File rubygem-faye.changes of Package rubygem-faye

-------------------------------------------------------------------
Fri Sep 25 13:56:45 UTC 2020 - Stephan Kulow <coolo@suse.com>

updated to version 1.4.0
 see installed CHANGELOG.md

  ### 1.4.0 / 2020-07-31
  
  - Implement TLS certificate verification and enable it by default in the Ruby
    client class `Faye::Client`
  - Add a `:tls` option to the Ruby client with sub-field `:verify_peer` for
    configuring TLS verification
  - Officially support the `tls` option in the Node.js client, whose contents are
    forward to the `https` and `tls` modules as appropriate
  
  ### 1.3.0 / 2020-06-08
  
  - Support `user:pass@` authorization in URIs and send `Authorization` headers
    from the Node HTTP transport
  - Support IPv6 hostnames in URIs
  - Allow credentials (cookies and `Authorization` headers) in cross-origin
    requests, by:
    - setting `Access-Control-Allow-Origin` to the value of the `Origin` header
      (not `*`)
    - enabling `Access-Control-Allow-Credentials`
  - Enable credentials when sending cross-origin requests
  - Don't disconnect WebSocket on page unload if `autodisconnect` is turned off
  - Catch errors when creating a WebSocket, which happens when Content Security
    Policy blocks it, allowing other transports to be tried
  - Fix a bug in the client where it handles messages from other clients as though
    they're the server's response to its own messages, based on the `id` field;
    now we only treat messages as server responses if they contain `successful:
    true`
  - Stop sending an empty message list `[]` from the WebSocket client as a
    keep-alive mechanism since CometD does not accept this message
  - Fix deprecation warnings for using the `new Buffer()` constructor
  - Switch to the Apache 2.0 license
  
  

-------------------------------------------------------------------
Thu May  7 20:42:20 UTC 2020 - Stephan Kulow <coolo@suse.com>

- updated to version 1.2.5
 see installed CHANGELOG.md

  ### 1.2.5 / 2020-04-28
  
  * Fix `/meta/*` channel recognition bug in the server that enables authentication bypass
  * https://blog.jcoglan.com/2020/04/28/authentication-bypass-in-faye/

-------------------------------------------------------------------
Sun Jan 29 05:35:37 UTC 2017 - coolo@suse.com

- updated to version 1.2.4
 see installed CHANGELOG.md

  ### 1.2.4 / 2017-01-28
  
  * Fix `RackAdapter#get_client` that was failing due to a URI error
  * Define `Promise#catch` in a safe way for old browsers
  * Log errors in the Node HTTP transport

-------------------------------------------------------------------
Wed Oct 12 04:32:38 UTC 2016 - coolo@suse.com

- updated to version 1.2.3
 see installed CHANGELOG.md

  ### 1.2.3 / 2016-10-11
  
  * Return an error if the `data` field is missing on published messages
  * Fix errors that occur in the new `websocket` util when the browser does not support WebSocket

-------------------------------------------------------------------
Tue Jul 19 04:29:10 UTC 2016 - coolo@suse.com

- updated to version 1.2.2
 see installed CHANGELOG.md

  ### 1.2.2 / 2016-07-18
  
  * Mitigate the HTTPoxy vulnerability: https://httpoxy.org/

-------------------------------------------------------------------
Thu Jun 30 04:30:12 UTC 2016 - coolo@suse.com

- updated to version 1.2.1
 see installed CHANGELOG.md

  ### 1.2.1 / 2016-06-29
  
  * Fix a missing variable error in `NodeAdapter`

-------------------------------------------------------------------
Mon Jun 27 04:32:23 UTC 2016 - coolo@suse.com

- updated to version 1.2.0
 see installed CHANGELOG.md

  ### 1.2.0 / 2016-06-26
  
  * Add `client.subscribe().withChannel()` to yield the message channel for wildcard subscriptions
  * Restructure the JavaScript codebase around Node modules (require/exports) rather than globals
  * Update the Promise shim to reflect the standard API, including `catch()` and `all()`
  * Support connecting to servers that use SNI in the Ruby client
  * Make the JavaScript client work inside React Native and Web Workers
  * Remove JSON2; you should import a JSON shim yourself if necessary
  * Handle errors that occur when a message is partially delivered via EventSource
  * Reject requests with invalid (non-array or -object) top-level JSON values
  * Make local client requests asynchronous to avoid re-entrant request handling errors
  * Remove `Connection: Close` from HTTP responses to allow use of keep-alive
  * Use `XMLHttpRequest` in preference to the ActiveX API in IE10
  * Fix bug where flushing large message batches puts promises in an invalid state

-------------------------------------------------------------------
Mon Jul 20 04:28:55 UTC 2015 - coolo@suse.com

- updated to version 1.1.2
 see installed CHANGELOG.md

  ### 1.1.2 / 2015-07-19
  
  * Allow the `Authorization` header to be used on CORS requests
  * Disallow unused methods like PUT and DELETE on CORS requests
  * Stop IE prematurely garbage-collecting `XDomainRequest` objects
  * Make sure messages can be sent if they overflow the request size limit and the outbox is empty
  * Don't send messages over WebSockets unless they are in the 'open' ready-state
  * Fix a bug preventing use of the in-process transport in Ruby

-------------------------------------------------------------------
Wed Feb 25 05:30:30 UTC 2015 - coolo@suse.com

- updated to version 1.1.1

-------------------------------------------------------------------
Mon Feb  9 06:18:56 UTC 2015 - coolo@suse.com

- updated to version 1.1.0
 * Allow the server and client to use WebSocket extensions, for example permessage-deflate
 * Support the `HTTP_PROXY` and `HTTPS_PROXY` environment variables to send all client connections through an HTTP proxy
 * Introduce the `Scheduler` API to allow the user to control message retries
 * Add the `attempts` and `deadline` options to `Client#publish()`
 * Let `RackAdapter` take a block that yields the instance, so extensions can be added to middleware
 * Allow monitoring listeners to see the `clientId` on publishd messages but still avoid sending it to subscribers
 * Return a promise from `Client#disconnect()`
 * Fix client-side retry bugs causing the client to flood the server with duplicate messages
 * Send all transport types in the `supportedConnectionTypes` handshake parameter
 * Don't close WebSockets when the client recovers from an error and sends a new `clientId`
 * Replace `cookiejar` with `tough-cookie` to avoid global variable leaks
 
 ### 1.0.3 / 2014-07-08
 
 * Make some changes to JSON-P responses to mitigate the Rosetta Flash attack
 * http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/

-------------------------------------------------------------------
Thu Dec 12 10:19:34 UTC 2013 - coolo@suse.com

- updated to version 1.0.1
  * Add `Adapter#close()` method for gracefully shutting down the server
  * Fix error recover bug in WebSocket that made transport cycle through `up`/`down` state
  * Update Promise implementation to pass `promises-aplus-tests 2.0`
  * Correct some incorrect variable names in the Ruby transports
  * Make logging methods public to fix a problem on Ruby 2.1

-------------------------------------------------------------------
Fri Oct  4 07:17:57 UTC 2013 - coolo@suse.com

- updated to version 1.0.0
 * Client changes:
   * Allow clients to be instantiated with URI objects rather than strings
   * Add a `ca` option to the Node `Client` class for passing in trusted server certificates
   * Objects supporting the `callback()` method in JavaScript are now Promises
   * Fix protocol-relative URI parsing in the client
   * Remove the `getClientId()` and `getState()` methods from the `Client` class
 * Transport changes:
   * Add request-size limiting to all batching transports
   * Make the WebSocket transport more robust against quiet network periods and clients going to sleep
   * Support cookies across all transports when using the client on Node.js or Ruby
   * Support custom headers in the `cross-origin-long-polling` and server-side `websocket` transports
 * Adapter changes:
   * Support the `rack.hijack` streaming API
   * Migrate to MultiJson for JSON handling on Ruby, allowing use of JRuby
   * Escape U+2028 and U+2029 in JSON-P output
   * Fix a bug stopping requests being routed when the mount point is `/`
   * Fix various bugs that cause errors to be thrown if we try to send a message over a closed socket
   * Remove the `listen()` method from `Adapter` in favour of using server-specific APIs
 * Server changes:
   * Use cryptographically secure random number generators to create client IDs
   * Allow extensions to access request properties by using 3-ary methods
   * Objects supporting the `bind()` method now implement the full `EventEmitter` API
   * Stop the server from forwarding the `clientId` property of published messages
 * Miscellaneous:
   * Support Browserify by returning the client module
   * `Faye.logger` can now be a logger object rather than a function

-------------------------------------------------------------------
Mon May 13 11:12:37 UTC 2013 - coolo@suse.com

- updated to version 0.8.9
 * Specify ciphers for SSL on Node to mitigate the BEAST attack
 * Mitigate increased risk of socket hang-up errors in Node v0.8.20
 * Fix race condition when processing outgoing extensions in the Node server
 * Fix problem loading the client script when using {mount: '/'}
 * Clean up connection objects when a WebSocket is re-used with a new clientId
 * All JavaScript code now runs in strict mode
 * Select transport on handshake, instead of on client creation to allow time for disable() calls
 * Do not speculatively open WebSocket/EventSource connections if they are disabled
 * Gracefully handle WebSocket messages with no data on the client side
 * Close and reconnect WebSocket when onerror is fired, not just when onclose is fired
 * Fix problem with caching of EventSource connections with stale clientIds
 * Don't parse query strings when checking if a URL is same-origin or not
 * Patch security hole allowing remote execution of arbitrary Server methods

-------------------------------------------------------------------
Wed Nov 21 06:32:33 UTC 2012 - coolo@suse.com

- updated to version 0.8.6
 
 * Make sure messages pushed to the client over a socket pass through outgoing extensions
 
 * Fix a bug in URI.parse() that caused Faye endpoints to inherit search and hash from window.location
 
 * Optimise upgrade process so that WebSocket is tested earlier and the connection is cached
 * Check that EventSource actually works to work around broken Opera implementation
 * Emit 'connection:open' and 'connection:close' events from the Engine proxy
 * Increase size of client IDs from 128 to 160 bits
 * Fix bug with relative URL resolution in IE
 * Limit the JSON-P transport's message buffer so it doesn't create over-long URLs
 * Send 'Pragma: no-cache' with XHR requests to guard against iOS 6 POST caching
 * Add 'charset=utf-8' to response Content-Type headers

-------------------------------------------------------------------
Tue Oct 25 07:32:57 UTC 2011 - aduffeck@suse.com

- fix faye over ssl on http sites

-------------------------------------------------------------------
Mon Oct 24 13:20:27 UTC 2011 - aduffeck@suse.com

- update to v0.6.7 (bugfix release) 

-------------------------------------------------------------------
Tue Sep 27 17:38:11 UTC 2011 - aduffeck@suse.com

- inital package