Summary: | [maintainer-update] www/wt3 update 3.4.2 | ||||||
---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | Mohammad S. Babaei <info> | ||||
Component: | Individual Port(s) | Assignee: | Dmitri Goutnik <dmgk> | ||||
Status: | Closed FIXED | ||||||
Severity: | Affects Only Me | CC: | dmgk | ||||
Priority: | --- | Keywords: | buildisok | ||||
Version: | Latest | ||||||
Hardware: | Any | ||||||
OS: | Any | ||||||
Attachments: |
|
Build info is available at https://gitlab.com/swills/freebsd-ports/pipelines/92956222 A commit references this bug: Author: dmgk Date: Fri Nov 1 19:00:47 UTC 2019 New revision: 516261 URL: https://svnweb.freebsd.org/changeset/ports/516261 Log: www/wt3: Update to 3.4.2 Changes: https://webtoolkit.eu/wt/wt3/doc/reference/html/Releasenotes.html PR: 241629 Submitted by: Mohammad S. Babaei <info@babaei.net> (maintainer) Approved by: tz (mentor, implicit) Changes: head/www/wt3/Makefile head/www/wt3/distinfo head/www/wt3/pkg-plist Committed, thanks! |
Created attachment 208749 [details] www/wt3 v3.4.1 to v3.4.2 patch file Release 3.4.2 (October 30, 2019) This release fixes the following issues: wthttp security issues: Wt internally used an SSL-Client-Certificates header to send client certificates to child processes when using dedicated process mode. It was however always accepted even when Wt was not behind a reverse proxy, and sent to child processes as-is. wthttp now correctly disregards it when not received from a reverse proxy. The header was also renamed to X-Wt-Ssl-Client-Certificates to clarify that it is a non-standard internal Wt header. When using dedicated session processes with wthttp, the parent process would trust X-Forwarded-Proto and X-Forwarded-Port even when Wt was not configured to be behind a reverse proxy. These are now discarded. issue #7292: OAuthService now correctly uses refresh_token instead of refreshToken Http::Client fixes: fixed issue #7272: support @ character in the path of a URL fixed 204 No Content response code behavior (would hang before, waiting for content) (issue #7273) More informative error and exception messages: QueryModel's "geometry inconsistent with database" exception now contains row and cache start and size information WebSession's "not serving this" info message contains more context so it's less confusing Documentation fix: The release notes for Wt 3.3.8 incorrectly referred to allowed-hosts, while this property is actually named allowed-origins