From: John Napiorkowski Date: Tue, 25 Nov 2014 19:44:32 +0000 (-0600) Subject: merged from master X-Git-Tag: 5.90079_001~14 X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?p=catagits%2FCatalyst-Runtime.git;a=commitdiff_plain;h=32ed98de51991a84501ab4d32ff4db4fb7f128ad merged from master --- 32ed98de51991a84501ab4d32ff4db4fb7f128ad diff --cc Changes index 93e194f,28e8d58..231624d --- a/Changes +++ b/Changes @@@ -1,24 -1,24 +1,43 @@@ # This file documents the revision history for Perl extension Catalyst. +5.90080_001 - TBD + - MyApp->to_app is now an alias for MyApp->psgi_app in order to better support + existing Plack conventions. + - Modify Catayst::Response->from_psgi_response to allow the first argument to + be an object that does ->as_psgi. + - Modified Catayst::Middleware::Stash to be a shallow copy in $env. Added some + docs. Added a test case to make sure stash keys added in a child application + don't bubble back up to the main application. + - We no longer use Encode::is_utf8 since it doesn't work the way we think it + does... This required some UTF-8 changes. If your application is UTF-8 aware + I highly suggest you test this release. + - We alway do utf8 decoding on incoming URLs (before we only did so if the server + encoding was utf8. I believe this is correct as per the w3c spec, but please + correct if incorrect :) + - Debug output now shows utf8 characters if those are incoming via Args or as + path or pathparts in your actions. query and body parameter keys are now also + subject to utf8 decoding (or as specificed via the encoding configuration value). + - lots of UTF8 changes. Again we think this is now more correct but please test. + + 5.90077 - 2014-11-18 + - We store the PSGI $env in Catalyst::Engine for backcompat reasons. Changed + this so that the storage is a weak reference, so that it goes out of scope + with the request. This solves an issue where items in the stash (now in the + PSGI env) would not get closed at the end of the request. This caused some + regression, primarily in custom testing classes. + + 5.90076 - 2014-11-13 + - If throwing an exception object that does the code method, make sure that + method returns an expected HTTP status code before passing it on to the + HTTP Exception middleware. + + 5.90075 - 2014-10-06 + - Documentation patch for $c->req->param to point out the recently discovered + potential security issues: http://blog.gerv.net/2014/10/new-class-of-vulnerability-in-perl-web-applications/ + - You don't need to install this update, but you should read about the exploit + and review if your code is vulnerable. If you use the $c->req->param interface + you really need to review this exploit. + 5.90074 - 2014-10-01 - Specify Carp minimum version to avoid pointless test fails (valy++)