• last updated 17 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
added an additinal has function scrypt-16384-1-8 to deal with argument flipping in NaviSever 4.99

Between 4.99.20 and 4.99.31 (inclusive) there is a argument flipping bug for

::ns_crypto::scrypt (the parameters "r" and "p" were interpreted with flipped

semantics). In case you are using SCRYPT for your password hashes with an

affected version, you have to change the hash argorithm from scrypt-16384-8-1

to scrypt-16384-1-8 to check the previouly hashed passwords correctly.

NaviServer 5 is not affected by this.

backport from HEAD

improved robustness against certain installations:

- added exception handler for failed open command

- added sensible defaults in case the ns/parameter serverlog is not defined

Use noi18n instead of literal to avoid localization of eventually nested messages at this point

Dont localize eventually nested messages at this point

Fix anchor by prepending form name

improved robstness when raw IP-V6 addresses are configured (rather than domain names)

backport from head

improved robstness when raw IP-V6 addresses are configured (rather than domain names)

bugfix(util_driver_info): reduce dependency on hardcoded driver names

- Avoid reliance on specific driver names (nsssl, nsudp, nsunix,

nsopenssl, nssocket) by falling back to generic "ns_driver info"

when available.

- Added explicit error message when "hostname" is missing on a network

driver module to prevent silent misconfiguration. This fixes a

potential infinite loop when OpenACS attempts to resolve the

"hostname" value.

This is a backport from the HEAD branch

bugfix(util_driver_info): reduce dependency on hardcoded driver names

- Avoid reliance on specific driver names (nsssl, nsudp, nsunix,

nsopenssl, nssocket) by falling back to generic "ns_driver info"

when available.

- Added explicit error message when "hostname" is missing on a network

driver module to prevent silent misconfiguration. This fixes a

potential infinite loop when OpenACS attempts to resolve the

"hostname" value.

added debugging hooks

Fix typo

Bump tinyMCE default version number to 8.0.1

This is a major release upgrade, with a couple breaking changes (see https://www.tiny.cloud/docs/tinymce/latest/migration-from-7x/).

As language pack for version 8 do not exist yet, we currently keep using those from 7 for any version >= 7. This should go away as soon as an own language pack is released for 8.

bumped version number

Fix accidental removal of root site‑node read permissions (#3477)

Submitting the “/” site‑map permissions form without any changes inadvertently

omitted direct (read‑only) permissions, causing not-logged-in users to see

“The page isn’t redirecting properly” when accessing the root node.

This change ensures that existing direct permissions are preserved when

the form is submitted, even if no changes were made.

Thanks to Khy H for reporting this!

Backport from main branch

Fix accidental removal of root site‑node read permissions (#3477)

Submitting the “/” site‑map permissions form without any changes inadvertently

omitted direct (read‑only) permissions, causing not-logged-in users to see

“The page isn’t redirecting properly” when accessing the root node.

This change ensures that existing direct permissions are preserved when

the form is submitted, even if no changes were made.

Thanks to Khy H for reporting this!

fix for bug #3476: ilike is not supported on Oracle

Many thanks to Sung Hong for the report and fix.

backport from HEAD

fix for bug #3476: ilike is not supported on Oracle

Many thanks to Sung Hong for the report and fix

Avoid noisy “table not found” errors on PostgreSQL

Previously, our localization script always queried the Oracle‐specific

view `v$nls_valid_values`. On PostgreSQL this table doesn’t exist, so

the DB driver logged a misleading “relation does not exist” error.

Now, we only perform that query when connected to Oracle. For all other

DBs (e.g. PostgreSQL) we skip it, eliminating spurious errors from

the logs.

In the the futures, one should introduce a new API call named in the

lines of "get_NLS_Info" that encapsulates the database‐specific logic

for determining language, charset, and territory.

bumped upstream version to 5.3.7

bump upstream version number to 12.3.0

improved clarity of the code and simplified structure

fix for using fallback interface and wrong results for non TLS installation

Many thanks to Antonio for flagging this and provide insights

Fixes to SSE notifications

- request for Notification permission at the time we are subscribing to it, so that it happens following a user interaction, required by the API

- find a plain-text format that will keep displaying the URLs as formatted in the notification, as the API does not support HTML

provide complaints for invalid repository URLs

Version and CDN maintenance for tinymce

- Switched from cdnjs to jsdelivr

- Bumped upstream version number from 5.3.3 to 5.3.6

- bumped version to 2.1.9

Version and CDN maintenance for bootstrap 5

- Switched from cdnjs to jsdelivr

- Bumped upstream version number from 5.3.3 to 5.3.6

- bumped version to 6.0.0d3

bumped version number to allow packages to use mutiple tags from jsdelivr

    • -2
    • +2
    /openacs-4/packages/acs-tcl/acs-tcl.info