summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Don't upgrade admin hashes into the _users database2299-dont-upgrade-admin-hashes-stupidlyRobert Newson2014-08-211-2/+3
| | | | | | | | | | | Admin users are stored in .ini files and are not full-fledged user documents. Internally, a fake document is made to allow insertion into the auth cache. CouchDB 1.6 introduced a feature to upgrade password hashes from the legacy simple hash scheme to the stronger PBKDF2 scheme. It inappropriately attempted to do this to the fake admin docs, which do not pass the _design/_auth validation checks. This is fortunate, however, as CouchDB would then have written the admin users into the users database causing widespread confusion and fear.
* docs: include the right commit from the right branchDave Cottlehuber2014-08-181-1/+1
|
* hash admin passwords on startup when listRobert Newson2014-08-181-1/+3
|
* docs: update release notes with noteworthy commitsDave Cottlehuber2014-08-181-0/+9
|
* build: set version for 1.6.1 releaseDave Cottlehuber2014-08-181-1/+1
|
* COUCHDB-2233 - Correct HTML interpolation instances in documents.1.6.0Christian Hogan2014-05-056-26/+26
| | | | | | | | | | Further updating instances of <%= and to <%- within documents to correctly handle HTML interpolation. Tested for regression in - 34.0.1847.131 - Safari 7.0.2 Signed-off-by: Alexander Shorin <kxepal@apache.org>
* Move Erlang 17 support to 1.6.0 releaseAlexander Shorin2014-05-054-46/+1
|
* docs: update supported Erlang/OTP and SpiderMonkey versionsDave Cottlehuber2014-05-056-6/+53
| | | | | | - matches what the code can support after last Mochiweb update - update .travis.yml file to match 17.0 release - update docs
* Fix setting autoconf flags for using nifsAlexander Shorin2014-05-051-2/+2
|
* Fix comparison warning on ./configureAlexander Shorin2014-05-051-1/+1
|
* build: detect new erlang version format correctlyDave Cottlehuber2014-05-051-7/+11
| | | | | - OTP 17.0 uses a different numbering system for releases and patches, but not semver.org - the major version number will be bumped for the first time in 4 years
* Apply workaround fix for replication checkpoints test against R14B01Alexander Shorin2014-05-051-1/+18
| | | | | | | | | | | | R14B01 and R14B02 both are affected to OTP-9167 Erlang issue which causes 4 tests failure because supervisor restarts worker with old ChildSpec ignoring changes in use_checkpoint options. This fix makes all tests passed, but leaves a notice in verbose mode that there is a problem and how it could be resolved. Another possible solution is to isolate test_use_checkpoints calls, but this will be only hide the issue while it still may happened in prod.
* When backgrounding couchdb, close stdout/stderrJoan Touzet2014-05-041-0/+3
| | | | | COUCHDB-2220 COUCHDB-1669
* Use <%- when interpolating XSS targetsKyle Snavely2014-05-0111-17/+17
| | | | | | | | - I tried to not be super heavy handed, only using <%- for values that could be set with XSS payloads or otherwise come from a user/data. Conflicts: src/fauxton/app/addons/auth/templates/nav_link_title.html
* Added missing build requirements for Centos/RHEL environments.Wendall Cada2014-04-292-15/+16
|
* Fix race condition in test suite on checking ref countAlexander Shorin2014-04-301-0/+1
| | | | | | | | The issue happened from time to time on CentOS system: one, two or few tests failed because ref count wasn't decremented till the very moment when this value was requested and the result returned back. Adding sleep timeout helps to synchronise calls and while 0.1 sec sleep is good, but not enough - with 0.2 sleep floating errors happens no more.
* Fix 231-cors.t test suite (again)Alexander Shorin2014-04-291-2/+2
| | | | | | | | | | | | | | That's interesting issue: couch_passwords:hash_admin_password accepts password as binary string, but list one had been passed instead. This causes crush with function_clause reason. Ok, but this crush left hidden for R15/R16 - only R14 shows stack trace in output and alerts that's something wrong. To be honest, *sometimes* it's also possible to reproduce this test suite crush with modern Erlang releases, but it will be about Bad Plan: planned 27 test, but run only 26. Nothing specific. So, silent crush prevented other tests to be run and also counted by the plan. Now this is fixed.
* Actually, run the test case for COUCHDB-1697Alexander Shorin2014-04-151-1/+2
|
* Fix 231-cors test suite bad plan and duplicate start for dep appsAlexander Shorin2014-04-151-5/+1
|
* Sometimes one extra character makes all the differenceDirkjan Ochtman2014-04-151-1/+1
|
* Add some more files to the build systemDirkjan Ochtman2014-04-153-0/+4
|
* Add CVE-214-2668 documentation to build systemDirkjan Ochtman2014-04-151-0/+1
|
* Merge remote-tracking branch 'origin/master' into 1.6.xDirkjan Ochtman2014-04-1524-124/+1220
|\
| * Fauxton: Fix global var in logs/resourcesRobert Kowalski2014-04-141-1/+1
| |
| * Changes: Some button class cleanupsuelockwood2014-04-142-5/+8
| |
| * Changes from review:Robert Kowalski2014-04-143-6/+11
| | | | | | | | | | | | Fix button text trigger Toggle button gray on click Change padding
| * couchserver: also serve files with cachebuster, remove the GET-ParamRobert Kowalski2014-04-141-0/+1
| |
| * Fauxton: remove the hidden tabsRobert Kowalski2014-04-144-55/+0
| | | | | | | | Closes #200
| * Fauxton: add external ZeroClipboard DependencyRobert Kowalski2014-04-142-0/+1031
| |
| * Fauxton: redesign _changes-UIRobert Kowalski2014-04-146-32/+108
| | | | | | | | | | | | | | Implement copying to clipboard Change the view Closes COUCHDB-2206
| * Fauxton: Code cleanupGarren Smith2014-04-143-11/+2
| | | | | | | | | | Remove old linted config Add resizeColumns to app
| * Fauxton fixesGarren Smith2014-04-144-12/+14
| | | | | | | | | | * Fix stats css was leaking over to other pages * Fix new view creation failing for a new design doc
| * Fauxton: Fix failing pagination testGarren Smith2014-04-141-1/+1
| |
| * Fauxton: fix missing leading zeros in logsRobert Kowalski2014-04-144-9/+47
| | | | | | | | | | | | | | | | | | This adds leading zeros to the times in the log view. Before that the times were displayed like 1:5:3 (if it were 01:05:03) because getHours() and friends are returning a Number and not a String with a leading 0. In the case of 1:5:3 the corrected time is now displayed as: 01:05:03. As d3 has a nice date formatter we do not have to roll our own.
| * Fauxton: Remove reset of paginationGarren Smith2014-04-141-2/+0
| |
| * Add license header for tracking.htmlAlexander Shorin2014-04-131-0/+15
| |
| * Fix automake subdir-objects warnings on Mac OS XAlexander Shorin2014-04-133-0/+6
| |
* | Update 1.6.0 notes with proper CVE-2014-2668 noteDirkjan Ochtman2014-04-151-3/+3
| |
* | Add CVE-2014-2668 warning to old release branchesAlexander Shorin2014-04-153-1/+14
| |
* | Add documentation for CVE-2014-2668Alexander Shorin2014-04-151-0/+54
| |
* | Add license header for tracking.htmlAlexander Shorin2014-04-141-0/+15
| |
* | Update what's new for 1.6.0 for latest mergeDirkjan Ochtman2014-04-111-0/+2
| |
* | Add note about CVE-2014-2668 to 1.6.0 what's newDirkjan Ochtman2014-04-111-0/+3
| |
* | Merge master into 1.6.x once moreDirkjan Ochtman2014-04-1122-283/+587
|\ \ | |/
| * Add GA tracking to docs, only when not localNoah Slater2014-04-103-3/+21
| |
| * Fauxton: Improved paginationGarren Smith2014-04-1011-260/+492
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is a new version of pagination in Fauxton using skip. It uses a PagingCollection that has the main algorithm for pagination and exposes a nice api. This is an intermediate step as this is a much better pagination than we have at the moment. However using just skip for pagination is not optimal as there are two cases where skip pagination fails - For very large skips and for when documents that a user have paginated past have been deleted. The next step once this has landed will be to add in a startkey_docid pagination as well. The PagingCollection would then decided which method to use to paginate for an index.
| * fix test assertionRobert Newson2014-04-091-1/+1
| |
| * Merge branch '2221-bug-validate-auth-params'Robert Newson2014-04-094-4/+54
| |\
| | * Verify that auth-related properties are well-formed2221-bug-validate-auth-paramsRobert Newson2014-04-064-4/+54
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Passing unexpected values to auth fields can result in server issues. Notably, setting "iterations" to a string will cause an infinite loop as the comparison 'when Iteration > Iterations' will never evaluate to true. The latest validate_doc_update prevents user docs with this problem and administrators can deploy that check themselves (and only administrators can edit design documents). A server administrator can also insist on lower and upper bounds for iteration count to reject weakly protected passwords and resource-hungry passwords respectively. COUCHDB-2221
| * | Fix for Urlencoding utils, checking for character that doesn't need encodingsuelockwood2014-04-081-3/+3
| |/
View Lorry Controller Status