Age | Commit message (Collapse) | Author | Files | Lines |
|
#Version 2.13.0
Release date: 2017-03-16
### Added
* Selenium driver supports returning element(s) from evaluate_script [Thomas Walpole]
* rack_test driver supports click on checkboxes and radio buttons to change their states [Thomas Walpole]
* Support RSpec equivalent assertions and expectations for MiniTest [Thomas Walpole]
### Foxed
* Editing of content editable children with selenium
#Version 2.12.1
Release date: 2017-02-16
### Fixed
* Disable lazy Capybara::Results evaluation for JRuby due to ongoing issues
#Version 2.12.0
Release date: 2017-01-22
### Added
* Session#switch_to_frame for manually handling frame switching - Issue #1365 [Thomas Walpole]
* Session#within_frame now accepts a selector type (defaults to :frame) and locator [Thomas Walpole]
* Session#execute_script and Session#evaluate_script now accept optional arguments that will be passed to the JS function. This may not be supported
by all drivers, and the types of arguments that may be passed is limited. If drivers opt to support this feature they should support passing page elements. [Thomas Walpole]
* :exact option for text and title matchers - Issue #1256 [Thomas Walpole]
* :exact_text option for selector finders/minders - Issue #1256 [Thomas Walpole]
* Capybara.exact_text setting that affects the text matchers and :text options passed to selector finders/matchers. Issue #1256 [Thomas Walpole]
* :make_visible option for #attach_file that allows for convenient changing of the CSS style of a file input element before attaching the file to it. Requires driver
support for passing page elements to Session#execute_script [Thomas Walpole]
* assert_all_selectors/assert_none_of_selectors assertions added
* :link selector (used by find_link/click_link) now supports finding hyperlink placeholders (no href attribute) when href: nil option is specified [Thomas Walpole]
* `within_element` as an alias of `within` due to RSpec collision
### Fixed
* Fields inside a disabled fieldset are now correctly considered disabled - Issue #1816 [Thomas Walpole]
* Lazy Capybara::Results evaluation enabled for JRuby 9.1.6.0+
* A driver returning nil for #current_url won't raise an exception when calling #current_path [Dylan Reichstadt]
* Support Ruby 2.4.0 unified Integer [Koichi ITO]
* RackTest driver no longer modifies the text content of textarea elements in order to behave more like a real browser [Thomas Walpole]
* TextQuery (assert_text/have_text/etc) now ignores errors when trying to generate more helpful errors messages so the original error isn't hidden [Thomas Walpole]
#2.11.0
Release date: 2016-12-05
### Added
* Options for clearing session/local storage on reset added to the Selenium driver
* Window size changes wait for the size to stabilize
* Defined return value for most actions
* Ignore specific error when qutting selenium driver instance - Issue #1773 [Dylan Reichstadt, Thomas Walpole]
* Warn on selenium unknown errors rather than raising when quitting driver [Adam Pohorecki, Thomas Walpole]
* Capybara::Result#each now returns an `Enumerator` when called without a block - Issue #1777 [Thomas Walpole]
### Fixed
* Selenium driver with Chrome should support multiple file upload [Thomas Walpole]
* Fix visible: :hidden with :text option behavior [Thomas Walpole]
#2.10.2
Release date: 2016-11-30
### Fixed
* App exceptions with multiple parameter initializers now re-raised correctly - Issue #1785 [Michael Lutsiuk]
* Use Addressable::URI when parsing current_path since it's more lenient of technically invalid URLs - Issue #1801 [Marcos Duque, Thomas Walpole]
|
|
Sun Dec 4 18:48:03 2015 Jeremy Daer <jeremydaer@gmail.com>
* First-party "SameSite" cookies. Browsers omit SameSite cookies
from third-party requests, closing the door on many CSRF attacks.
Pass `same_site: true` (or `:strict`) to enable:
response.set_cookie 'foo', value: 'bar', same_site: true
or `same_site: :lax` to use Lax enforcement:
response.set_cookie 'foo', value: 'bar', same_site: :lax
Based on version 7 of the Same-site Cookies internet draft:
https://tools.ietf.org/html/draft-west-first-party-cookies-07
Thanks to Ben Toews (@mastahyeti) and Bob Long (@bobjflong) for
updating to drafts 5 and 7.
Wed Jun 24 12:13:37 2015 Aaron Patterson <tenderlove@ruby-lang.org>
* Fix Ruby 1.8 backwards compatibility
|
|
with cron.
|
|
|
|
See the commit messages of ruby-*42 for the list of notable changes
since 3.2.
|
|
|
|
|
|
from macallan@
While here, appease pkglint.
bump PKGREVISION.
|
|
|
|
|
|
Notable changes since 3.2:
- Change the stylesheet of exception pages for development
mode. Additionally display also the line of code and fragment that
raised the exception in all exceptions pages.
- protect_from_forgery also prevents cross-origin <script>
tags. Update your tests to use xhr :get, :foo, format: :js instead
of get :foo, format: :js.
- #url_for takes a hash with options inside an array.
- Added session#fetch method fetch behaves similarly to Hash#fetch,
#with the exception that the returned value is always saved into the
#session.
- Separated Action View completely from Action Pack.
- Log which keys were affected by deep munge.
- New config option config.action_dispatch.perform_deep_munge to opt
out of params "deep munging" that was used to address security
vulnerability CVE-2013-0155.
- New config option config.action_dispatch.cookies_serializer for
specifying a serializer for the signed and encrypted cookie jars.
- Added render :plain, render :html and render :body.
- The *_filter family of methods have been removed from the
documentation. Their usage is discouraged in favor of the *_action
family of methods:
- render nothing: true or rendering a nil body no longer add a single
space padding to the response body.
- Rails now automatically includes the template's digest in ETags.
- Segments that are passed into URL helpers are now automatically
escaped.
- Introduced the always_permitted_parameters option to configure which
parameters are permitted globally. The default value of this
configuration is ['controller', 'action'].
- Added the HTTP method MKCALENDAR from RFC 4791.
- *_fragment.action_controller notifications now include the
controller and action name in the payload.
- Improved the Routing Error page with fuzzy matching for route
search.
- Added an option to disable logging of CSRF failures.
- When the Rails server is set to serve static assets, gzip assets
will now be served if the client supports it and a pre-generated
gzip file (.gz) is on disk. By default the asset pipeline generates
.gz files for all compressible assets. Serving gzip files minimizes
data transfer and speeds up asset requests. Always use a CDN if you
are serving assets from your Rails server in production.
- When calling the process helpers in an integration test the path
needs to have a leading slash. Previously you could omit it but that
was a byproduct of the implementation and not an intentional
feature.
|
|
|
|
Action View provides simple, battle-tested conventions and helpers for
building web pages.
|
|
|
|
|
|
6.26 2017-04-12
- Perltidy all apps in the bin/ directory
- Make all apps in bin/ use strict and warnings (RT #92633)
- Fix bug tracker URL in metadata
|
|
#-----------------------------------------------------------------------
# Version 2.27 - 13th December 2016
#------------------------------------------------------------------------
* Ghost fixed the regex in the uri/url filters, removing double quotes
to make it RFC3986 compliant.
https://github.com/abw/Template2/issues/35
* Sean Zellmer added testrules.yml to always run compile*.t sequentially
https://github.com/abw/Template2/pull/45
* Simon Dawson added 'empty' vmethods for scalar, list and hash
https://github.com/abw/Template2/pull/46
* Dennis Clark added --envvars option to tpage
https://github.com/abw/Template2/pull/49
* Yanick Champoux made Template::Toolkit a module
https://github.com/abw/Template2/pull/51
* Various warnings silenced and typos fixed.
|
|
7.30 2017-04-04
- Deprecated Mojo::Server::Morbo::watch in favor of
Mojo::Server::Morbo::Backend::Poll::watch. (marcus)
- Added support for pluggable Morbo backends. (marcus)
- Added Mojo::Server::Morbo::Backend and Mojo::Server::Morbo::Backend::Poll
modules. (marcus)
- Added backend attribute to Mojo::Server::Morbo. (marcus)
- Added -b option to Morbo. (marcus)
|
|
5.04 2017--04-17
Release by Jeff Fearn
[FIXES]
* Remove Distzilla to fix RT #120521 #89820
* Add POD to htmltree RT #116367
* Speed up is_inside method RT #113415
- From Todd Rinaldo https://github.com/madsen/HTML-Tree/pull/5
* Fix extra spaces being added to comments RT #94311
- From Tomaz Solc
* Don't needlessly escape characters in element content RT #93431
- From Tomaz Solc
|
|
4.36 2017-03-29
[ ENHANCEMENT ]
- Support PATCH HTTP method (thanks to GovtGeek for the... patch)
- pass through max_age and samesite to CGI::Cookie->new in the call
in CGI->cookie (GH #220)
[ FIX ]
- skip t/command_line.t on windows as it doesn't work
|
|
Tue Apr 11 22:17:00 MSK 2017
Releasing GNU libmicrohttpd 0.9.53. -EG
Mon Apr 10 19:50:20 MSK 2017
HTTPS tests: skip tests instead of failing if HTTPS is not supported by
libcurl.
HTTPS tests: fixed return values so testsuite is able to correctly
interpret it.
Fixed ignored result of epoll test in test_https_get_select. -EG
Thu Apr 06 23:02:07 MSK 2017
Make zzuf tests compatible with *BSD platforms. -EG
Thu Apr 06 22:14:22 MSK 2017
Added warning for hypothetical extra large timeout.
Fixed incorrect timeout calculation under extra rare conditions.
Fixed accidental usage of IPv6 in testsuite in specific conditions. -EG
Wed Apr 05 14:14:22 MSK 2017
Updated autoinit_funcs.h to latest upstream version with proper support of
Oracle/Sun compiler. -EG
Wed Apr 05 12:53:26 MSK 2017
Fixed some compiler warnings.
Fixed error snprintf() errors detection in digestauth.c.
Converted many run-time 'strlen()' to compile-time calculations. -EG
Sun Mar 26 13:49:01 MSK 2017
Internal refactoring for simplification and unification.
Minor optimizations and minor fixes.
MHD_USE_ITC used again in thread pool mode. -EG
Sat Mar 25 20:58:24 CET 2017
Remove dead MHD_strx_to_sizet-functions and associated
test cases from code. -CG
Sat Mar 25 20:40:10 CET 2017
Allow chunk size > 16 MB (up to 2^64-1). Ignore
chunk extensions instead of triggering an error.
(fixes #4967). -CG
Tue Mar 25 20:59:18 MSK 2017
Check for invalid combinations of flags and options in
MHD_start_daemon(). -EG
Tue Mar 21 13:51:04 CET 2017
Use "-lrt" to link libmicrohttpd if we are using
clock_gettime() as needed by glibc < 2.17. -CG
Tue Mar 21 13:42:07 CET 2017
Allow chaining of suspend-resume calls withuot
the application processing data from the network. -CG
Mon Mar 20 0:51:24 MSK 2017
Added autoconf module for detection whatever shutdown of listening socket
trigger select. This is only reliable method to use such feature as some
platforms change behaviour from version to version. -EG
Sun Mar 19 13:57:30 MSK 2017
Rewritten logic of handling "upgraded" TLS connections in epoll mode:
used edge trigger instead of level trigger,
upgraded "ready" connection are stored in DL-list,
fixed handling of more than 128 ready connections,
fixed busy-waiting for idle "upgraded" TLS connections. -EG
Fri Mar 17 10:45:31 MSK 2017
If read buffer is full, MHD need to receive remote data and application
suspended connection, do not fail while connection is suspended and give
application one more chance to read data from buffer once connection is
resumed. -EG
Thu Mar 16 23:45:29 MSK 2017
Allow again to run MHD in external epoll mode by
MHD_run_from_select() - this allow unification of user code
and produce no harm for performance. Especially useful with
MHD_USE_AUTO flag. -EG
Thu Mar 16 23:12:07 MSK 2017
Idle connection should be disconnected *after* "timeout" number of
second, not *before* this number. -EG/VT
Thu Mar 16 22:31:54 MSK 2017
Unified update of last activity on connections.
Update last activity only if something is really transmitted.
Update last activity each time when something is transmitted.
Removed early duplicated check for timeout on HTTPS connections.
Removed update of last active time for connections without timeout.
Fixed reset of timeout timer on resumed connections.
Fixed never-expired timeouts on HTTPS connections.
Fixed thread-safety of MHD_set_connection_option(). -EG
Thu Mar 16 21:05:08 MSK 2017
Fixed minor bug resulted in slight slowdown of HTTPS connection
handshake. -EG
Thu Mar 16 20:35:59 MSK 2017
Improved thread-safety for DL-lists. -EG
Thu Mar 16 17:55:01 MSK 2017
Fixed thread-safety of MHD_get_daemon_info() for
MHD_DAEMON_INFO_CURRENT_CONNECTIONS. -EG
Thu Mar 16 16:49:07 MSK 2017
Added ability to get actual daemon flags via MHD_get_daemon_info().
Fixed test_upgrade to work in request mode.
Fixed compiler warnings in test_upgrade. -EG
Wed Mar 15 23:29:59 MSK 2017
Prevented socket read/write if connection is suspended.
Added missing resets of 'connection->in_idle'.
Reworked handling of suspended connection: ensure that
connection is not disconnected by timeout, always
updated read/write states right after suspending. -EG
Wed Mar 15 21:02:26 MSK 2017
Added new enum value MHD_CONNECTION_INFO_CONNECTION_TIMEOUT
to get connection timeout by MHD_get_connection_info(). -EG
Sat Mar 11 12:03:45 CET 2017
Fix largepost example from tutorial to properly generate
error pages. -CG
Fix largepost example, must only queue replies either before upload
happens or after upload is done, not while upload is ongoing
Fri Mar 10 16:37:12 CET 2017
Fix hypothetical integer overflow for very, very large
timeout values. -CG
Fri Mar 10 16:22:54 CET 2017
Handle case that we do not listen at all more gracefully
in MHD_start_daemon() and not pass '-1' to helper functions
that expect a valid socket. -CG
Tue Mar 7 12:11:44 BRT 2017
Updates file `.gitignore`.
Tue Mar 7 10:37:45 BRT 2017
Updated the MHD_OPTION_URI_LOG_CALLBACK's documentation.
Mon Mar 6 21:46:59 BRT 2017
Added the i18n example fixing #4924. -SC
Wed Mar 1 23:47:05 CET 2017
Minor internal optimisations.
Changed closure connection monitoring logic: now all connections are
monitored for OOB data (which treated as error), connections are not
monitored any more for incoming data if incoming data is not required for
processing. except_fd_set is not optional now for MHD_get_fdset(),
MHD_get_fdset2() and MHD_run_from_select().
Improved connection processing in epoll mode: now connection can process
both read and write each turn.
Updated HTTP response codes; updated and added all missing standard HTTP
headers names (and headers categories); updated and added all missing
standard and additional HTTP methods. Now MHD return status
MHD_HTTP_REQUEST_HEADER_FIELDS_TOO_LARGE (431) instead of old
MHD_HTTP_REQUEST_ENTITY_TOO_LARGE (413) for very long header.
Reworked handling of data pending in TLS buffers, resolved busy-waiting
if incoming data is pending in TLS buffers and connection is in
LOOP_INFO_WRITE mode.
Do not clear 'ready' flag in epoll mode if send()/recv() result is
EINTERRUPTED.
Better detection of unready connection state: used less number of calls of
recv()/send() in epoll mode.
Configure: do not run gcrypt and GnuTLS tests if HTTPS is disabled by
configure parameter.
Fixed wrong value returned by MHD_get_timeout().
All double-linked lists now walked from tail to head. As new items are
added to head, this result in more uniform processing time.
Improved sockets errors handling in epoll mode.
OOB data on 'upgraded' sockets is treated as error. -EG
Thu Feb 16 11:20:05 CET 2017
Replace tsearch configure check with code from gnulib. -CG
Wed Feb 15 13:35:36 CET 2017
Fixing a few very rare race conditions for thread-pool or
thread-per-connection operations during shutdown.
Various minor cosmetic improvements.
Fixed #4884 and #4888 (solaris portability issues). -CG
Wed Feb 08 22:33:10 MSK 2016
Ported test_quiesce_stream to W32.
Improved precompiler flags selection of OpenBSD.
Fixed sending responses backed by files not supported by sendfile().
Fixed thread safety for responses backed by file FD.
Updated fileserver_example.
Improved handling of 'upgraded' TLS forwarding in select() and poll()
modes.
Fixed processing of incoming TLS data in epoll mode if more than 128
connections are active.
Fixed accepting more than 128 incoming connection in epoll mode.
Improved test_large_put, added poll() and epoll testing.
Added test_large_put_inc for testing of incremental buffer processing.
Rewritten epoll connection processing logic: handle all connection one
time per turn instead of trying to handle all active connection until all
pending data is dried. Result is more uniform connection processing
period. -EG
Wed Nov 23 15:24:10 MSK 2016
Used SO_REUSEADDR (on non-W32) alongside with SO_REUSEPORT if option
MHD_OPTION_LISTENING_ADDRESS_REUSE was set. -EG
Wed Nov 23 12:48:23 MSK 2016
Move all gettext-related staff to 'po' subdirectory.
Excluded gettext files generation from normal build.
Removed generated files from GIT. -EG
Tue Nov 15 19:08:43 MSK 2016
Fixed forwarding "upgraded" TLS connections for
chunks sizes larger than buffer size. -EG
Mon Nov 14 22:18:30 MSK 2016
Fixed unintentional usage of SO_REUSEADDR on W32.
Added support for SO_EXCLBIND on Solaris.
Fixed using MHD with MHD_OPTION_LISTENING_ADDRESS_REUSE
on Linux kernels before 3.9 (longterm 3.2 and 3.4
are still supported). -EG
Sun Nov 13 19:16:38 CET 2016
Fixed a few race issues on suspend-resume in cases where the
application uses threads even though MHD did not (or at least
had no internal need for locking). Also fixed DLL handling of
the timeout list, avoiding manipulating it for suspended
connections. Finally, eliminated calling application logic
on suspended connections (which before could happen under
certain circumstances). -CG
Thu Nov 11 20:49:23 MSK 2016
Added support for various forms of
pthread_attr_setname_np() so thread names will be set
more efficiently on certain platforms (Solaris, NetBSD etc.) -EG
Thu Nov 10 21:50:35 MSK 2016
Added rejection in MHD_start_daemon() of invalid combinations
of daemon flags.
Added MHD_USE_AUTO and MHD_USE_AUTO_INTERNAL_THREAD for
automatic selection of polling function depending on
platform capabilities and requested mode. -EG
Thu Nov 10 17:49:56 MSK 2016
Ported "upgrade" tests to W32 and other platforms, used
"gnutls-cli" instead of "openssl" in tests, minor bugs
fixed, added verbose reporting if requested.
"Upgrade" processing - changed internal handling logic, improved
and refactored, bugs fixed, fixed sigpipe on Darwin, added
printing error to log, fixed compilation without HTTPS.
Added 'configure' parameter "--disable-httpupgrade" for building
minimal-sized MHD versions.
Added feature check "MHD_FEATURE_UPGRADE".
Responses destroyed (freed) earlier if possible.
Added many remarks in code comments about thread safety.
Some data races and other multithread-related issues are fixed,
including usage of closed sockets (may resulted in accidental closing
of wrong socket).
SO_NOSIGPIPE is used on all platform which support it, not only
on Darwin.
Added support for suspending connections in thread-per-connection
mode (itself almost useless, mostly to unify modes support).
Fixed Inter-Thread Communication channel usage in epoll modes.
Reworked daemon cleanups and handling MHD_stop_daemon(): resources
are freed only by specific threads, data races and other fixes.
Started usage of C99 standard 'bool' where supported with
fallback to 'int'.
Renamed many MHD flags. Now they are self-explainable and more
obvious, like MHD_USE_INTERNAL_POLLING_THREAD instead of
MHD_USE_SELECT_INTERNALLY. Old flag names are supported for
backward compatibility.
Improved processing of "fast" connections: now full sequence
"read request - send reply headers - send reply body" is processed
after single select()/poll(). If connection is slow, request is huge
or response in not immediately ready - connection will be processed
in "traditional" way.
Added usage of "calloc()" where supported.
Minor documentation fixes.
Minor improvements and fixes. -EG
"Upgrade" test fixes.
Documentation updated.
Added HTTP "Upgrade" example. -CG
|
|
|
|
Curl and libcurl 7.54.0
Public curl releases: 165
Command line options: 207
curl_easy_setopt() options: 245
Public functions in libcurl: 61
Contributors: 1538
This release includes the following changes:
o Add CURL_SSLVERSION_MAX_* constants to CURLOPT_SSLVERSION [19]
o Add --max-tls [19]
o Add CURLOPT_SUPPRESS_CONNECT_HEADERS [24]
o Add --suppress-connect-headers [24]
This release includes the following bugfixes:
o CVE-2017-7468: switch off SSL session id when client cert is used [68]
o cmake: Replace invalid UTF-8 byte sequence [1]
o tests: use consistent environment variables for setting charset
o proxy: fixed a memory leak on OOM
o ftp: removed an erroneous free in an OOM path
o docs: de-duplicate file lists in the Makefiles [2]
o ftp: fixed a NULL pointer dereference on OOM
o gopher: fixed detection of an error condition from Curl_urldecode
o url: fix unix-socket support for proxy-disabled builds [3]
o test1139: allow for the possibility that the man page is not rebuilt
o cyassl: get library version string at runtime
o digest_sspi: fix compilation warning
o tests: enable HTTP/2 tests to run with non-default port numbers
o warnless: suppress compiler warning
o darwinssl: Warn that disabling host verify also disables SNI [4]
o configure: fix for --enable-pthreads [5]
o checksrc.bat: Ignore curl_config.h.in, curl_config.h
o no-keepalive.d: fix typo [6]
o configure: fix --with-zlib when a path is specified [7]
o build: fix gcc7 implicit fallthrough warnings [8]
o fix potential use of uninitialized variables [9]
o CURLOPT_SSL_CTX_FUNCTION.3: Fix EXAMPLE formatting errors [10]
o CMake: Reorganize SSL support, separate WinSSL and SSPI [11]
o CMake: Add DarwinSSL support [12]
o CMake: Add mbedTLS support [13]
o ares: return error at once if timed out before name resolve starts [14]
o BINDINGS: added C++, perl, go and Scilab bindings
o URL: return error on malformed URLs with junk after port number
o KNOWN_BUGS: Add DarwinSSL won't import PKCS#12 without a password [15]
o http2: Fix assertion error on redirect with CL=0 [16]
o updatemanpages.pl: Update man pages to use current date and versions [17]
o --insecure: clarify that this option is for server connections [18]
o mkhelp: simplified the gzip code
o build: fixed making man page in out-of-tree tarball builds
o tests: disabled 1903 due to flakiness
o openssl: add two /* FALLTHROUGH */ to satisfy coverity
o cmdline-opts: fixed a few typos
o authneg: clear auth.multi flag at http_done [20]
o curl_easy_reset: Also reset the authentication state [21]
o proxy: skip SSL initialization for closed connections [22]
o http_proxy: ignore TE and CL in CONNECT 2xx responses [23]
o tool_writeout: fixed a buffer read overrun on --write-out
o make: regenerate docs/curl.1 by running make in docs [25]
o winbuild: add basic support for OpenSSL 1.1.x [26]
o build: removed redundant DEPENDENCIES from makefiles
o CURLINFO_LOCAL_PORT.3: added example
o curl: show HTTPS-Proxy options on CURLE_SSL_CACERT [27]
o tests: strip more options from non-HTTP --libcurl tests
o tests: fixed the documented test server port numbers
o runtests.pl: fixed display of the Gopher IPv6 port number
o multi: fix streamclose() crash in debug mode [28]
o cmake: build manual pages [29]
o cmake: add support for building HTML and PDF docs [30]
o mbedtls: add support for CURLOPT_SSL_CTX_FUNCTION [31]
o make: introduce 'test-nonflaky' target
o CURLINFO_PRIMARY_IP.3: add example
o tests/README: mention nroff for --manual tests [32]
o mkhelp: disable compression if the perl gzip module is unavailable
o openssl: fall back on SSL_ERROR_* string when no error detail [33]
o asiohiper: make sure socket is open in event_cb [34]
o tests/README: make "Run" section foolproof [35]
o curl: check for end of input in writeout backslash handling
o .gitattributes: turn off CRLF for *.am [36]
o multi: fix MinGW-w64 compiler warnings
o schannel: fix variable shadowing warning
o openssl: exclude DSA code when OPENSSL_NO_DSA is defined [37]
o http: Fix proxy connection reuse with basic-auth [38]
o pause: handle mixed types of data when paused [39]
o http: do not treat FTPS over CONNECT as HTTPS
o conncache: make hashkey avoid malloc [40]
o make: use the variable MAKE for recursive calls [41]
o curl: fix callback argument inconsistency [42]
o NTLM: check for features with #ifdef instead of #if [43]
o cmake: add several missing files to the dist
o select: use correct SIZEOF_ constant [44]
o connect: fix unreferenced parameter warning
o schannel: fix unused variable warning
o gcc7: fix ‘*’ in boolean context [45]
o http2: silence unused parameter warnings
o ssh: fix narrowing conversion warning
o telnet: (win32) fix read callback return variable [46]
o docs: Explain --fail-early does not imply --fail [47]
o docs: added examples for CURLINFO_FILETIME.3 and CURLOPT_FILETIME.3
o tests/server/util: remove in6addr_any for recent MinGW [48]
o multi: make curl_multi_wait avoid malloc in the typical case [49]
o include: curl/system.h is a run-time version of curlbuild.h [50]
o easy: silence compiler warning
o llist: replace Curl_llist_alloc with Curl_llist_init [51]
o hash: move key into hash struct to reduce mallocs [52]
o url: don't free postponed data on connection reuse [53]
o curl_sasl: declare mechtable static
o curl: fix Windows Unicode build
o multi: fix queueing of pending easy handles [54]
o tool_operate: fix MinGW compiler warning [55]
o low_speed_limit: improved function for longer time periods [56]
o gtls: fix compiler warning
o sspi: print out InitializeSecurityContext() error message [57]
o schannel: fix compiler warnings [58]
o vtls: fix unreferenced variable warnings
o INSTALL.md: fix secure transport configure arguments
o CURLINFO_SCHEME.3: fix variable type
o libcurl-thread.3: also mention threaded-resolver [59]
o nss: load CA certificates even with --insecure [60]
o openssl: fix this statement may fall through [61]
o poll: prefer <poll.h> over <sys/poll.h> [62]
o polarssl: unbreak build with versions < 1.3.8 [63]
o Curl_expire_latest: ignore already expired timers [64]
o configure: turn implicit function declarations into errors [65]
o mbedtls: fix memory leak in error path [66]
o http2: fix handle leak in error path [67]
o .gitattributes: force shell scripts to LF [69]
o configure.ac: ignore CR after version numbers [70]
o extern-scan.pl: strip trailing CR [71]
o openssl: make SSL_ERROR_to_str more future-proof [72]
o openssl: fix thread-safety bugs in error-handling [73]
o openssl: don't try to print nonexistant peer private keys [74]
o nss: fix MinGW compiler warnings [75]
|
|
|
|
HTML sanitization for Rails applications.
|
|
|
|
Deprecated sanitizer API extracted from Action View.
|
|
|
|
|
|
|
|
Bump PKGREVISION.
|
|
Bump PKGREVISION.
|
|
56 now.
|
|
so existing users won't need to modify their configs
|
|
http2 is defined in pkgsrc/mk/defaults/options.description
|
|
SUBST_SED.confs+= -e "s|logs/|${VARBASE}/log/httpd/|g"
SUBST_SED.confs+= -e 's|/var/log/httpd/foo\.log|logs/foo.log/|g'
The first one only applied to an instrucion in the comment at the top of
the configuration file and made it meaningless.
The second one has been useless.
|
|
|
|
Bugs Fixed
* Incorrect version for mod_wsgi was being reported in server token.
* On 32 bit platforms, when reading from request content, all input would be returned and the chunk size would be ignored.
|
|
|
|
===================
- fix: continue if SO_REUSEPORT seems to be available but fails (:issue:`1480`)
- fix: support non-decimal values for the umask command line option (:issue:`1325`)
19.7.0 / 2017/03/01
===================
- The previously deprecated ``gunicorn_django`` command has been removed.
Use the :ref:`gunicorn-cmd` command-line interface instead.
- The previously deprecated ``django_settings`` setting has been removed.
Use the :ref:`raw-env` setting instead.
- The default value of :ref:`ssl-version` has been changed from
``ssl.PROTOCOL_TLSv1`` to ``ssl.PROTOCOL_SSLv23``.
- fix: initialize the group access list when initgroups is set (:issue:`1297`)
- add environment variables to gunicorn access log format (:issue:`1291`)
- add --paste-global-conf option (:issue:`1304`)
- fix: print access logs to STDOUT (:issue:`1184`)
- remove upper limit on max header size config (:issue:`1313`)
- fix: print original exception on AppImportError (:issue:`1334`)
- use SO_REUSEPORT if available (:issue:`1344`)
- `fix leak <https://github.com/benoitc/gunicorn/commit/b4c41481e2d5ef127199a4601417a6819053c3fd>`_ of duplicate file descriptor for bound sockets.
- add --reload-engine option, support inotify and other backends (:issue:`1368`, :issue:`1459`)
- fix: reject request with invalid HTTP versions
- add ``child_exit`` callback (:issue:`1394`)
- add support for eventlets _AlreadyHandled object (:issue:`1406`)
- format boot tracebacks properly with reloader (:issue:`1408`)
- refactor socket activation and fd inheritance for better support of SystemD (:issue:`1310`)
- fix: o fds are given by default in gunicorn (:issue:`1423`)
- add ability to pass settings to GUNICORN_CMD_ARGS environment variable which helps in container world (:issue:`1385`)
- fix: catch access denied to pid file (:issue:`1091`)
- many additions and improvements to the documentation
|
|
Changes:
2.5.2 (2017-01-27)
------------------
- Resolved issue where the ``HTTP2-Settings`` header value for plaintext
upgrade that was emitted by ``initiate_upgrade_connection`` included the
*entire* ``SETTINGS`` frame, instead of just the payload.
- Resolved issue where the ``HTTP2-Settings`` header value sent by a client for
plaintext upgrade would be ignored by ``initiate_upgrade_connection``, rather
than have those settings applied appropriately.
2.4.3 (2017-01-27)
------------------
- Resolved issue where the ``HTTP2-Settings`` header value for plaintext
upgrade that was emitted by ``initiate_upgrade_connection`` included the
*entire* ``SETTINGS`` frame, instead of just the payload.
- Resolved issue where the ``HTTP2-Settings`` header value sent by a client for
plaintext upgrade would be ignored by ``initiate_upgrade_connection``, rather
than have those settings applied appropriately.
2.3.4 (2017-01-27)
------------------
- Resolved issue where the ``HTTP2-Settings`` header value for plaintext
upgrade that was emitted by ``initiate_upgrade_connection`` included the
*entire* ``SETTINGS`` frame, instead of just the payload.
- Resolved issue where the ``HTTP2-Settings`` header value sent by a client for
plaintext upgrade would be ignored by ``initiate_upgrade_connection``, rather
than have those settings applied appropriately.
2.5.1 (2016-12-17)
------------------
Bugfixes
~~~~~~~~
- Remote peers are now allowed to send zero or any positive number as a value
for ``SETTINGS_MAX_HEADER_LIST_SIZE``, where previously sending zero would
raise a ``InvalidSettingsValueError``.
2.5.0 (2016-10-25)
------------------
API Changes (Backward-Compatible)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- Added a new ``H2Configuration`` object that allows rich configuration of
a ``H2Connection``. This object supersedes the prior keyword arguments to the
``H2Connection`` object, which are now deprecated and will be removed in 3.0.
- Added support for automated window management via the
``acknowledge_received_data`` method. See the documentation for more details.
- Added a ``DenialOfServiceError`` that is raised whenever a behaviour that
looks like a DoS attempt is encountered: for example, an overly large
decompressed header list. This is a subclass of ``ProtocolError``.
- Added support for setting and managing ``SETTINGS_MAX_HEADER_LIST_SIZE``.
This setting is now defaulted to 64kB.
- Added ``h2.errors.ErrorCodes``, an enum that is used to store all the HTTP/2
error codes. This allows us to use a better printed representation of the
error code in most places that it is used.
- The ``error_code`` fields on ``ConnectionTerminated`` and ``StreamReset``
events have been updated to be instances of ``ErrorCodes`` whenever they
correspond to a known error code. When they are an unknown error code, they
are instead ``int``. As ``ErrorCodes`` is a subclass of ``int``, this is
non-breaking.
- Deprecated the other fields in ``h2.errors``. These will be removed in 3.0.0.
Bugfixes
~~~~~~~~
- Correctly reject request header blocks with neither :authority nor Host
headers, or header blocks which contain mismatched :authority and Host
headers, per RFC 7540 Section 8.1.2.3.
- Correctly expect that responses to HEAD requests will have no body regardless
of the value of the Content-Length header, and reject those that do.
- Correctly refuse to send header blocks that contain neither :authority nor
Host headers, or header blocks which contain mismatched :authority and Host
headers, per RFC 7540 Section 8.1.2.3.
- Hyper-h2 will now reject header field names and values that contain leading
or trailing whitespace.
- Correctly strip leading/trailing whitespace from header field names and
values.
- Correctly refuse to send header blocks with a TE header whose value is not
``trailers``, per RFC 7540 Section 8.1.2.2.
- Correctly refuse to send header blocks with connection-specific headers,
per RFC 7540 Section 8.1.2.2.
- Correctly refuse to send header blocks that contain duplicate pseudo-header
fields, or with pseudo-header fields that appear after ordinary header fields,
per RFC 7540 Section 8.1.2.1.
This may cause passing a dictionary as the header block to ``send_headers``
to throw a ``ProtocolError``, because dictionaries are unordered and so they
may trip this check. Passing dictionaries here is deprecated, and callers
should change to using a sequence of 2-tuples as their header blocks.
- Correctly reject trailers that contain HTTP/2 pseudo-header fields, per RFC
7540 Section 8.1.2.1.
- Correctly refuse to send trailers that contain HTTP/2 pseudo-header fields,
per RFC 7540 Section 8.1.2.1.
- Correctly reject responses that do not contain the ``:status`` header field,
per RFC 7540 Section 8.1.2.4.
- Correctly refuse to send responses that do not contain the ``:status`` header
field, per RFC 7540 Section 8.1.2.4.
- Correctly update the maximum frame size when the user updates the value of
that setting. Prior to this release, if the user updated the maximum frame
size hyper-h2 would ignore the update, preventing the remote peer from using
the higher frame sizes.
2.4.2 (2016-10-25)
------------------
Bugfixes
~~~~~~~~
- Correctly update the maximum frame size when the user updates the value of
that setting. Prior to this release, if the user updated the maximum frame
size hyper-h2 would ignore the update, preventing the remote peer from using
the higher frame sizes.
2.3.3 (2016-10-25)
------------------
Bugfixes
~~~~~~~~
- Correctly update the maximum frame size when the user updates the value of
that setting. Prior to this release, if the user updated the maximum frame
size hyper-h2 would ignore the update, preventing the remote peer from using
the higher frame sizes.
2.2.7 (2016-10-25)
------------------
*Final 2.2.X release*
Bugfixes
~~~~~~~~
- Correctly update the maximum frame size when the user updates the value of
that setting. Prior to this release, if the user updated the maximum frame
size hyper-h2 would ignore the update, preventing the remote peer from using
the higher frame sizes.
2.4.1 (2016-08-23)
------------------
Bugfixes
~~~~~~~~
- Correctly expect that responses to HEAD requests will have no body regardless
of the value of the Content-Length header, and reject those that do.
2.3.2 (2016-08-23)
------------------
Bugfixes
~~~~~~~~
- Correctly expect that responses to HEAD requests will have no body regardless
of the value of the Content-Length header, and reject those that do.
2.4.0 (2016-07-01)
------------------
API Changes (Backward-Compatible)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- Adds ``additional_data`` to ``H2Connection.close_connection``, allowing the
user to send additional debug data on the GOAWAY frame.
- Adds ``last_stream_id`` to ``H2Connection.close_connection``, allowing the
user to manually control what the reported last stream ID is.
- Add new method: ``prioritize``.
- Add support for emitting stream priority information when sending headers
frames using three new keyword arguments: ``priority_weight``,
``priority_depends_on``, and ``priority_exclusive``.
- Add support for "related events": events that fire simultaneously on a single
frame.
2.3.1 (2016-05-12)
------------------
Bugfixes
~~~~~~~~
- Resolved ``AttributeError`` encountered when receiving more than one sequence
of CONTINUATION frames on a given connection.
2.2.5 (2016-05-12)
------------------
Bugfixes
~~~~~~~~
- Resolved ``AttributeError`` encountered when receiving more than one sequence
of CONTINUATION frames on a given connection.
2.3.0 (2016-04-26)
------------------
API Changes (Backward-Compatible)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- Added a new flag to the ``H2Connection`` constructor: ``header_encoding``,
that controls what encoding is used (if any) to decode the headers from bytes
to unicode. This defaults to UTF-8 for backward compatibility. To disable the
decode and use bytes exclusively, set the field to False, None, or the empty
string. This affects all headers, including those pushed by servers.
- Bumped the minimum version of HPACK allowed from 2.0 to 2.2.
- Added support for advertising RFC 7838 Alternative services.
- Allowed users to provide ``hpack.HeaderTuple`` and
``hpack.NeverIndexedHeaderTuple`` objects to all methods that send headers.
- Changed all events that carry headers to emit ``hpack.HeaderTuple`` and
``hpack.NeverIndexedHeaderTuple`` instead of plain tuples. This allows users
to maintain header indexing state.
- Added support for plaintext upgrade with the ``initiate_upgrade_connection``
method.
Bugfixes
~~~~~~~~
- Automatically ensure that all ``Authorization`` and ``Proxy-Authorization``
headers, as well as short ``Cookie`` headers, are prevented from being added
to encoding contexts.
2.2.4 (2016-04-25)
------------------
Bugfixes
~~~~~~~~
- Correctly forbid pseudo-headers that were not defined in RFC 7540.
- Ignore AltSvc frames, rather than exploding when receiving them.
2.1.5 (2016-04-25)
------------------
*Final 2.1.X release*
Bugfixes
~~~~~~~~
- Correctly forbid pseudo-headers that were not defined in RFC 7540.
- Ignore AltSvc frames, rather than exploding when receiving them.
|
|
Changes:
5.0.0 (2017-03-07)
------------------
**Backwards Incompatible API Changes**
- Added support for unknown extension frames. These will be returned in the new
``ExtensionFrame`` object. The flag information for these frames is persisted
in ``flag_byte`` if needed.
4.0.2 (2017-02-20)
------------------
**Bugfixes**
- Fixed AltSvc stream association, which was incorrectly set to ``'both'``:
should have been ``'either'``.
- Fixed a bug where stream IDs on received frames were allowed to be 32-bit,
instead of 31-bit.
- Fixed a bug with frames that had the ``PADDING`` flag set but zero-length
padding, whose flow-controlled length was calculated wrongly.
- Miscellaneous performance improvements to serialization and parsing logic.
4.0.1 (2016-03-13)
------------------
**Bugfixes**
- Fixed bug with the repr of ``AltSvcFrame``, where building it could throw
exceptions if the frame had been received from the network.
4.0.0 (2016-03-13)
------------------
**Backwards Incompatible API Changes**
- Updated old ALTSVC frame definition to match the newly specified RFC 7838.
- Remove BLOCKED frame, which was never actually specified.
- Removed previously deprecated ``SettingsFrame.SETTINGS_MAX_FRAME_SIZE`` and
``SettingsFrame.SETTINGS_MAX_HEADER_LIST_SIZE``.
|
|
|
|
|
|
|
|
Changes:
## 2.12 - 2017-04-11
### Added
* Queueing of key events - fixes swalled chars in case of some imap bindings
#258 (thanks to Michael Mackus)
* Allow to disable xembed by `FEATURE_NO_XEMBED` to compile on wayland only
platforms (thanks to Patrick Steinhardt)
* Custom default_zoom setting disables HIGH_DPI logic (thanks to Robert Timm)
* Allow link activation from search result via `<CR>` #131
### Changed
* Allow shortcuts without parameters #329
* Write soup cache to disk after each page load to allow other instances to
pick this up.
* Use the beginning position of links for hinting (thanks to Yutao Yuan)
### Fixed
* Fix path expansion to accept only valid POSIX.1-2008 usernames (thanks to
Manzur Mukhitdinov)
* Fix default previouspattern (thanks to Nicolas Porcel)
Please note that this is the last release of the vimb for WebKit1. WebKit1 is not
supported anymore and is considered unsecure.
So this release is a way to end the WebKit1 version of vimb gracefully.
I hope the WebKit2 branch will be in alpha state soon. Hope some developer
will help to migrate the known features to the new WebKit2 process model.
Help is appreciated.
|
|
|
|
|
|
Apache Tomcat is an implementation of the Java Servlet and JavaServer Pages
technologies. The Java Servlet and JavaServer Pages specifications are
developed under the Java Community Process.
Apache Tomcat is developed in an open and participatory environment and
released under the Apache Software License. Apache Tomcat is intended to
be a collaboration of the best-of-breed developers from around the world.
We invite you to participate in this open development project.
Apache Tomcat powers numerous large-scale, mission-critical web applications
across a diverse range of industries and organizations.
This package tracks 8.5.x release branch.
|
|
|