X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?p=catagits%2FCatalyst-Runtime.git;a=blobdiff_plain;f=Changes;h=01658210accfb80fa76186ddf3e260bdd72fd09b;hp=e143aea122b657406a1b6789df1fb9c5fb03a029;hb=00038a21d88ab4f3620068c7b15e8f02c1b13e2d;hpb=b4429ab4789a7b2c3060bbe584edc9185d77c765

diff --git a/Changes b/Changes
index e143aea..0165821 100644
--- a/Changes
+++ b/Changes
@@ -1,11 +1,55 @@
 # This file documents the revision history for Perl extension Catalyst.
 
+5.90080_001 - TBD
+  - MyApp->to_app is now an alias for MyApp->psgi_app in order to better support
+    existing Plack conventions.
+  - Modify Catayst::Response->from_psgi_response to allow the first argument to
+    be an object that does ->as_psgi.
+  - Modified Catayst::Middleware::Stash to be a shallow copy in $env.  Added some
+    docs.  Added a test case to make sure stash keys added in a child application
+    don't bubble back up to the main application.
+  - We no longer use Encode::is_utf8 since it doesn't work the way we think it
+    does... This required some UTF-8 changes.  If your application is UTF-8 aware
+    I highly suggest you test this release.
+  - We alway do utf8 decoding on incoming URLs (before we only did so if the server
+    encoding was utf8.  I believe this is correct as per the w3c spec, but please
+    correct if incorrect :)
+  - Debug output now shows utf8 characters if those are incoming via Args or as
+    path or pathparts in your actions.  query and body parameter keys are now also
+    subject to utf8 decoding (or as specificed via the encoding configuration value).
+  - lots of UTF8 changes.  Again we think this is now more correct but please test.
+  - Allow $c->res->redirect($url) to accept $url as an object that does ->as_string
+    which I think will ease a common case (and common bug) and added documentation.
+
+5.90077 - 2014-11-18
+  - We store the PSGI $env in Catalyst::Engine for backcompat reasons.  Changed
+    this so that the storage is a weak reference, so that it goes out of scope
+    with the request.  This solves an issue where items in the stash (now in the
+    PSGI env) would not get closed at the end of the request.  This caused some
+    regression, primarily in custom testing classes.
+
+5.90076 - 2014-11-13
+  - If throwing an exception object that does the code method, make sure that
+    method returns an expected HTTP status code before passing it on to the
+    HTTP Exception middleware.
+
+5.90075 - 2014-10-06
+  - Documentation patch for $c->req->param to point out the recently discovered
+    potential security issues: http://blog.gerv.net/2014/10/new-class-of-vulnerability-in-perl-web-applications/
+  - You don't need to install this update, but you should read about the exploit
+    and review if your code is vulnerable.  If you use the $c->req->param interface
+    you really need to review this exploit.
+
+5.90074 - 2014-10-01
+  - Specify Carp minimum version to avoid pointless test fails (valy++)
+
 5.90073 - 2014-09-23
   - Fixed a regression caused by the last release where we broke what happened
     when you tried to set request parameters via $c->req->param('foo', 'bar').
     You shouldn't do this, but I guess I shouldn't have busted it either :)
   - Allow the term_width to be regenerated (see Catalyst::Utils::term_width,
     Frew Schmidt)
+  - More aggressive skipping of value decoding if the value is undefined.
 
 5.90072 - 2014-09-15
   - In the case where you call $c->req->param(undef), warn with a more useful