Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 31 Oct 2019 22:50:25 +0000
From:      bugzilla-noreply@freebsd.org
To:        ports-bugs@FreeBSD.org
Subject:   [Bug 241629] [maintainer-update] www/wt3 update 3.4.2
Message-ID:  <bug-241629-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D241629

            Bug ID: 241629
           Summary: [maintainer-update] www/wt3 update 3.4.2
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: ports-bugs@FreeBSD.org
          Reporter: info@babaei.net

Created attachment 208749
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D208749&action=
=3Dedit
www/wt3 v3.4.1 to v3.4.2 patch file

Release 3.4.2 (October 30, 2019)

This release fixes the following issues:

    wthttp security issues:
        Wt internally used an SSL-Client-Certificates header to send client
certificates to child processes when using dedicated process mode. It was
however always accepted even when Wt was not behind a reverse proxy, and se=
nt
to child processes as-is. wthttp now correctly disregards it when not recei=
ved
from a reverse proxy. The header was also renamed to
X-Wt-Ssl-Client-Certificates to clarify that it is a non-standard internal =
Wt
header.
        When using dedicated session processes with wthttp, the parent proc=
ess
would trust X-Forwarded-Proto and X-Forwarded-Port even when Wt was not
configured to be behind a reverse proxy. These are now discarded.
    issue #7292: OAuthService now correctly uses refresh_token instead of
refreshToken

    Http::Client fixes:
        fixed issue #7272: support @ character in the path of a URL
        fixed 204 No Content response code behavior (would hang before, wai=
ting
for content) (issue #7273)

    More informative error and exception messages:
        QueryModel's "geometry inconsistent with database" exception now
contains row and cache start and size information
        WebSession's "not serving this" info message contains more context =
so
it's less confusing

    Documentation fix: The release notes for Wt 3.3.8 incorrectly referred =
to
allowed-hosts, while this property is actually named allowed-origins

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-241629-7788>