As a side note, there is no need to explicitely disable parsing UPLOADER
directives because we --disable-dired at configure time, nor EXTERNAL
directives as we do not build with --enable-externs.
OK mestre@, tb@
Under the hood, it's compatible to the legacy 2.X version, and no
DB upgrade etc. needed. On the frontent side, it provides a new,
shiny web interface.
Tests, feedback and OK giovanni@, landry@
- Updateded to WebKit 2 API.
- New widget types.
- Updated adblocker.
- Vertical tab support.
- Auto recovery of sessions.
Full list available here: https://aidanholm.github.io/luakit/
Port update includes:
- cleanup of Makefile
- us luakit's 'install' target
consensus (of two / myself) was to commit!
- nss 3.30.1 is required
- nspr 4.14 is required
- remove plumbing for gtk3 FLAVOR, now the default anyway
- switch default MASTER_SITES and HOMEPAGE to https (from naddy@)
(-stable has 5.2.2 which isn't affected)
ESA-2017-07 CVE-2017-8439 2017-06-01 Kibana version 5.4.0 was affected
by a Cross Site Scripting (XSS) bug in the Time Series Visual Builder.
This bug could allow an attacker to obtain sensitive information from
Kibana users. All Kibana 5.4.0 users should upgrade to version 5.4.1.
If upgrading is impossible, the time series visual builder can be
disabled by setting metrics.enabled: false in the kibana.yml. Note that
this will trigger a re-optimization when you restart Kibana.
ESA-2017-08 CVE-2017-8440 2017-06-01 Starting in version 5.3.0, Kibana
had a cross-site scripting (XSS) vulnerability in the Discover page
that could allow an attacker to obtain sensitive information from or
perform destructive actions on behalf of other Kibana users. Thanks to
Thomas G ytil for reporting this issue. All users of Kibana 5.3 or 5.4
should upgrade to versions 5.3.3 and 5.4.1.
3.2's concurrent.futures or the backport for prior versions of python.
The additional API and changes are minimal and strives to avoid
surprises.
Feedback sthen@ danj@
OK danj@
