Bug 241630 - [maintainer-update] www/wt update 4.1.2
Summary: [maintainer-update] www/wt update 4.1.2
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Dmitri Goutnik
Keywords: buildisok
Depends on:
Reported: 2019-10-31 22:51 UTC by Mohammad S. Babaei
Modified: 2019-11-01 19:06 UTC (History)
1 user (show)

See Also:

www/wt3 v4.1.1 to v4.1.2 patch file (2.55 KB, patch)
2019-10-31 22:51 UTC, Mohammad S. Babaei
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Mohammad S. Babaei 2019-10-31 22:51:05 UTC
Created attachment 208750 [details]
www/wt3 v4.1.1 to v4.1.2 patch file

Release 4.1.2 (October 30, 2019)

This release fixes the following issues:

    wthttp security issues:
        Wt internally used an SSL-Client-Certificates header to send client certificates to child processes when using dedicated process mode. It was however always accepted even when Wt was not behind a reverse proxy, and sent to child processes as-is. wthttp now correctly disregards it when not received from a reverse proxy. The header was also renamed to X-Wt-Ssl-Client-Certificates to clarify that it is a non-standard internal Wt header.
        When using dedicated session processes with wthttp, the parent process would trust X-Forwarded-Proto and X-Forwarded-Port even when Wt was not configured to be behind a reverse proxy. These are now discarded.

    Fixed an issue raised on the forum causing WTreeView to not properly react to certain size changes.

    Fixed issue #7291: wtfcgi would not properly match default entry point

    Fixed a few issues found by clang-analyzer:
        Fixed an issue in WAnchor that would cause image() to return nullptr if it was provided in the constructor.
        Fixed WCssDecorationStyle self-assignment

    Made tests succeed even if Wt is built with ENABLE_UNWIND=ON.
    issue #7292: OAuthService now correctly uses refresh_token instead of refreshToken

    Http::Client fixes:
        fixed issue #7272: support @ character in the path of a URL
        fixed 204 No Content response code behavior (would hang before, waiting for content) (issue #7273)

    More informative error and exception messages:
        QueryModel's "geometry inconsistent with database" exception now contains row and cache start and size information
        WebSession's "not serving this" info message contains more context so it's less confusing

    Documentation fixes:
        The release notes for Wt 3.3.8 incorrectly referred to allowed-hosts, while this property is actually named allowed-origins
        Updated WLocale::setTimeZone() documentation
Comment 1 Automation User 2019-11-01 00:55:48 UTC
Build info is available at https://gitlab.com/swills/freebsd-ports/pipelines/92956343
Comment 2 commit-hook freebsd_committer 2019-11-01 19:03:32 UTC
A commit references this bug:

Author: dmgk
Date: Fri Nov  1 19:03:25 UTC 2019
New revision: 516262
URL: https://svnweb.freebsd.org/changeset/ports/516262

  www/wt: Update to 4.1.2

  Changes:	https://webtoolkit.eu/wt/doc/reference/html/Releasenotes.html

  PR:		241630
  Submitted by:	Mohammad S. Babaei <info@babaei.net> (maintainer)
  Approved by:	tz (mentor, implicit)

Comment 3 Dmitri Goutnik freebsd_committer 2019-11-01 19:04:30 UTC
Committed, thanks!