Features Download
From: <updates <at> fedoraproject.org>
Subject: [SECURITY] Fedora 18 Update: python-djblets-0.7.16-1.fc18
Newsgroups: gmane.linux.redhat.fedora.package.announce
Date: Wednesday 7th August 2013 23:03:54 UTC (over 4 years ago)
Fedora Update Notification
2013-07-30 15:14:32

Name        : python-djblets
Product     : Fedora 18
Version     : 0.7.16
Release     : 1.fc18
URL         : http://www.review-board.org
Summary     : A collection of useful classes and functions for Django
Description :
A collection of useful classes and functions for Django

Update Information:

As with all ReviewBoard updates, you will need to run 'rb-site upgrade
/path/to/site' for all installed sites after applying this update.

== Action Required ==

The default Apache configuration is now more strict with how it serves up
file attachments. This does not apply to existing installations. See http://support.beanbaginc.com/support/solutions/articles/110173-securing-file-attachments
for details.

== Description ==

- New upstream release 1.7.12
- http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.12/
- Security Fixes:
    * Function names in diff headers are no longer rendered as HTML.
    * If a user’s full name contained HTML, the Submitters list would
render it as HTML, without escaping it. This was an XSS vulnerability.
    * The default Apache configuration is now more strict with how it
serves up file attachments. This does not apply to existing installations.
See http://support.beanbaginc.com/support/solutions/articles/110173-securing-file-attachments
for details.
    * Uploaded files are now renamed to include a hash, preventing users
from uploading malicious filenames, and making filenames unguessable.
    * Recaptcha support has been updated to use the new URLs provided by
- New Features:
    * Added a X-ReviewRequest-Repository header for e-mails.
- Extension Improvements:
    * Extensions can now specify their list of app directories.
    * Extensions can now specify the author’s URL.
    * Improved the look and feel for extension configuration.
    * Improved the functionality for extension configuration.
    * Improved the list of available extensions.
- Bug Fixes:
    * Fixed the “Show Whitespace Changes” toggle.
    * Fixed compatibility with modern versions of django-storages.
    * Draft comments on file attachments are no longer shown to all users.
    * Fixed issues with console windows appearing when invoking Clear Case
requests on Python 2.7.x and Windows 7.
    * Review requests on Local Sites are now guaranteed to have the proper
    * Fixed starring review requests on Local Sites.

* Mon Jul 29 2013 Stephen Gallagher  - 0.7.16-1
- New upstream release 0.7.16
- This release contains security fixes in the datagrid
- JavaScript:
    * autoSizeTextArea now cleans up its hidden proxy elements when
    * inlineEditor can be told not to focus a textarea by default by
      'focusOnOpen' to false.
    * modalBox can place itself in an element other than  by setting
      'container' option to the element.
    * modalBox takes a 'boxID' option that, if specified, will set the ID
      the modalBox element.
    * funcQueue now takes an optional context parameter for callback
- djblets.datagrid:
    * Data pulled from the database and rendered into cells are always
    * Columns can now specify an image_class instead of an image_url.
    * Added a JavaScript reload() function that can be called on a datagrid
      element to trigger a dynamic reload from the server.
- djblets.extensions:
    * Extensions can now specify their list of app directories.
    * Extensions can now specify the author's URL.
    * Improved the look and feel for extension configuration.
    * Improved the functionality for extension configuration.
    * Improved the list of available extensions.
* Mon Jun  3 2013 Stephen Gallagher  - 0.7.15-1
- New upstream release 0.7.15
- djblets.log:
    * Added enhanced request logging
- djblets.siteconfig:
    * Changing and loading the site_static_url setting will now actually
      static media files to be loaded from that URL
- JavaScript:
    * inlineEditor now emits a "cancel" event when pressing OK without any
      modifications. Previously, there was no indication that it had
    * inlineEditor's "complete" event now has the initialValue parameter
      comes after the new value) set correctly. Previously, it was always
      same as the value, making it hard to determine if anything had
    * $.fn.html() now works with setting empty strings.
- djblets.gravatars:
    * Added get_gravatar_url_for_email
- djblets.webapi:
    * The cache of known URI templates for a RootResource now works
      when the path leading to the RootResource can change
    * When serializing an object while using ?expand, any QuerySet will be
      converted to a list. This prevents any changes from happening between
      serializing and rendering
    * Added a "is_webapi_handler" attribute to WebAPIResource
- djblets.extensions:
    * Extension classes can now define a 'metadata' variable to override
      package's metadata. This uses standard PyPI metadata fields. Using
      single Python package can provide several extensions.
    * TemplateHooks subclasses can now override a new render_to_string
      to do their own processing and rendering, instead of simply rendering
      the provided template_name.
    * The template_name parameter to TemplateHook is now optional.
    * The Django template loader cache is now reset when syncing extension
      settings or enabling/disabling an extension
* Mon Apr 22 2013 Stephen Gallagher  - 0.7.12-1
- New upstream release 0.7.12
- djblets.datagrid:
    * Massively speed up datagrid rendering
- djblets.extensions:
    * Added an install_extension function to ExtensionManager
- djblets.util.fields:
    * CounterField now allows incrementing/decrementing by values other
than 1
- djblets.util.templatetags:
    * The thumbnail and crop_image template tags now work with Django
    * Added a save_image_to_storage function in djblets_images that makes
      easy to save image data to Storage backends
- djblets.webapi:
    * Resources now consider both Last Modified and ETag headers
      when determining if a cached payload is still valid. Previously, if
      Last Modified timestamps were the same, the ETag check would fail
* Wed Apr 10 2013 Stephen Gallagher  - 0.7.11-2
- Guarantee that Djblets builds against the correct version of Django
* Thu Feb 21 2013 Stephen Gallagher  - 0.7.11-1
- New upstream release 0.7.11
- djblets.util.fields:
    * CounterField was failing to use the initializers for brand new
      instances of a model, defaulting to None instead
- General:
    * Require Django 1.4.5 as a minimum
- djblets.extensions:
    * "config/" and "db/" links for extensions are now generated
      properly when specifying a custom SITE_ROOT
- djblets.log:
    * Added an Admin UI setting for changing log levels
- djblets.siteconfig:
    * Added new 'list-siteconfig', 'get-siteconfig', and 'set-siteconfig'
      management commands for manipulating siteconfig configuration
      from the shell
* Thu Feb  7 2013 Stephen Gallagher  - 0.7.9-2
- Fix version requirement to protect against django-pipeline 1.3.0
* Mon Jan 28 2013 Stephen Gallagher  - 0.7.9-1
- New upstream release 0.7.9
- JavaScript:
    * modalBoxes now use z-indexes of 99 and 100 for the box and content,
      instead of 11000 and 11001.
- djblets.datagrid:
    * Columns data by way of field access can now span field relationships.
- djblets.extensions:
    * Fixed a failure when clearing extension info.
- djblets.siteconfig:
    * When loading the stored timezone, we're now longer setting
      os.environ['TZ'] to that timezone. Instead, we're just activating
      that timezone for Django only.
- djblets.webapi:
    * Fixed a bug where list resources that had an unknown ID in the URL
      could end up throwing an exception instead of returning a 404.
* Thu Dec 20 2012 Stephen Gallagher  - 0.7.8-1
- New upstream release 0.7.8
- JavaScript:
    * Fixed a crash when enabling/disabling an inlineEditor without an edit
* Wed Dec 19 2012 Stephen Gallagher  - 0.7.7-1
- New upstream release 0.7.7
- djblets.datagrid:
    * Fixed a possible XSS exploit in datagrids
    * Failures during rendering the datagrid now results in a traceback
- JavaScript:
    * The second display of an inlineEditor no longer breaks the size of
* Thu Dec 13 2012 Stephen Gallagher  - 0.7.6-1
- New upstream release 0.7.6
- General:
-  * Django 1.4.2 is now required
-  * All admin-related templates have been changed to better fit the admin
     template structure and styles. This includes siteconfig and logs.
- djblets.extensions:
-  * Extension lists and state are now synchronized across
-  * Extension subclasses now must capture all variable arguments
     (*args, **kwargs) and pass them to the parent constructor
-  * URLHook, admin URLs, and API resource URLs are all now added and
     properly when an extension is enabled or disabled
- djblets.util:
-  * Cache keys are now bound to the SITE_ROOT, if one is set, to prevent
     leakage across instances
-  * Added DynamicURLResolver in djblets.util.urlresolvers
- djblets.util.cache:
-  * Added normalize_cache_backend
- djblets.webapi:
-  * API handler functions that specify allow_unknown=True in
     @webapi_request_fields can now retrieve all extra fields as an
     'extra_fields' argument
-  * Added unregister_resource_for_model
- djblets.siteconfig:
-  * The stored cache_backend setting is now deserialized into
-  * Fixed a couple missing imports
-  * Siteconfig now handles old-style CACHE_BACKEND values and new-style
     CACHES[cachename] dictionaries in the 'cache_backend' setting
- JavaScript:
-  * The jQuery dependency has been updated to 1.8.2, and jQuery-UI to
-  * inlineEditor's animation speed has increased, and is now customizable
     through options.fadeSpeedMS
-  * inlineEditor now does a better job of matching the parent container's
-  * inlineEditor no longer activates when simply selecting text
-  * Added a $.fn.retinaGravatar function that, on Retina-capable displays,
     requests a larger gravatar for the given URL specified in an \
-  * inlineEditor now supports changing an "enabled" option, allowing
     to start out enabled or disabled, or dynamically change that state
* Wed Oct  3 2012 Stephen Gallagher  - 0.7.2-1
- New upstream release 0.7.2
- Drop upstreamed patch to use system feedparser
- General:
-     Styled all admin UI templates to add a "title" class to 

page titles. This affects extensions, log viewer, and siteconfig. - djblets.log: - Fixed the columns to match the style of other admin UI columns. - djblets.pipeline: - Our 'bless' compiler is now compatible with the latest versions of pipeline - JavaScript: - modalBox's positioning is now properly centered -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update python-djblets' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/package-announce

CD: 4ms