Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: <updates <at> fedoraproject.org>
Subject: [SECURITY] Fedora 19 Update: python-djblets-0.7.23-1.fc19
Newsgroups: gmane.linux.redhat.fedora.package.announce
Date: Friday 15th November 2013 20:31:47 UTC (over 2 years ago)
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2013-20814
2013-11-07 02:31:53
--------------------------------------------------------------------------------

Name        : python-djblets
Product     : Fedora 19
Version     : 0.7.23
Release     : 1.fc19
URL         : http://www.review-board.org
Summary     : A collection of useful classes and functions for Django
Description :
A collection of useful classes and functions for Django

--------------------------------------------------------------------------------
Update Information:

1.7.18 fixes JavaScript errors


- New upstream security release 1.7.17
- http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.17/
- Resolves: CVE-2013-4519
- Security Fixes:
  * Fixed XSS vulnerabilities for the 'Branch' field and uploaded file
captions.
  * Added a 'X-Frame-Options' header to prevent clickjacking.
- New Features:
  * Remove the need for SSH keys for GitHub repositories.
  * Improved validation for GitHub repositories.
  * Added support for permissions on Local Sites.
- Performance Improvements:
  * Reduced query counts on all pages.
  * Reduced query counts in the web API when returning empty lists.
- Extensibility:
  * Extensions using the ``configure_extension`` view an now pass in a
custom ``template_name`` pointing to a template for the configuration page,
if it needs additional customization.
  * Enabling, disabling or reconfiguring extensions will now invalidate the
caches for pages, ensuring that hooks will take affect.
  * Extension configuration now works properly on subdirectory installs.
- Bug Fixes:
  * Fixed showing private review requests on a submitter page.
  * The description for submitted or discarded review requests is now shown
on the diff viewer.
  * Discarding, reopening and then closing a review request no longer makes
the review request private.
  * Fixed a naming conflict with older PyCrypto packages, such as the
default package on CentOS 6.4.
  * Users with the 'can_change_status' permission no longer need the
'can_edit_reviewrequest' permission in order to close or reopen review
requests.
  * Switching a repository from using a hosting service to Custom no longer
reverts back to the hosting service.
  * Fixed editing a repository if its associated hosting service can't be
loaded (such as if an extension providing that hosting service is
disabled).
  * Many diff validation errors weren't being shown on the New Review
Request page, generating 500 errors instead.
  * Fixed caching issues with the Blocks field on review requests.
  * Editing JSON text fields in the administration UI now works, validates,
and won't result in warnings in the log.
  * Fixed breakages with looking up URLs internally with Local Sites.

--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov  5 2013 Stephen Gallagher  - 0.7.23-1
- New upstream release 0.7.23
- http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.21.NEWS
  * djblets.webapi:
    * Added a has_list_access_permissions function, which is used to
determine
      access to a list resource.
- http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.22.NEWS
  * djblets.extensions:
    * AJAX_SERIAL is updated when extensions are enabled/disabled or their
      configuration changes, allowing templates using AJAX_SERIAL as part
of
      their cache to invalidate.
  * djblets.siteconfig:
    * Reduced query counts for installs using siteconfig.
  * djblets.webapi:
    * Reduced query counts when returning payloads for list resources  with
no
      entries.
    * Common attribute lookups on WebAPIResource are now cached.
- http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.23.NEWS
  * djblets.extensions:
    * Fix URL errors when configuring extensions with a custom SITE_ROOT.
  * djblets.util.fields:
    * JSONFields can now be safely edited through the administration UI,
      complete with validation.
  * jquery.gravy:
    * Fixed hiding the pencil icons on an inlineEditor when disabled.
* Sun Oct 13 2013 Patrick Uiterwijk  - 0.7.21-1
- New upstream bugfix release 0.7.21
- http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.21.NEWS
- Added a has_list_access_permissions function, which is used to
          determine access to a list resource.
* Fri Oct 11 2013 Stephen Gallagher  - 0.7.20-1
- New upstream bugfix release 0.7.20
- http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.20.NEWS
- Fixed regression with pagination on the datagrid
* Thu Oct 10 2013 Stephen Gallagher  - 0.7.19-1
- New upstream security release 0.7.19
- http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.19.NEWS
- Resolves: CVE-2013-4409
- Resolves unsanitized eval() vulnerability
* Mon Sep 23 2013 Stephen Gallagher  - 0.7.18-1
- New upstream security release 0.7.18
- http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.18.NEWS
- Web API resource lists are now more careful about access permissions.
* Thu Aug 15 2013 Stephen Gallagher  - 0.7.17-1
- New upstream release 0.7.17
- http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.17.NEWS
* Mon Jul 29 2013 Stephen Gallagher  - 0.7.16-1
- New upstream release 0.7.16
- This release contains security fixes in the datagrid
- JavaScript:
    * autoSizeTextArea now cleans up its hidden proxy elements when
destroyed.
    * inlineEditor can be told not to focus a textarea by default by
setting
      'focusOnOpen' to false.
    * modalBox can place itself in an element other than  by setting
the
      'container' option to the element.
    * modalBox takes a 'boxID' option that, if specified, will set the ID
of
      the modalBox element.
    * funcQueue now takes an optional context parameter for callback
functions.
- djblets.datagrid:
    * Data pulled from the database and rendered into cells are always
escaped
      now.
    * Columns can now specify an image_class instead of an image_url.
    * Added a JavaScript reload() function that can be called on a datagrid
      element to trigger a dynamic reload from the server.
- djblets.extensions:
    * Extensions can now specify their list of app directories.
    * Extensions can now specify the author's URL.
    * Improved the look and feel for extension configuration.
    * Improved the functionality for extension configuration.
    * Improved the list of available extensions.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1027010 - CVE-2013-4519 ReviewBoard: two XSS vulnerabilities
        https://bugzilla.redhat.com/show_bug.cgi?id=1027010
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update python-djblets' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on
the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/package-announce
 
CD: 3ms