- updated to 4.64
see /usr/share/doc/packages/perl-CGI/Changes
4.64 2024-03-18
[ META ]
- pass --no-xattrs to tar in Makefile to fix tar backwards compat (GH #264, thanks to ryandesign)
4.63 2024-03-01
[ FIX ]
- ->url returns a string in all cases (GH #263, thanks to Sketch6307)
4.62 2024-03-01
[ FIX ]
- ->url now returns the correct thing for ipv6 brackets (GH #259, thanks to eserte)
4.61 2024-01-08
[ ENHANCEMENT ]
- Support Paritioned cookies in CGI::Cookie (GH #262, thanks to dakkar)
OBS-URL: https://build.opensuse.org/request/show/1160743
OBS-URL: https://build.opensuse.org/package/show/devel:languages:perl/perl-CGI?expand=0&rev=76
- updated to 4.30
see /usr/share/doc/packages/perl-CGI/Changes
4.30 2016-06-08
[ FEATURES ]
- Add SameSite support to Cookie handling (thanks to pangyre)
[ INTERNALS ]
- The MultipartBuffer package has been renamed to CGI::MultipartBuffer.
This has been done in a way to ensure any $MultipartBuffer package
variables are still set correctly in CGI::MultipartBuffer. if you are
explicitly using MultipartBuffer in a form such as:
MultipartBuffer->new
your code will break. you should be calling:
CGI->new->new_MultipartBuffer( $boundary,$length );
to ensure the correctly package is called. if you are extending the
MultipartBuffer package though use of ISA or base (or parent) then you
will need to update your code to use CGI::MultipartBuffer
- fake using strict and warnings to appease CPANTS Kwalitee
4.28 2016-03-14
[ RELEASE NOTES ]
- please see v4.21 Changes for any potentially impacting changes
OBS-URL: https://build.opensuse.org/request/show/401401
OBS-URL: https://build.opensuse.org/package/show/devel:languages:perl/perl-CGI?expand=0&rev=20
- updated to 4.11
4.11 2014-12-02
[ SPEC / BUG FIXES ]
- more hash key ordering bugs fixed in HTML attribute output (GH #158,
thanks to Marcus Meissner for the patch and test case)
[ REFACTORING ]
- escapeHTML (and unescapeHTML) have been refactored to use the functions
exported by the HTML::Entities module (GH #157)
- change BUILD_REQUIRES to TEST_REQUIRES in Makefile.PL as these are test
dependencies not build dependencies (GH #159)
[ DOCUMENTATION ]
- replace any remaining uses of indirect object notation (new Object) with
the safer Object->new syntax (GH #156)
4.10 2014-11-27
[ SPEC / BUG FIXES ]
- favour -content-type arg in header if -type and -charset options are also
passed in (GH #155, thanks to kaoru for the test case). this change also
sorts the hash keys in the rearrange method in CGI::Util meaning the order
of the arrangement will always be the same for params that have multiple
aliases. really you shouldn't be passing in multiple aliases, but this will
make it consistent should you do that
[ DOCUMENTATION ]
- fix some typos
OBS-URL: https://build.opensuse.org/request/show/264053
OBS-URL: https://build.opensuse.org/package/show/devel:languages:perl/perl-CGI?expand=0&rev=16
* Test::More requirement has been bumped to 0.98
- changes from 3.56:
* SECURITY: use public and documented FCGI.pm API in CGI::Fast: CGI::Fast was
using an FCGI API that was deprecated and removed from documentation more
than ten years ago; usage of this deprecated API with FCGI >= 0.70 or FCGI
<= 0.73 introduces a security issue CVE-2011-2766
OBS-URL: https://build.opensuse.org/package/show/devel:languages:perl/perl-CGI?expand=0&rev=13
* Test::More >= 0.88 (done_testing)
- fix build for
* openSUSE > 1140 (shebang), SLE_10, SLE_11, RHEL, CentOS
- remove Author from desc
- update to 3.55:
+ [THINGS THAT MAY BREAK YOUR CODE]
url() was fixed to return "PATH_INFO" when it is explicitly requested
with either the path=>1 or path_info=>1 flag.
If your code is running under mod_rewrite (or compatible) and you are
calling self_url() or you are calling url() and passing path_info=>1,
These methods will actually be returning PATH_INFO now, as you have
explicitly requested, or has self_url() has requested on your behalf.
The PATH_INFO has been omitted in such URLs since the issue was
introduced in the 3.12 release in December, 2005.
This bug is so old your application may have come to depend on it or
workaround it. Check for application before upgrading to this release.
+ The DELETE HTTP verb is now supported (RT#52614)
+ [NEW FEATURES]
- A new option to set $CGI::Carp::TO_BROWSER = 0, allows you to
explicitly exclude a particular scope from triggering printing to
the browser when fatatlsToBrowser is set. (RT#62783)
- The <script> tag now supports the "charset" attribute.
(RT#62907)
- In CGI::Cookie, "Max-Age" is now supported for better
spec compliance.
+ Further improvements have been made to guard against newline
OBS-URL: https://build.opensuse.org/package/show/devel:languages:perl/perl-CGI?expand=0&rev=12
+ [THINGS THAT MAY BREAK YOUR CODE]
url() was fixed to return "PATH_INFO" when it is explicitly requested
with either the path=>1 or path_info=>1 flag.
If your code is running under mod_rewrite (or compatible) and you are
calling self_url() or you are calling url() and passing path_info=>1,
These methods will actually be returning PATH_INFO now, as you have
explicitly requested, or has self_url() has requested on your behalf.
The PATH_INFO has been omitted in such URLs since the issue was
introduced in the 3.12 release in December, 2005.
This bug is so old your application may have come to depend on it or
workaround it. Check for application before upgrading to this release.
+ The DELETE HTTP verb is now supported (RT#52614)
+ [NEW FEATURES]
- A new option to set $CGI::Carp::TO_BROWSER = 0, allows you to
explicitly exclude a particular scope from triggering printing to
the browser when fatatlsToBrowser is set. (RT#62783)
- The <script> tag now supports the "charset" attribute.
(RT#62907)
- In CGI::Cookie, "Max-Age" is now supported for better
spec compliance.
+ Further improvements have been made to guard against newline
injections in headers
- update to 3.50:
* Fixed two security issues:
** The MIME boundary in multipart_init is now random.
** Further improvements to handling of newlines embedded in header
OBS-URL: https://build.opensuse.org/package/show/devel:languages:perl/perl-CGI?expand=0&rev=9
* Fixed two security issues:
** The MIME boundary in multipart_init is now random.
** Further improvements to handling of newlines embedded in header
values. An exception is thrown if header values contain
invalid newlines.
* Correcting/clarifying documentation for param_fetch().
* Fixing https test in http.t.
* Tests were added for multipart_init().
OBS-URL: https://build.opensuse.org/package/show/devel:languages:perl/perl-CGI?expand=0&rev=8
