| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
If selected, the existing apache-mpm-event, apache-mpm-prefork and
apache-mpm-worker options determine which will be loaded in the default
config file.
Note: if worker is in the mix, the build will simply never build mod_cgi,
regardless of which MPM is the default.
|
|
Upstream changes:
0.9507 Fri Dec 9 09:44:49 EET 2011
- patch for XSS vulnerability in HTML::Template::Pro
thanks to Shigeki Morimoto shigeki.morimoto mixi.co.jp
0.9508 Mon Dec 26 16:13:37 EET 2011
- use unicode quoting in XSS vulnerability patch (more portable)
thanks to Shigeki Morimoto shigeki.morimoto mixi.co.jp
0.9509 Tue Feb 28 21:15:28 EET 2012
- more verbose messages for tag stack underflow
|
|
|
|
== Changes
= Changes in 2.2.7 =
August 14, 2012 - version 2.2.7
* Bug fixes
* Fix arity incompatibility introduced in 2.2.6. It broke Webmock.
Thanks Andrew France for the report!
= Changes in 2.2.6 =
August 14, 2012 - version 2.2.6
* Bug fixes
* Make get_content doesn't raise a BadResponseError for perfectly good
responses like 304 Not Modified. Thanks to Florian Hars.
* Add 'Content-Type: application/x-www-form-urlencoded' for the PUT
request that has urlencoded entity-body.
* Features
* Add HTTPClient::IncludeClient by Jonathan Rochkind, a mix-in for easily
adding a thread-safe lazily initialized class-level HTTPClient object
to your class.
* Proxy DigestAuth support. Thanks to Alexander Kotov and Florian Hars.
* Accept an array of strings (and IO-likes) as a query value
e.g. `{ x: 'a', y: [1,2,3] }` is encoded into `"x=a&y=1&y=2&y=3"`.
Thanks to Akinori MUSHA.
* Allow body for DELETE method.
* Allow :follow_redirect => true for HEAD request.
* Fill request parameters request_method, request_uri and request_query
as part of response Message::Header.
|
|
Solves (new) PKG_DEVELOPER check error message:
ERROR: lib/httpd/mod_dtcl.so: missing library: libtcl8x.so
|
|
- Fixed bug (apc_bin_dump doesn't swizzle bucket arKey in HashTable)
(Laruence)
- Fixed bug #62825 (php carshed OR return PHP Fatal error when used
apc_bin_dump after apc_store) (Laruence)
- Fixed bug due to Conditional "jump or move depends on uninitialised
value(s)" in apc_op_ZEND_INCLUDE_OR_EVAL and apc_bin_dump (Laruence)
- Fixed bug #62802 (Crash when use apc_bin_dump/load) (Laruence)
- Fixed bug #62757 (php-fpm carshed when used apc_bin_dumpfile with
apc.serializer) (Laruence)
- Fixed bug #62765 (apc_bin_dumpfile report Fatal error when there is "goto"
in function) (Laruence)
- Fixed bug #61133 (segfault in tests/apc_bin_002.phpt) (Laruence)
- Fixed handling of userspace stream wrappers simulating file
inclusion/requiring (Anatoliy, Rasmus)
- Fixed bug #62699 trait aliases and precedences handling (Anatoliy)
- Added cli built-in server tests (Anatoliy)
- Fixed filter regex freeing on request shutdown (Anatoliy)
- Fixed interned strings storage freeing on module shutdown (Anatoily)
- Fixed bug #61742 preload_path does not work due to incorrect string length
(Anatoliy)
- Fixed several memory leaks it APCIterator (Anatoliy)
- Fixed potential overflows in bin dumps (Anatoliy)
|
|
|
|
from 3.28 to 3.31.
Upstream changes:
3.31 2012-08-15
- Added accept_charset, accept_encoding, content_encoding, origin and
sec_websocket_extensions methods to Mojo::Headers.
- Improved documentation.
- Improved tests.
3.30 2012-08-14
- Added te method to Mojo::Headers.
- Improved documentation.
- Fixed small content encoding bug in Mojo::Message.
3.29 2012-08-13
- Improved documentation.
- Improved tests.
- Fixed small timing bugs in WebSocket and TLS tests.
|
|
* It seems that http://secunia.com/advisories/49894 and
http://secunia.com/advisories/50214 are fixed
Changelog:
Version 4.0.7 Aug 15th 2012
Show Login Button when user and password are auto-completed
Sanitize LDAP base, user and groups
Fix non active Adressbooks
Calendar: Remove double html encoding
Fix label for versioning in admin settings
Add parent directory into filecache if it ©¹doesn¡t exist
Handle non writable files correctly
Disable webfinger completely if not activated
Security: Disable user listings in DAV
Check file blacklist for file renames
Security: Fix XSS bug in Gallery
Security: Several CSRF security fixes
Security: Validate cookie to prevent auth bypasses
Special thanks to Julien Cayssol for reporting several security problems
Version 4.0.6 Aug 1th 2012
More robust LDAP integration during unexpected collisions
Fix sharing for users with @ in username
Additional error handling for emailing of private links
Cleanup old session files
Fix user space calculation
Fix Ampache authentication
Remove delete tipsy if file is deleted
Don¡t delete lot¡s of session files during DAV requests
Fix error when no adressbook is created
Check if php-ldap is installed
Security: Check for Admin user in appconfig.php
Security: Several CSRF security fixes
Version 4.0.5 July 20th 2012
Fix remember the username and autologin
Offer an option to allow sharing outside the group.
Fix for birthday format
Fixes for several encoding fixes for unicode characters
Fix invalid filesystem cache in the sharing folder
Several calendar and contacts fixes
Fix sending of emails
Several fixes in the system log
Several fixes for the external filesystem feature
Several CSRF security fixes
|
|
1.1.1:
There are no database changes in this release
Bug Fixes
Unassigned variable warning in Principal.php calling BuildDeadPropertyXML
Notification of deletes when hide_older_than is set
Fixes to URL encoding of some CalDAV/CardDAV properties
Fix to Basic Auth handling in admin UI
Fix CalDAV client library to handle multiple 'Allow' headers in OPTIONS response
Fix ldap driver to handle numeric usernames correctly.
Add handling for allprop and ommission of prop tag in calendar-query, calendar-multiget and addressbook-query
Fix parsing of relative alarm times where the event has a timezone
Correct detection of suhosin.server_strip status (from Christoph Anton Mitterer via debian bug #656392).
Other minor bugfixes.
Other Changes
Add support for ldap mapping of multiple fields to one DAViCal field (from Sylvain BURGER)
Generally improved support for a wider range of DAV/CalDAV/CardDAV properties in calendar-query, calendar-multiget and addressbook-query
1.1.0:
Database Upgrade
There are several changes to in-database functions.
Bug Fixes
Obscure password in LDAP debug log messages
Fix bugs parsing some RFC5545 duration values
Fix handling of ?mode=append when uploading calendar data.
Various fixes to external BIND support.
Fix some errors in content-type detection & handling.
Correct round-trip handling of arbitrary XML in dead properties.
Fix bugs in editing of existing grants.
Other Changes
Support for WebDAV Synchronisation is updated to match the final RFC.
Support If-Modified-Since header.
Merge iSchedule support from Rob Ostenson.
Add support for initialising an addressbook from a file of VCARDs
Add support for 'Prefer' and 'Brief' headers.
Reduce logging noise from 401 and 404 responses.
Some query performance improvements.
When someone is delegated 'write' by a principal they can now maintain that principal's details in the Admin UI.
New default_collections setting which replaces home_calendar_name and home_addressbook_name (these are deprecated)
|
|
|
|
This release fixes several security problems TYPO3-CORE-SA-2012-004,
<http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/>
2012-08-15 ccf6b0a [RELEASE] Release of TYPO3 4.7.4 (TYPO3 Release Team)
2012-08-15 14d5d72 #21634 [SECURITY] XSS in install tool (Mario Rimann)
2012-08-15 a1c3165 #32653 [SECURITY] Page Link Target vulnerable to XSS (Markus Bucher)
2012-08-15 8cf7db7 #25052 [SECURITY] XSS in validateForm (Markus Bucher)
2012-08-15 59e028a #25356 [SECURITY] XSS in TCE forms (Christian Kuhn)
2012-08-15 758c217 #30967 [SECURITY] XSS in Scheduler Example Task (Mario Rimann)
2012-08-15 44e8ae6 #37127 [SECURITY] HTML5 support in RemoveXSS (Franz G. Jahn)
2012-08-15 7c778d3 #39345 [SECURITY] Information Disclosure in the Configuration Module (Mario Rimann)
2012-08-15 044ae9a #33520 [SECURITY] Untrusted GP data is unserialized in old CSH handling (Marcus Krause)
2012-08-15 0bcecd8 #31927 [SECURITY] XSS in Indexed Search statistics (Steffen Gebert)
2012-08-15 774537c #23226Security [SECURITY] t3lib_div::quoteJSvalue allows XSS (Helmut Hummel)
2012-08-15 a9383b1 [TASK] Raise submodule pointer (TYPO3 Release Team)
2012-08-15 7edbd63 [TASK] Update version numbers to 4.7.4 (Steffen Ritter)
2012-08-08 9fe9e97 [RELEASE] Release of TYPO3 4.7.3 (TYPO3 Release Team)
2012-08-07 ae9d18c #36616 [BUGFIX] sectionIndex menu is not i18n ready (Stefan Galinski)
2012-08-07 6985616 #39583 [BUGFIX] Exception "Could not create directory" (Michael Klapper)
2012-08-06 8824193 #38548 [BUGFIX] Incorrect search-results when searching for part of word (Tymoteusz Motylewski)
2012-08-05 943c50e #39527 [BUGFIX] Pass $fieldName when processing FlexForm DS in t3lib_transferData (Claus Due)
2012-08-03 cb8d2a6 #39509 [BUGFIX] t3lib_db - expects parameter 1 to be resource, boolean given (Michael Klapper)
2012-08-01 5b8d6c4 #38849 [BUGFIX] IRRE childs don't expand in Internet Explorer (Stefan Aebischer)
2012-08-01 569164c #39417 [BUGFIX] t3lib_db::exec_SELECTgetRows method annotation (Nicole Cordes)
2012-07-29 8700d8a #39203 [BUGFIX] BE User Settings cannot be saved by clicking enter (Mario Rimann)
2012-07-28 fa8b919 #39338 [BUGFIX] RTE: Installation of AllowClipboardHelper is not triggered (Stanislas Rolland)
2012-07-25 02442d8 #38691 [BUGFIX] Exclude E_STRICT from errors with PHP 5.4 (Philipp Gampe)
2012-07-25 a3e05a3 #38604 [TASK] Always return a boolean in t3lib_div::validPathStr (Andy Grunwald)
2012-07-24 5a9b3ea #39220 [BUGFIX] Invalid fallback for non-localized labels (Xavier Perseguers)
2012-07-23 fc1a8f0 #37967 [BUGFIX] YouTube videos can not be played with Media CE (Kai Vogel)
2012-07-23 ac4f234 #34152 [BUGFIX] stdWrap numRows fails due to wrong SELECT clause (Ernesto Baschny)
2012-07-21 7c56214 [TASK] Raise submodule pointer (TYPO3 Release Team)
2012-07-21 e3e08c1 #39067 [TASK] Change @deprecated annotation to the correct version (Wouter Wolters)
2012-07-20 e931425 #39026 [BUGFIX] QT movies prefixed abusively in Media CE (Francois Suter)
2012-07-20 a450514 #39052 [BUGFIX] Send sane HTTP response in showpic on error (Christian Kuhn)
2012-07-15 51823dc #38104 [BUGFIX] Remove bogus template in template analyzer (Helmut Hummel)
2012-07-09 2cce3f0 #38791 [BUGFIX] accessibilityWrap ignores simple value (Jigal van Hemert)
2012-07-07 8d29e26 #18771 [BUG] t3lib_div::getFilesInDir order differs from order in File list (Benjamin Mack)
2012-07-06 83672e8 #36316 [BUGFIX] RTE: Importing google webfonts breaks style sheet parsing (Stanislas Rolland)
2012-07-05 c0ba55f #36438 [BUGFIX] RTE spellcheck issue on Windows server (Stanislas Rolland)
2012-07-05 d35320b #38657 [BUGFIX] RTE 4.7: Incorrect behaviours in IE9 native mode (Stanislas Rolland)
|
|
This release fixes several security problems TYPO3-CORE-SA-2012-004,
<http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/>
2012-08-15 a1e439e [RELEASE] Release of TYPO3 4.6.12 (TYPO3 Release Team)
2012-08-15 7a839a3 #21634 [SECURITY] XSS in install tool (Mario Rimann)
2012-08-15 2ae69c8 #32653 [SECURITY] Page Link Target vulnerable to XSS (Markus Bucher)
2012-08-15 1eaebd3 #25052 [SECURITY] XSS in validateForm (Markus Bucher)
2012-08-15 9b2b8fb #25356 [SECURITY] XSS in TCE forms (Christian Kuhn)
2012-08-15 6376643 #30967 [SECURITY] XSS in Scheduler Example Task (Mario Rimann)
2012-08-15 a4a20e9 #37127 [SECURITY] HTML5 support in RemoveXSS (Franz G. Jahn)
2012-08-15 829e391 #39345 [SECURITY] Information Disclosure in the Configuration Module (Mario Rimann)
2012-08-15 dc6529c #33520 [SECURITY] Untrusted GP data is unserialized in old CSH handling (Helmut Hummel)
2012-08-15 8c0b4dc #31927 [SECURITY] XSS in Indexed Search statistics (Steffen Gebert)
2012-08-15 4c8c0fd #23226 [SECURITY] t3lib_div::quoteJSvalue allows XSS (Helmut Hummel)
|
|
This release fixes several security problems TYPO3-CORE-SA-2012-004,
<http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/>
2012-08-15 9bcf5eb [RELEASE] Release of TYPO3 4.5.19 (TYPO3 Release Team)
2012-08-15 76748b7 #21634 [SECURITY] XSS in install tool (Mario Rimann)
2012-08-15 85df0e4 #32653 [SECURITY] Page Link Target vulnerable to XSS (Markus Bucher)
2012-08-15 605d05f #25052 [SECURITY] XSS in validateForm (Markus Bucher)
2012-08-15 6840097 #25356 [SECURITY] XSS in TCE forms (Christian Kuhn)
2012-08-15 fb1e204 #30967 [SECURITY] XSS in Scheduler Example Task (Mario Rimann)
2012-08-15 6fd6768 #37127 [SECURITY] HTML5 support in RemoveXSS (Franz G. Jahn)
2012-08-15 11abbaa #39345 [SECURITY] Information Disclosure in the Configuration Module (Mario Rimann)
2012-08-15 a3293a7 #33520 [SECURITY] Untrusted GP data is unserialized in old CSH handling (Helmut Hummel)
2012-08-15 ccbbfc3 #31927 [SECURITY] XSS in Indexed Search statistics (Steffen Gebert)
2012-08-15 f046457 #23226 [SECURITY] t3lib_div::quoteJSvalue allows XSS (Helmut Hummel)
|
|
|
|
|
|
The ChangeLog and NEWS files are not consistent, can't tell what
really changed.
|
|
|
|
Eliom is an OCaml library for the webserver Ocsigen that allows
for the creation of dynamic webpages. In this way, a website is
not written as a separate set of pages, but as one integral OCaml
module.
|
|
2012-08-08 74fd6bb [RELEASE] Release of TYPO3 4.6.11 (TYPO3 Release Team)
2012-08-08 e809cd3 [TASK] Raise submodule pointer (TYPO3 Release Team)
2012-08-07 a5cd4df #39583 [BUGFIX] Exception "Could not create directory" (Michael Klapper)
2012-08-05 e96eedc #39527 [BUGFIX] Pass $fieldName when processing FlexForm DS in t3lib_transferData (Claus Due)
2012-08-03 b6a6c6d #39509 [BUGFIX] t3lib_db - expects parameter 1 to be resource, boolean given (Michael Klapper)
2012-08-01 731d547 #32282 [BUGFIX] unlink issues warnings for lock files (Markus Klein)
2012-08-01 38ca29a #38849 [BUGFIX] IRRE childs don't expand in Internet Explorer (Stefan Aebischer)
2012-08-01 fef9743 #39417 [BUGFIX] t3lib_db::exec_SELECTgetRows method annotation (Nicole Cordes)
2012-07-31 102d0c8 #33625 [BUGFIX] Properly check disabled versioning within tcemain (Tolleiv Nietsch)
2012-07-30 aef25cd #22152 [BUGFIX] PHP warnings may show up in the List module (Dmitry Dulepov)
2012-07-29 689bb9d #31278 [BUGFIX] Shell command arguments are not escaped (Dmitry Dulepov)
2012-07-26 349da10 #26815 [BUGFIX] RTE transformation transforms LF/CR between div and hr into space (Stanislas Rolland)
2012-07-25 ce5ba95 #35154,#38691 [BUGFIX] Exclude E_STRICT from errors with PHP 5.4 (Philipp Gampe)
2012-07-25 8affd66 #38604 [TASK] Always return a boolean in t3lib_div::validPathStr (Andy Grunwald)
2012-07-24 f35b46d #39220 [BUGFIX] Invalid fallback for non-localized labels (Xavier Perseguers)
2012-07-24 bde9302 #33082 [TASK] Improve error message of "broken rootline" (Georg Ringer)
2012-07-23 8621c14 #34152 [BUGFIX] stdWrap numRows fails due to wrong SELECT clause (Ernesto Baschny)
2012-07-22 612d705 #33895 [BUGFIX] Update extension must invalidate autoloader cache (Philipp Gampe)
2012-07-21 37ecea2 [TASK] Raise submodule pointer (TYPO3 Release Team)
2012-07-20 8851d23 #39026 [BUGFIX] QT movies prefixed abusively in Media CE (Francois Suter)
2012-07-20 2b103fa #39052 [BUGFIX] Send sane HTTP response in showpic on error (Christian Kuhn)
2012-07-15 9a71681 #38104 [BUGFIX] Remove bogus template in template analyzer (Helmut Hummel)
2012-07-12 3d19540 #24626 [BUGFIX] Drag&Drop inside the root page of the pagetree isn't possible (Stefan Galinski)
2012-07-12 cdee4ff #33546 [BUGFIX] Check if user is allowed to paste page to pagetree (Max Roesch)
2012-07-12 c3e4fcb #36313 [BUGFIX] Add rootline workspace overlay for backend_layouts. (Timo Webler)
2012-07-09 2fd0f62 #38791 [BUGFIX] accessibilityWrap ignores simple value (Jigal van Hemert)
2012-07-07 cb139fe #18771 [BUG] t3lib_div::getFilesInDir order differs from order in Filelist (Benjamin Mack)
2012-07-06 d693daa #36316 [BUGFIX] RTE: Importing google webfonts breaks style sheet parsing (Stanislas Rolland)
2012-07-05 78a7a0c #36438 [BUGFIX] RTE spellcheck issue on Windows server (Stanislas Rolland)
2012-07-05 999624f #38658 [BUGFIX] RTE 4.6: Force IE9 to use IE8 mode in frontend (Stanislas Rolland)
|
|
2012-08-08 c9ae56c [RELEASE] Release of TYPO3 4.5.18 (TYPO3 Release Team)
2012-08-05 2bb16e8 #39527 [BUGFIX] Pass $fieldName when processing FlexForm DS in t3lib_transferData (Claus Due)
2012-08-03 83af91c #39509 [BUGFIX] t3lib_db - expects parameter 1 to be resource, boolean given (Michael Klapper)
2012-08-01 08b29b8 #25079 [BUGFIX] Suggest Wizard crashes in Frontend Editing (Dennis Ahrens)
2012-08-01 1e11fd1 #32282 [BUGFIX] unlink issues warnings for lock files (Markus Klein)
2012-08-01 9dab257 #38849 [BUGFIX] IRRE childs don't expand in Internet Explorer (Stefan Aebischer)
2012-08-01 239d66d #39417 [BUGFIX] t3lib_db::exec_SELECTgetRows method annotation (Nicole Cordes)
2012-07-31 1d5e85e #33625 [BUGFIX] Properly check disabled versioning within tcemain (Tolleiv Nietsch)
2012-07-30 35045a3 #22152 [BUGFIX] PHP warnings may show up in the List module (Dmitry Dulepov)
2012-07-29 5935394 #31278 [BUGFIX] Shell command arguments are not escaped (Mario Rimann)
2012-07-26 54761c2 #26815 [BUGFIX] RTE transformation transforms LF/CR between div and hr into space (Stanislas Rolland)
2012-07-25 73bf1fa #38691 [BUGFIX] Exclude E_STRICT on PHP 5.4 and unify error reporting (Philipp Gampe)
2012-07-25 d9868f6 #38604 [TASK] Always return a boolean in t3lib_div::validPathStr (Andy Grunwald)
2012-07-24 c85d6be #33082 [TASK] Improve error message of "broken rootline" (Georg Ringer)
2012-07-23 bc0feed #28684 [BUGFIX] Formmail doesn't always use correct character set (Jigal van Hemert)
2012-07-23 baba7fa #38927 [BUGFIX] $_EXTCONF was not filled in ext_tables.php (Ernesto Baschny)
2012-07-23 8e944f0 #34152 [BUGFIX] stdWrap numRows fails due to wrong SELECT clause (Ernesto Baschny)
2012-07-21 b0f3efd [TASK] Raise submodule pointer (TYPO3 Release Team)
2012-07-20 259c25c #39026 [BUGFIX] QT movies prefixed abusively in Media CE (Francois Suter)
2012-07-20 0f83ce4 #39052 [BUGFIX] Send sane HTTP response in showpic on error (Christian Kuhn)
2012-07-18 71781f1 #36777 [BUGFIX] Unnecessary warning in css_styled_content (division by zero) (Thomas Layh)
2012-07-17 218f304 #33629 [BUGFIX] datepicker does not set current time as default (Simon Schaufelberger)
2012-07-12 fe76723 #24626 [BUGFIX] Drag&Drop inside the root page of the pagetree isn't possible (Stefan Galinski)
2012-07-12 eb215ba #33546 [BUGFIX] Check if user is allowed to paste page to pagetree (Max Roesch)
2012-07-12 bc21789 #36313 [BUGFIX] Add rootline workspace overlay for backend_layouts. (Timo Webler)
2012-07-09 82e0d0b #38791 [BUGFIX] accessibilityWrap ignores simple value (Jigal van Hemert)
2012-07-07 042dc4a #18771 [BUG] t3lib_div::getFilesInDir order differs from order in File list (Benjamin Mack)
2012-07-06 277ea81 #36316 [BUGFIX] RTE: Importing google webfonts breaks style sheet parsing (Stanislas Rolland)
2012-07-05 eb317e7 #38645 [BUGFIX] E_DEPRECATED does not exist in PHP 5.2 (Ivan Kartolo)
2012-07-05 5eb31a1 #36438 [BUGFIX] RTE spellcheck issue on Windows server (Stanislas Rolland)
|
|
Release notes says "no security fix" but it really fixes SA49131:
<http://secunia.com/advisories/49131/>.
Release notes
Maintenance release of the Drupal 7 series. Includes bugfixes and small
API/feature improvements only (no major new functionality); significant new
features are only being added to the forthcoming Drupal 8.0 release.
No security fixes are included in this release.
Besides documentation fixes, no changes have been made to the .htaccess,
robots.txt or settings.php files in this release, so upgrading custom versions
of those files is not necessary. Known issues:
#1708722: Call to undefined function drupal_find_base_themes() in
drupal-7.15/includes/module.inc on line 184: Under rare circumstances
which are still under investigation (most likely, sites with a sub-theme
enabled and a module enabled that calls certain code early in Drupal's
page request), upgrading to Drupal 7.15 may lead to a fatal error. A
patch to fix this is available.
http://drupal.org/node/1708292
|
|
This is a meta-like package and no changes.
|
|
## Rails 3.2.8 (Aug 9, 2012) ##
* No changes.
|
|
## Rails 3.2.8 (Aug 9, 2012) ##
* There is an XSS vulnerability in the strip_tags helper in Ruby on Rails, the
helper doesn't correctly handle malformed html. As a result an attacker can
execute arbitrary javascript through the use of specially crafted malformed
html.
*Marek from Nethemba (www.nethemba.com) & Santiago Pastorino*
* When a "prompt" value is supplied to the `select_tag` helper, the "prompt"
value is not escaped.
If untrusted data is not escaped, and is supplied as the prompt value, there
is a potential for XSS attacks.
Vulnerable code will look something like this:
select_tag("name", options, :prompt => UNTRUSTED_INPUT)
*Santiago Pastorino*
|
|
This is a meta-like package and no changes.
|
|
## Rails 3.1.8 (Aug 9, 2012)
* No changes.
|
|
## Rails 3.1.8 (Aug 9, 2012)
* There is an XSS vulnerability in the strip_tags helper in Ruby on Rails, the
helper doesn't correctly handle malformed html. As a result an attacker can
execute arbitrary javascript through the use of specially crafted malformed
html.
*Marek from Nethemba (www.nethemba.com) & Santiago Pastorino*
* When a "prompt" value is supplied to the `select_tag` helper, the
"prompt" value is not escaped.
If untrusted data is not escaped, and is supplied as the prompt value,
there is a potential for XSS attacks.
Vulnerable code will look something like this:
select_tag("name", options, :prompt => UNTRUSTED_INPUT)
*Santiago Pastorino*
|
|
This is a meta-like package and no changes.
|
|
## Rails 3.0.17 (Aug 9, 2012)
* There is an XSS vulnerability in the strip_tags helper in Ruby on Rails, the
helper doesn't correctly handle malformed html. As a result an attacker can
execute arbitrary javascript through the use of specially crafted malformed
html.
*Marek from Nethemba (www.nethemba.com) & Santiago Pastorino*
* When a "prompt" value is supplied to the `select_tag` helper, the "prompt"
value is not escaped. If untrusted data is not escaped, and is supplied as
the prompt value, there is a potential for XSS attacks.
Vulnerable code will look something like this:
select_tag("name", options, :prompt => UNTRUSTED_INPUT)
*Santiago Pastorino*
|
|
And now, use URL with language directory ("en") to surpress redirection.
|
|
* Utilize contao/options.translations.mk.
No functional change.
|
|
3.28 2012-08-10
- Added skip_body attribute to Mojo::Content.
- Added is_empty method to Mojo::Message::Response.
- Updated jQuery to version 1.8.
- Improved Mojo::Base to assign names to generated subroutines.
- Improved message parser performance slightly.
- Improved documentation.
- Improved tests.
- Fixed 1xx, 204 and 304 response support.
3.27 2012-08-09
- Improved documentation.
- Improved tests.
3.26 2012-08-09
- Improved tests.
3.25 2012-08-08
- Improved documentation.
- Fixed cleanup bugs in Mojo::Server::Daemon and Mojo::UserAgent.
3.24 2012-08-08
- Improved documentation.
- Improved tests.
3.23 2012-08-07
- Added appcache MIME type.
- Improved documentation.
3.22 2012-08-06
- Added mp4, ogg, ogv and webm MIME types.
- Removed x- prefix from js and woff MIME types.
- Improved documentation.
- Fixed gz and xml MIME types.
3.21 2012-08-05
- Improved documentation.
- Improved tests.
- Fixed Perl 5.17.3+ compatibility.
- Fixed small AUTOLOAD bug in Mojolicious::Lite.
3.20 2012-08-04
- Added extract_start_line method to Mojo::Message, Mojo::Message::Request
and Mojo::Message::Response.
- Added get_start_line_chunk method to Mojo::Message::Request and
Mojo::Message::Request.
- Improved end method in Mojo::IOLoop::Delay to return the number of
remaining events.
- Improved documentation.
- Improved tests.
|
|
XXX Pull-up candidate, I guess?
|
|
*) Feature: the Clang compiler support.
*) Bugfix: extra listening sockets might be created.
Thanks to Roman Odaisky.
*) Bugfix: nginx/Windows might hog CPU if a worker process failed to
start.
Thanks to Ricardo Villalobos Guevara.
*) Bugfix: the "proxy_pass_header", "fastcgi_pass_header",
"scgi_pass_header", "uwsgi_pass_header", "proxy_hide_header",
"fastcgi_hide_header", "scgi_hide_header", and "uwsgi_hide_header"
directives might be inherited incorrectly.
*) Bugfix: trailing dot in a source value was not ignored if the "map"
directive was used with the "hostnames" parameter.
*) Bugfix: incorrect location might be used to process a request if a
URI was changed via a "rewrite" directive before an internal redirect
to a named location.
|
|
*) Bugfix: a segmentation fault might occur in a worker process if the
"try_files" directive was used; the bug had appeared in 1.1.19.
*) Bugfix: response might be truncated if there were more than IOV_MAX
buffers used.
*) Bugfix: in the "crop" parameter of the "image_filter" directive.
Thanks to Maxim Bublis.
Changes with nginx 1.1.19 12 Apr 2012
*) Security: specially crafted mp4 file might allow to overwrite memory
locations in a worker process if the ngx_http_mp4_module was used,
potentially resulting in arbitrary code execution (CVE-2012-2089).
Thanks to Matthew Daley.
*) Bugfix: nginx/Windows might be terminated abnormally.
Thanks to Vincent Lee.
*) Bugfix: nginx hogged CPU if all servers in an upstream were marked as
"backup".
*) Bugfix: the "allow" and "deny" directives might be inherited
incorrectly if they were used with IPv6 addresses.
*) Bugfix: the "modern_browser" and "ancient_browser" directives might
be inherited incorrectly.
*) Bugfix: timeouts might be handled incorrectly on Solaris/SPARC.
*) Bugfix: in the ngx_http_mp4_module.
Changes with nginx 1.1.18 28 Mar 2012
*) Change: keepalive connections are no longer disabled for Safari by
default.
*) Feature: the $connection_requests variable.
*) Feature: $tcpinfo_rtt, $tcpinfo_rttvar, $tcpinfo_snd_cwnd and
$tcpinfo_rcv_space variables.
*) Feature: the "worker_cpu_affinity" directive now works on FreeBSD.
*) Feature: the "xslt_param" and "xslt_string_param" directives.
Thanks to Samuel Behan.
*) Bugfix: in configure tests.
Thanks to Piotr Sikora.
*) Bugfix: in the ngx_http_xslt_filter_module.
*) Bugfix: nginx could not be built on Debian GNU/Hurd.
Changes with nginx 1.1.17 15 Mar 2012
*) Security: content of previously freed memory might be sent to a
client if backend returned specially crafted response.
Thanks to Matthew Daley.
*) Bugfix: in the embedded perl module if used from SSI.
Thanks to Matthew Daley.
*) Bugfix: in the ngx_http_uwsgi_module.
Changes with nginx 1.1.16 29 Feb 2012
*) Change: the simultaneous subrequest limit has been raised to 200.
*) Feature: the "from" parameter of the "disable_symlinks" directive.
*) Feature: the "return" and "error_page" directives can now be used to
return 307 redirections.
*) Bugfix: a segmentation fault might occur in a worker process if the
"resolver" directive was used and there was no "error_log" directive
specified at global level.
Thanks to Roman Arutyunyan.
*) Bugfix: a segmentation fault might occur in a worker process if the
"proxy_http_version 1.1" or "fastcgi_keep_conn on" directives were
used.
*) Bugfix: memory leaks.
Thanks to Lanshun Zhou.
*) Bugfix: in the "disable_symlinks" directive.
*) Bugfix: on ZFS filesystem disk cache size might be calculated
incorrectly; the bug had appeared in 1.0.1.
*) Bugfix: nginx could not be built by the icc 12.1 compiler.
*) Bugfix: nginx could not be built by gcc on Solaris; the bug had
appeared in 1.1.15.
Changes with nginx 1.1.15 15 Feb 2012
*) Feature: the "disable_symlinks" directive.
*) Feature: the "proxy_cookie_domain" and "proxy_cookie_path"
directives.
*) Bugfix: nginx might log incorrect error "upstream prematurely closed
connection" instead of correct "upstream sent too big header" one.
Thanks to Feibo Li.
*) Bugfix: nginx could not be built with the ngx_http_perl_module if the
--with-openssl option was used.
*) Bugfix: the number of internal redirects to named locations was not
limited.
*) Bugfix: calling $r->flush() multiple times might cause errors in the
ngx_http_gzip_filter_module.
*) Bugfix: temporary files might be not removed if the "proxy_store"
directive was used with SSI includes.
*) Bugfix: in some cases non-cacheable variables (such as the $args
variable) returned old empty cached value.
*) Bugfix: a segmentation fault might occur in a worker process if too
many SSI subrequests were issued simultaneously; the bug had appeared
in 0.7.25.
Changes with nginx 1.1.14 30 Jan 2012
*) Feature: multiple "limit_req" limits may be used simultaneously.
*) Bugfix: in error handling while connecting to a backend.
Thanks to Piotr Sikora.
*) Bugfix: in AIO error handling on FreeBSD.
*) Bugfix: in the OpenSSL library initialization.
*) Bugfix: the "proxy_redirect" directives might be inherited
incorrectly.
*) Bugfix: memory leak during reconfiguration if the "pcre_jit"
directive was used.
Changes with nginx 1.1.13 16 Jan 2012
*) Feature: the "TLSv1.1" and "TLSv1.2" parameters of the
"ssl_protocols" directive.
*) Bugfix: the "limit_req" directive parameters were not inherited
correctly; the bug had appeared in 1.1.12.
*) Bugfix: the "proxy_redirect" directive incorrectly processed
"Refresh" header if regular expression were used.
*) Bugfix: the "proxy_cache_use_stale" directive with "error" parameter
did not return answer from cache if there were no live upstreams.
*) Bugfix: the "worker_cpu_affinity" directive might not work.
*) Bugfix: nginx could not be built on Solaris; the bug had appeared in
1.1.12.
*) Bugfix: in the ngx_http_mp4_module.
Changes with nginx 1.1.12 26 Dec 2011
*) Change: a "proxy_pass" directive without URI part now uses changed
URI after redirection with the "error_page" directive.
Thanks to Lanshun Zhou.
*) Feature: the "proxy/fastcgi/scgi/uwsgi_cache_lock",
"proxy/fastcgi/scgi/uwsgi_cache_lock_timeout" directives.
*) Feature: the "pcre_jit" directive.
*) Feature: the "if" SSI command supports captures in regular
expressions.
*) Bugfix: the "if" SSI command did not work inside the "block" command.
*) Bugfix: the "limit_conn_log_level" and "limit_req_log_level"
directives might not work.
*) Bugfix: the "limit_rate" directive did not allow to use full
throughput, even if limit value was very high.
*) Bugfix: the "sendfile_max_chunk" directive did not work, if the
"limit_rate" directive was used.
*) Bugfix: a "proxy_pass" directive without URI part always used
original request URI if variables were used.
*) Bugfix: a "proxy_pass" directive without URI part might use original
request after redirection with the "try_files" directive.
Thanks to Lanshun Zhou.
*) Bugfix: in the ngx_http_scgi_module.
*) Bugfix: in the ngx_http_mp4_module.
*) Bugfix: nginx could not be built on Solaris; the bug had appeared in
1.1.9.
Changes with nginx 1.1.11 12 Dec 2011
*) Feature: the "so_keepalive" parameter of the "listen" directive.
Thanks to Vsevolod Stakhov.
*) Feature: the "if_not_empty" parameter of the
"fastcgi/scgi/uwsgi_param" directives.
*) Feature: the $https variable.
*) Feature: the "proxy_redirect" directive supports variables in the
first parameter.
*) Feature: the "proxy_redirect" directive supports regular expressions.
*) Bugfix: the $sent_http_cache_control variable might contain a wrong
value if the "expires" directive was used.
Thanks to Yichun Zhang.
*) Bugfix: the "read_ahead" directive might not work combined with
"try_files" and "open_file_cache".
*) Bugfix: a segmentation fault might occur in a worker process if small
time was used in the "inactive" parameter of the "proxy_cache_path"
directive.
*) Bugfix: responses from cache might hang.
Changes with nginx 1.1.10 30 Nov 2011
*) Bugfix: a segmentation fault occured in a worker process if AIO was
used on Linux; the bug had appeared in 1.1.9.
Changes with nginx 1.1.9 28 Nov 2011
*) Change: now double quotes are encoded in an "echo" SSI-command
output.
Thanks to Zaur Abasmirzoev.
*) Feature: the "valid" parameter of the "resolver" directive. By
default TTL returned by a DNS server is used.
Thanks to Kirill A. Korinskiy.
*) Bugfix: nginx might hang after a worker process abnormal termination.
*) Bugfix: a segmentation fault might occur in a worker process if SNI
was used; the bug had appeared in 1.1.2.
*) Bugfix: in the "keepalive_disable" directive; the bug had appeared in
1.1.8.
Thanks to Alexander Usov.
*) Bugfix: SIGWINCH signal did not work after first binary upgrade; the
bug had appeared in 1.1.1.
*) Bugfix: backend responses with length not matching "Content-Length"
header line are no longer cached.
*) Bugfix: in the "scgi_param" directive, if complex parameters were
used.
*) Bugfix: in the "epoll" event method.
Thanks to Yichun Zhang.
*) Bugfix: in the ngx_http_flv_module.
Thanks to Piotr Sikora.
*) Bugfix: in the ngx_http_mp4_module.
*) Bugfix: IPv6 addresses are now handled properly in a request line and
in a "Host" request header line.
*) Bugfix: "add_header" and "expires" directives did not work if a
request was proxied and response status code was 206.
*) Bugfix: nginx could not be built on FreeBSD 10.
*) Bugfix: nginx could not be built on AIX.
Changes with nginx 1.1.8 14 Nov 2011
*) Change: the ngx_http_limit_zone_module was renamed to the
ngx_http_limit_conn_module.
*) Change: the "limit_zone" directive was superseded by the
"limit_conn_zone" directive with a new syntax.
*) Feature: support for multiple "limit_conn" limits on the same level.
*) Feature: the "image_filter_sharpen" directive.
*) Bugfix: a segmentation fault might occur in a worker process if
resolver got a big DNS response.
Thanks to Ben Hawkes.
*) Bugfix: in cache key calculation if internal MD5 implementation was
used; the bug had appeared in 1.0.4.
*) Bugfix: the "If-Modified-Since", "If-Range", etc. client request
header lines might be passed to backend while caching; or not passed
without caching if caching was enabled in another part of the
configuration.
*) Bugfix: the module ngx_http_mp4_module sent incorrect
"Content-Length" response header line if the "start" argument was
used.
Thanks to Piotr Sikora.
Changes with nginx 1.1.7 31 Oct 2011
*) Feature: support of several DNS servers in the "resolver" directive.
Thanks to Kirill A. Korinskiy.
*) Bugfix: a segmentation fault occurred on start or during
reconfiguration if the "ssl" directive was used at http level and
there was no "ssl_certificate" defined.
*) Bugfix: reduced memory consumption while proxying big files if they
were buffered to disk.
*) Bugfix: a segmentation fault might occur in a worker process if
"proxy_http_version 1.1" directive was used.
*) Bugfix: in the "expires @time" directive.
Changes with nginx 1.1.6 17 Oct 2011
*) Change in internal API: now module context data are cleared while
internal redirect to named location.
Requested by Yichun Zhang.
*) Change: if a server in an upstream failed, only one request will be
sent to it after fail_timeout; the server will be considered alive if
it will successfully respond to the request.
*) Change: now the 0x7F-0x1F characters are escaped as \xXX in an
access_log.
*) Feature: "proxy/fastcgi/scgi/uwsgi_ignore_headers" directives support
the following additional values: X-Accel-Limit-Rate,
X-Accel-Buffering, X-Accel-Charset.
*) Feature: decrease of memory consumption if SSL is used.
*) Bugfix: some UTF-8 characters were processed incorrectly.
Thanks to Alexey Kuts.
*) Bugfix: the ngx_http_rewrite_module directives specified at "server"
level were executed twice if no matching locations were defined.
*) Bugfix: a socket leak might occurred if "aio sendfile" was used.
*) Bugfix: connections with fast clients might be closed after
send_timeout if file AIO was used.
*) Bugfix: in the ngx_http_autoindex_module.
*) Bugfix: the module ngx_http_mp4_module did not support seeking on
32-bit platforms.
Changes with nginx 1.1.5 05 Oct 2011
*) Feature: the "uwsgi_buffering" and "scgi_buffering" directives.
Thanks to Peter Smit.
*) Bugfix: non-cacheable responses might be cached if
"proxy_cache_bypass" directive was used.
Thanks to John Ferlito.
*) Bugfix: in HTTP/1.1 support in the ngx_http_proxy_module.
*) Bugfix: cached responses with an empty body were returned
incorrectly; the bug had appeared in 0.8.31.
*) Bugfix: 201 responses of the ngx_http_dav_module were incorrect; the
bug had appeared in 0.8.32.
*) Bugfix: in the "return" directive.
*) Bugfix: the "ssl_session_cache builtin" directive caused segmentation
fault; the bug had appeared in 1.1.1.
Changes with nginx 1.1.4 20 Sep 2011
*) Feature: the ngx_http_upstream_keepalive module.
*) Feature: the "proxy_http_version" directive.
*) Feature: the "fastcgi_keep_conn" directive.
*) Feature: the "worker_aio_requests" directive.
*) Bugfix: if nginx was built --with-file-aio it could not be run on
Linux kernel which did not support AIO.
*) Bugfix: in Linux AIO error processing.
Thanks to Hagai Avrahami.
*) Bugfix: reduced memory consumption for long-lived requests.
*) Bugfix: the module ngx_http_mp4_module did not support 64-bit MP4
"co64" atom.
Changes with nginx 1.1.3 14 Sep 2011
*) Feature: the module ngx_http_mp4_module.
*) Bugfix: in Linux AIO combined with open_file_cache.
*) Bugfix: open_file_cache did not update file info on retest if file
was not atomically changed.
*) Bugfix: nginx could not be built on MacOSX 10.7.
Changes with nginx 1.1.2 05 Sep 2011
*) Change: now if total size of all ranges is greater than source
response size, then nginx disables ranges and returns just the source
response.
*) Feature: the "max_ranges" directive.
*) Bugfix: the "ssl_verify_client", "ssl_verify_depth", and
"ssl_prefer_server_ciphers" directives might work incorrectly if SNI
was used.
*) Bugfix: in the "proxy/fastcgi/scgi/uwsgi_ignore_client_abort"
directives.
Changes with nginx 1.1.1 22 Aug 2011
*) Change: now cache loader processes either as many files as specified
by "loader_files" parameter or works no longer than time specified by
the "loader_threshold" parameter during each iteration.
*) Change: now SIGWINCH signal works only in daemon mode.
*) Feature: now shared zones and caches use POSIX semaphores on Solaris.
Thanks to Den Ivanov.
*) Feature: accept filters are now supported on NetBSD.
*) Bugfix: nginx could not be built on Linux 3.0.
*) Bugfix: nginx did not use gzipping in some cases; the bug had
appeared in 1.1.0.
*) Bugfix: request body might be processed incorrectly if client used
pipelining.
*) Bugfix: in the "request_body_in_single_buf" directive.
*) Bugfix: in "proxy_set_body" and "proxy_pass_request_body" directives
if SSL connection to backend was used.
*) Bugfix: nginx hogged CPU if all servers in an upstream were marked as
"down".
*) Bugfix: a segmentation fault might occur during reconfiguration if
ssl_session_cache was defined but not used in previous configuration.
*) Bugfix: a segmentation fault might occur in a worker process if many
backup servers were used in an upstream.
*) Bugfix: a segmentation fault might occur in a worker process if
"fastcgi/scgi/uwsgi_param" directives were used with values starting
with "HTTP_"; the bug had appeared in 0.8.40.
Changes with nginx 1.1.0 01 Aug 2011
*) Feature: cache loader run time decrease.
*) Feature: "loader_files", "loader_sleep", and "loader_threshold"
options of the "proxy/fastcgi/scgi/uwsgi_cache_path" directives.
*) Feature: loading time decrease of configuration with large number of
HTTPS sites.
*) Feature: now nginx supports ECDHE key exchange ciphers.
Thanks to Adrian Kotelba.
*) Feature: the "lingering_close" directive.
Thanks to Maxim Dounin.
*) Bugfix: in closing connection for pipelined requests.
Thanks to Maxim Dounin.
*) Bugfix: nginx did not disable gzipping if client sent "gzip;q=0" in
"Accept-Encoding" request header line.
*) Bugfix: in timeout in unbuffered proxied mode.
Thanks to Maxim Dounin.
*) Bugfix: memory leaks when a "proxy_pass" directive contains variables
and proxies to an HTTPS backend.
Thanks to Maxim Dounin.
*) Bugfix: in parameter validaiton of a "proxy_pass" directive with
variables.
Thanks to Lanshun Zhou.
*) Bugfix: SSL did not work on QNX.
Thanks to Maxim Dounin.
*) Bugfix: SSL modules could not be built by gcc 4.6 without
--with-debug option.
|
|
standard package, that naxsi update is rather critical, people using that
option should upgrade.
|
|
* Bug fixes.
|
|
- Fixed support of LOG / ALLOW targets
- LOG target for rules and actions
- brings security improvements (HTTP Auth in nx_extract and file disclosure
fixed in nx_extract)
No revbump as this does not affect nginx package itself.
|
|
into www/p5-LWPx-TimedHTTP.
This module performs an HTTP request exactly the same as LWP does normally
except for the fact that it times each stage of the request and then inserts
the results as header.
|
|
|
|
|
|
changes:
-bugfixes
-lorem ipsum generator was added
-UI improvements
-language files were improved
|
|
- Added extract_start_line method to Mojo::Message, Mojo::Message::Request
and Mojo::Message::Response.
- Added get_start_line_chunk method to Mojo::Message::Request and
Mojo::Message::Request.
- Improved end method in Mojo::IOLoop::Delay to return the number of
remaining events.
- Improved documentation.
- Improved tests.
3.19 2012-08-03
- Improved documentation.
- Improved tests.
- Fixed dynamic content generation bug in Mojo::Message.
- Fixed bug that prevented multiple anchors with the same name in
Mojolicious::Plugin::PODRenderer.
3.18 2012-08-02
- Improved documentation.
- Improved tests.
- Fixed chunked transfer encoding bug in Mojo::Content.
3.17 2012-08-01
- Improved documentation.
- Improved tests.
- Fixed bug in after_static_dispatch hook that prevented custom responses.
- Fixed bug that prevented conditions from generating responses.
3.16 2012-07-31
- Improved documentation.
- Fixed small memory leak in Mojolicious::Plugin::TagHelpers.
3.15 2012-07-28
- Improved Mojo::Base to load IO::Handle.
- Improved documentation.
3.14 2012-07-27
- Improved documentation.
3.13 2012-07-24
- Added multi name support to param method in Mojolicious::Controller.
- Added remove method to Mojo::DOM.
- Improved RFC 3986 compliance of Mojo::Parameters.
- Improved Mojolicious::Plugin::Config log messages. (jberger)
- Improved documentation.
- Improved tests.
- Fixed selector bug in dom method of Mojo::Message.
- Fixed small charset bug in get command.
3.12 2012-07-20
- Deprecated Mojo::Home->app_class.
- Deprecated Mojo::IOLoop->client_class.
- Deprecated Mojo::IOLoop->server_class.
- Deprecated Mojo::IOLoop->stream_class.
- Deprecated Mojo::Message->dom_class.
- Deprecated Mojo::Message->json_class.
- Added json method to Mojo::UserAgent::Transactor.
- Added build_json_tx and post_json methods to Mojo::UserAgent.
- Added post_json_ok method to Test::Mojo.
- Added n function to ojo.
- Improved text_field helper to always set the type attribute. (marty, sri)
- Improved documentation.
- Improved tests.
- Fixed file and content type detection bugs in Mojolicious::Static.
(marty, sri)
3.11 2012-07-19
- Added or method to Test::Mojo. (moritz, sri)
- Added file and serve_asset methods to Mojolicious::Static.
- Improved default descriptions for many methods in Test::Mojo.
- Improved Mojo::Cache performance. (nic)
- Improved documentation.
- Improved tests.
- Fixed a few small encoding bugs in Test::Mojo.
3.10 2012-07-17
- Improved tests.
- Fixed small bug in Mojo::Asset::File.
3.09 2012-07-16
- Added spurt function to Mojo::Util.
- Added spurt method to Mojo::ByteStream.
- Improved documentation.
- Improved tests.
3.08 2012-07-14
- Fixed small Mojo::Template bug.
3.07 2012-07-13
- Improved template error messages for generator commands and config files.
- Improved documentation.
- Improved tests.
- Fixed small bug in Mojolicious::Plugin::EPRenderer that prevented code to
be added to templates.
- Fixed small bug in Mojolicious::Plugin::JSONConfig that prevented code to
be added to config files.
3.06 2012-07-11
- Added tls_verify option to Mojo::IOLoop::Server->listen. (scottw)
- Added verify parameter to Mojo::Server::Daemon->listen. (scottw)
- Improved documentation.
- Improved tests.
- Fixed small bug in Mojo::UserAgent that prevented port reuse.
3.05 2012-07-08
- Reduced default graceful_timeout from 30 to 20 seconds in
Mojo::Server::Hypnotoad.
- Improved documentation.
- Improved tests.
- Fixed small initialization bug in Mojo::IOLoop::Stream.
3.04 2012-07-07
- Improved Mojo::IOLoop performance by reducing stream timeout precision
from 0.025 to 0.5 seconds.
3.03 2012-07-06
- Improved load balancing between Hypnotoad worker processes.
- Improved Hypnotoad log messages.
- Improved documentation.
- Improved tests.
- Fixed default format handling bug in render_exception and
render_not_found.
- Fixed small namespace detection bug in Mojo::DOM.
- Fixed small session reset bug in Test::Mojo.
3.02 2012-07-03
- Added pluck and uniq methods to Mojo::Collection.
- Added regular expression support to first and grep methods in
Mojo::Collection.
- Improved documentation.
- Improved tests.
- Fixed JSON Pointer escaping.
- Fixed small text and attribute extraction bugs in Mojo::DOM.
- Fixed small inconsistency between routes and static dispatchers.
|
|
Opera 12.01 is a recommended upgrade offering security and stability enhancements.
Fixes and Stability Enhancements since Opera 12.00
General and User Interface
* Several general fixes and stability improvements
* Website thumbnail memory usage improvements
* Address bar inline auto-completion no longer prefers shortest domain
* Corrected an error that could occur after removing the plugin wrapper
* Resolved an issue where favicons were squeezed too much when many tabs were
open
Display and Scripting
* Resolved an error with XHR transfers where content-type was incorrectly
determined
* Improved handling of object literals with numeric duplicate properties
* Changed behavior of nested/chained comma expressions: now expressing and
compiling them as a list rather than a tree
* Aligned behavior of the #caller property on function code objects in
ECMAScript 5 strict mode with the specification
* Fixed an issue where input type=month would return an incorrect value in its
valueAsDate property
* Resolved an issue with JSON.stringify() that could occur on cached number
conversion
* Fixed a problem with redefining special properties using
Object.defineProperty()
Network and Site-Specific
* Fixed an issue where loading would stop at "Document 100%" but the page
would still be loading
* tuenti.com: Corrected behavior when long content was displayed
* https://twitter.com: Fixed an issue with secure transaction errors
* Fixed an issue with Google Maps Labs that occured when compiling top-level
loops inside strict evals
* Corrected a problem that could occur with DISQUS
* Fixed a crash occurring on Lenovo's "Shop now" page
* Corrected issues when calling window.console.log via a variable at watch4you
* Resolved an issue with Yahoo! chat
Mail, News, Chat
* Resolved an issue where under certain conditions the mail panel would
continuously scroll up
* Fixed a crash occurring when loading mail databases on startup
Security
* Re-fixed an issue where certain URL constructs could allow arbitrary code
execution, as reported by Andrey Stroganov; see our advisory
http://www.opera.com/support/kb/view/1016/
* Fixed an issue where certain characters in HTML could incorrectly be
ignored, which could facilitate XSS attacks; see our advisory
http://www.opera.com/support/kb/view/1026/
* Fixed another issue where small windows could be used to trick users into
executing downloads as reported by Jordi Chancel; see our advisory
http://www.opera.com/support/kb/view/1027/
* Fixed an issue where an element's HTML content could be incorrectly
returned without escaping, bypassing some HTML sanitizers; see our advisory
http://www.opera.com/support/kb/view/1025/
* Fixed a low severity issue, details will be disclosed at a later date
|
|
Add Hungarian language files.
|
|
changes:
-added --metalink for metalink download support
-pop3: added more authentication types
-error message improvements
-bugfixes
|
|
Changes from 1.4.30
- [ssl] fix segfault in counting renegotiations for openssl versions
without TLSEXT/SNI (thx carpii for reporting)
- Move fdevent subsystem includes to implementation files to reduce
conflicts (fixes #2373)
- [mod_compress] fix handling if etags are disabled but cache-dir
is set - may lead to double response
- disable mmap by default (fixes #2391)
- buffer_caseless_compare: always convert letters to lowercase to get
transitive results, fixing array lookups (fixes #2405)
- Fix handling of empty header list entries in http_request_split_value,
fixing invalid read in valgrind (fixes #2413)
- Fix access log escaping of " and \\ (fixes #1551)
- [mod_auth] Fix digest "md5-sess" implementation (Errata ID 1649,
RFC 2617) (fixes #2410)
- [auth] Add "AUTH_TYPE" environment (for * cgi), remove fastcgi specific
workaround, add fastcgi test case (fixes #889)
- [mod_*cgi,mod_accesslog] Fix splitting :port with ipv6 (fixes #2333,
thx simoncpu)
- Detect multiple -f options: show error message instead of assert
(fixes #2416)
- [mod_extforward] Support ipv6 addresses (fixes #1889)
- [mod_redirect] Support url.redirect-code option (fixes #2247)
- Fix --enable-mmap handling in configure.ac
Changes from 1.4.29
- Always use our 'own' md5 implementation, fixes linking issues on MacOS
(fixes #2331)
- Limit amount of bytes we send in one go; fixes stalling in one connection
and timeouts on slow systems.
- [ssl] fix build errors when Elliptic-Curve Diffie-Hellman is disabled
- Add static-file.disable-pathinfo option to prevent handling of urls like
.../secret.php/image.jpg as static file
- Don't overwrite 401 (auth required) with 501 (unknown method) (fixes #2341)
- Fix mod_status bug: always showed "0/0" in the "Read" column for uploads
(fixes #2351)
- [mod_auth] Fix signedness error in http_auth (fixes #2370, CVE-2011-4362)
- [ssl] count renegotiations to prevent client renegotiations
- [ssl] add option to honor server cipher order (fixes #2364, BEAST attack)
- [core] accept dots in ipv6 addresses in host header (fixes #2359)
- [ssl] fix ssl connection aborts if files are larger than
the MAX_WRITE_LIMIT (256kb)
- [libev/cgi] fix waitpid ECHILD errors in cgi with libev (fixes #2324)
|
|
|
