDecimal on filters to have better precision (closes #155) [Arthur Nogueira Neves, arthurnn]
|
|
2.45.0 (2014-02-28)
===================
Firefox:
* Native events in Firefox relied on an API that Mozilla no longer
provides. As such, fall back to synthesized events on recent Firefox
versions.
Ruby changes:
* Allow switching windows when current window is closed (thanks Titus Fortner).
* Add :javascript_enabled to Android capabilities.
2.44.0 (2014-10-05)
===================
No Ruby changes in this release.
Firefox:
* Native event support for Firefox 24, 31, 32 and 33
2.43.0 (2014-09-09)
===================
* Make sure UnhandledAlertErrors includes the alert text if provided by the driver.
* Firefox
- Make sure the browser process is properly killed if silent startup hangs (#7392)
- native events support for Firefox 24, 31 and 32
* Loosen websocket dependency to ~> 1.0
* Add support for `switch_to.parent_frame` (thanks abotalov)
* Fix download location for Selenium::Server.{latest,get} (#7049 - thanks marekj)
|
|
|
|
* Drop ruby18 part and clean up.
Bump PKGREVISION.
|
|
* pkgsrc change: add pkg_alternatives support.
Changes are too many to write here, please refer
http://sass-lang.com/documentation/file.SASS_CHANGELOG.html.
|
|
# 1.7.3
- Security: redact password in URI from logs (#349 / OSVDB-117461)
- Drop monkey patch on MIME::Types (added `type_for_extension` method, use
the public interface instead.
# 1.7.2
- Ignore duplicate certificates in CA store on Windows
# 1.7.1
- Relax mime-types dependency to continue supporting mime-types 1.x series.
There seem to be a large number of popular gems that have depended on
mime-types '~> 1.16' until very recently.
- Improve urlencode performance
- Clean up a number of style points
# 1.7.0
- This release drops support for Ruby 1.8.7 and breaks compatibility in a few
other relatively minor ways
- Upgrade to mime-types ~> 2.0
- Don't CGI.unescape cookie values sent to the server (issue #89)
- Add support for reading credentials from netrc
- Lots of SSL changes and enhancements: (#268)
- Enable peer verification by default (setting `VERIFY_PEER` with OpenSSL)
- By default, use the system default certificate store for SSL verification,
even on Windows (this uses a separate Windows build that pulls in ffi)
- Add support for SSL `ca_path`
- Add support for SSL `cert_store`
- Add support for SSL `verify_callback` (with some caveats for jruby, OS X, #277)
- Add support for SSL ciphers, and choose secure ones by default
- Run tests under travis
- Several other bugfixes and test improvements
- Convert Errno::ETIMEDOUT to RestClient::RequestTimeout
- Handle more HTTP response codes from recent standards
- Save raw responses to binary mode tempfile (#110)
- Disable timeouts with :timeout => nil rather than :timeout => -1
- Drop all Net::HTTP monkey patches
# 1.6.8
- The 1.6.x series will be the last to support Ruby 1.8.7
- Pin mime-types to < 2.0 to maintain Ruby 1.8.7 support
- Add Gemfile, AUTHORS, add license to gemspec
- Point homepage at https://github.com/rest-client/rest-client
- Clean up and fix various tests and ruby warnings
- Backport `ssl_verify_callback` functionality from 1.7.0
|
|
== 0.6.3 / 2015-01-09
* Minor enhancements
* Expose an env helper for persistently configuring the env as needed
(Darío Javier Cravero #80)
* Expose the tempfile of UploadedFile (Sytse Sijbrandij #67)
* Bug fixes
* Improve support for arrays of hashes in multipart forms (Murray Steele #69)
* Improve test for query strings (Paul Grayson #66)
|
|
* As per spec, don't include STS header in non-https responses
* Handle bad URIs gracefully.
Some adapters (i.e. jruby-rack) will pass through bad URIs, then display
the resulting exception. This creates an attack vector for XSS attacks.
* Added more installation/usage instructions into the README
* Return 400 instead of 404 in case of InvalidURIError
* Include Content-Type in 400 response.
To stay compatible with old Rack versions.
* Skip URI parsing Request#url
URI may fail to parse some legit URL paths.
|
|
== 1.5.1 / 2014-12-31
* Maintenance
* Fix content-length being set (#66)
|
|
* Discard invalid Referer header.
If an invalid Referer header such as "http://example.com/bad|uri" is
provided, ignore the value of it and skip using the Host header fallback.
* refactor instantiation.
* fix typoed header name.
* clarify reaction warning, test it.
|
|
No exact changes are available.
|
|
No exact changes are available.
|
|
No exact changes are available.
|
|
* fix base url concatenation
* Adds instantiation settings via block or hash.
Fixes .downcase being called on symbols.
Cleaned up
Cleans up hash setter. Adds block support
Adds tests for hash and block instantiation
Undoes string fix for patron/request.rb to keep with scope.
* Handle two failing specs
One is failing due to no OS support for SSLv2. This is reasonable,
so I just removed SSLv2 from the list of SSL versions to test. This
doesn't change the meaning of the test at all.
I could not find the root cause of the other spec failure, though
I suspect it is a setup problem. I have disabled the spec for now
and will revisit it later on.
* Add doc comment
* Add a way to get the Request object
* Revert request action to be a symbol, but still allow upcase and
downcase strings.
|
|
0.12.5 (February 22nd 2015)
* FIX #1794 inheritance of global prereqs (@ujifgc)
* FIX #1798 handling non-array `with` statement for params (@ujifgc)
* FIX Russian translation for password (@harrykiselev)
* FIX Prevent Padrino from overriding cache settings (@dariocravero)
* FIX sequence of execution for configuration methods in application
(@namusyaka)
* FIX translations for admin for cs (@ortiga)
* FIX exception raised when running the controller generator (@namusyaka)
* FIX #1875 lock down rack to < 1.6.0 because of sinatra conflict (@ujifgc)
|
|
## 3.1.2 (1 September 2014)
- Updated to jquery-ujs 1.0.1
## 3.1.1 (23 June 2014)
- Updated to jQuery 1.11.1
- Updated to jquery-ujs 1.0.0
|
|
* pkgsrc change: add support for pkg_alternatives.
Now ruby-jekyll are consits of sub packages. And changes are too many to
write here.
|
|
ruby-jekyll-coffeescript
ruby-jekyll-gist
ruby-jekyll-paginate
ruby-jekyll-sass-converter
ruby-jekyll-watch
|
|
Rebuild your Jekyll site when a file changes with the `--watch` switch.
|
|
A Basic Sass converter for Jekyll.
|
|
Default pagination generator for Jekyll.
|
|
Liquid tag for displaying GitHub Gists in Jekyll sites.
|
|
A CoffeeScript converter for Jekyll.
|
|
|
|
No exact changes are available. Please refer commit log:
https://github.com/Compass/compass/commits/stable.
|
|
|
|
Changes the behavior of Sass's @import directive to only import a file once.
This plugin changes the behavior of Sass's `@import` directive so that
if the same sass file is imported more than once, the second import
will be a no-op. This allows dependencies to behave how most people
expect them to behave and provides a considerable performance improvement
for some sass projects.
**Note**: Although this plugin is maintained by compass, it can be used
without compass in any Sass-based project.
|
|
The Compass core stylesheet library and minimum required ruby extensions. This
library can be used stand-alone without the compass ruby configuration file or
compass command line tools.
|
|
Changes from previous:
----------------------
- Ignore ECONNABORTED on accept().
- Correctly implemented the config-file option change from "nosymlink" to
"nosymlinkcheck", which was supposedly done in version 2.24.
- Removed mailto: link from default index page.
- Allow CGIs to provide both Location and Status headers. (A. Skrobov)
- Better logic for figuring out CGI SERVER_NAME environment variable. (Oleg)
- Updated for clang, and general cleanup.
|
|
Upstream changes:
Highlights
MDL-35392 - Feedback from module assign is now always shown in the gradebook
MDL-31036 - No more truncating characters in assignment quick grading
MDL-46626 - Log report export no longer contains html
MDL-23273 - Limit of responses in choice module is respected in case of synchronous submissions
Functional changes
MDL-31578 - Shibboleth can map attributes for all Moodle fields including custom attributes
MDL-47911 - Performance improvement on gradebook operations
MDL-49240 - Web service core_get_string now functions correctly
MDL-45621 - It is possible to uninstall portfolio plugins
MDL-48670 - Standard behat tests now work properly regardless of user timezone
UI changes
MDL-48533 - Backup report now links to the individual course backup summaries
MDL-49064 - left-align css class now has an RTL equivalent in bootstrap base
Security issues
A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
Fixes and improvements
MDL-42138 - Required custom profile fields are always required on signup form even when user has logged in as guest
MDL-49059 - Possible to embed YouTube videos with start time or playlist info
MDL-48544 - Block region no longer disappears if all blocks in it were hidden
MDL-48841 - Fixed bug with not being able to reset scheduled task to defaults
MDL-49167 - Fixed regression with $CFG->yuislasharguments introduced by previous minor release
MDL-47953 - Grader report shows correct number of students per page when suspended users are present
MDL-48294 - enablemobilewebservice is no longer duplicated in Site admin
MDL-48679 - Fixed bug with missing grade export URL when using grade publishing
|
|
* Sync with firefox-36.0.1
|
|
Changelog:
Fixed 36.0.1 - Disable the usage of the ANY DNS query type (1093983)
Fixed 36.0.1 - Fixed a startup crash with EMET (1137050)
Fixed 36.0.1 - Hello may become inactive until restart (1137469)
Fixed 36.0.1 - Print preferences may not be preserved (1136855)
Fixed 36.0.1 - Hello contact tabs may not be visible (1137141)
Fixed 36.0.1 - Accept hostnames that include an underscore character ("_") (1136616)
Fixed 36.0.1 - WebGL may use significant memory with Canvas2d (1137251)
Fixed 36.0.1 - Option -remote has been restored (1080319)
Fixed 36.0.1 - Fix a top crash
|
|
|
|
These releases address a security issue in the Django admin.
* Issue: XSS attack via properties in ModelAdmin.readonly_fields
* Advisory: HTML escaping when calling template filters from Python code
|
