Bug 241629 - [maintainer-update] www/wt3 update 3.4.2
Summary: [maintainer-update] www/wt3 update 3.4.2
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Dmitri Goutnik
Keywords: buildisok
Depends on:
Reported: 2019-10-31 22:50 UTC by Mohammad S. Babaei
Modified: 2019-11-01 19:06 UTC (History)
1 user (show)

See Also:

www/wt3 v3.4.1 to v3.4.2 patch file (2.16 KB, patch)
2019-10-31 22:50 UTC, Mohammad S. Babaei
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Mohammad S. Babaei 2019-10-31 22:50:25 UTC
Created attachment 208749 [details]
www/wt3 v3.4.1 to v3.4.2 patch file

Release 3.4.2 (October 30, 2019)

This release fixes the following issues:

    wthttp security issues:
        Wt internally used an SSL-Client-Certificates header to send client certificates to child processes when using dedicated process mode. It was however always accepted even when Wt was not behind a reverse proxy, and sent to child processes as-is. wthttp now correctly disregards it when not received from a reverse proxy. The header was also renamed to X-Wt-Ssl-Client-Certificates to clarify that it is a non-standard internal Wt header.
        When using dedicated session processes with wthttp, the parent process would trust X-Forwarded-Proto and X-Forwarded-Port even when Wt was not configured to be behind a reverse proxy. These are now discarded.
    issue #7292: OAuthService now correctly uses refresh_token instead of refreshToken

    Http::Client fixes:
        fixed issue #7272: support @ character in the path of a URL
        fixed 204 No Content response code behavior (would hang before, waiting for content) (issue #7273)

    More informative error and exception messages:
        QueryModel's "geometry inconsistent with database" exception now contains row and cache start and size information
        WebSession's "not serving this" info message contains more context so it's less confusing

    Documentation fix: The release notes for Wt 3.3.8 incorrectly referred to allowed-hosts, while this property is actually named allowed-origins
Comment 1 Automation User 2019-11-01 00:38:08 UTC
Build info is available at https://gitlab.com/swills/freebsd-ports/pipelines/92956222
Comment 2 commit-hook freebsd_committer 2019-11-01 19:01:31 UTC
A commit references this bug:

Author: dmgk
Date: Fri Nov  1 19:00:47 UTC 2019
New revision: 516261
URL: https://svnweb.freebsd.org/changeset/ports/516261

  www/wt3: Update to 3.4.2

  Changes:	https://webtoolkit.eu/wt/wt3/doc/reference/html/Releasenotes.html

  PR:		241629
  Submitted by:	Mohammad S. Babaei <info@babaei.net> (maintainer)
  Approved by:	tz (mentor, implicit)

Comment 3 Dmitri Goutnik freebsd_committer 2019-11-01 19:04:49 UTC
Committed, thanks!