##// END OF EJS Templates
Commit Message Age Author Refs
r8796:976a1e77
Merge from stable
Mads Kiilerich
merge default tip
0
r8795:fe050a93
hg: Redirect Mercurial stdout/stderr to logging when running as WSGI Any "console" output from Mercurial when Kallithea is running from WSGI should end up in Kallithea's logs. That seems like a nice general feature. This will however also solve another rare but more critical problem: Mercurial is writing to sys.stdout / sys.stderr, using several layers of wrapping. Since Mercurial 5.5 (with https://repo.mercurial-scm.org/hg/rev/8e04607023e5 ), all writes are given a memoryview. Apache httpd mod_wsgi is invoking the WSGI with a custom mod_wsgi.Log injected in sys.stdout / sys.stderr . This logger can however not handle memoryview - https://github.com/GrahamDumpleton/mod_wsgi/issues/863 .
Mads Kiilerich
0
r8794:7c270478
wsgi: Refactor to introduce make_app_raw function with the essentials of make_app Command line commands and WSGI applications have different environments and runtime models. They deserve different handling. Keep make_app doing as before so WSGI scripts keep working as before. All "app" usage from command line is changed to use make_app_raw directly.
Mads Kiilerich
0
r8793:e6c7d225
docs: Make mod_wsgi description more clear and actionable
Mads Kiilerich
0
r8792:3e017e76
py3.13: Fix DeprecationWarning: 'maxsplit' is passed as positional argument
Mads Kiilerich
0
r8791:b9332da7
py3.13: Fix DeprecationWarning: 'count' is passed as positional argument
Mads Kiilerich
0
r8790:aa51aca7
controller: Handle UnicodeDecodeError from webob decoding invalid URLs webob will try to utf-8 decode all %-encoded bytes in URL-parameters, but will not handle Unicode erors ... and neither did Kallithea. Visiting a URL like http://localhost:5000/?%AD would thus give an unhandled exception showing "Internal Server Error" to the user, and logging the full traceback and: WebApp Error: UnicodeDecodeError: 'utf-8' codec can't decode byte 0xad in position 0: invalid start byte This has been seen a lot recently from attackers probing for a php vulnerability https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/ . Now handle these exceptions more nicely and reject with "400 Bad Request".
Valentin Kleibel
0
r8789:0245e0eb
hg: support new clonebundles_manifest write protocol command A new wire protocol command was introduced with Mercurial 6.5 - https://repo.mercurial-scm.org/hg/rev/4238e6b22fc4 . When a client (after negotiation with the server) decided to use this new command, Kallithea would fail safely and require write permissions. Fixed by adding it to the list of known read-only commands.
Mads Kiilerich
0
r8788:b9e24c7b
Merge from stable
Mads Kiilerich
merge default
0
r8787:792eca76
front-end: update package.json to trust semver and package-lock.json
Mads Kiilerich
0
r8786:3d9ee947
front-end: update package-lock.json
Mads Kiilerich
0
r8785:92653a85
tests: address PytestDeprecationWarning for @pytest.yield_fixture Adhere to the warning: kallithea/tests/conftest.py:207: PytestDeprecationWarning: @pytest.yield_fixture is deprecated. Use @pytest.fixture instead; they are the same. @pytest.yield_fixture(scope="session")
Mads Kiilerich
0
r8784:419329d4
scripts: update i18n dev script to modern hg Support for old hg versions is not a concern for dev scripts like this.
Mads Kiilerich
0
r8783:edcd5eaf
setup: bump max versions of pip package dependencies It is a bit risky to update versions on stable, but it is also risky to stay on old versions when there are better(?) options. There are various reasons these max versions have been chosen. I have not analyzed problems seen when using higher versions, but the versions specified here seems like a safe progression of the broad baseline.
Mads Kiilerich
0
r8782:8d6d2138
i18n: updated translation for Greek Currently translated at 100.0% (1082 of 1082 strings)
Aristotelis Stageiritis
0
r8781:47bf4714
i18n: updated translation for Chinese (Simplified) Currently translated at 45.0% (487 of 1082 strings)
Poesty Li
0
r8780:f6d470bb
meta: update copyrights for 2024
Mads Kiilerich
0
r8779:2cd418e3
vcs: replace imp with importlib imp has been dropped in Python 3.12. Mercurial has been changed in a similar way.
Mads Kiilerich
0
r8778:a5d15a75
lib: use packaging.version.Version instead of dropped distutils.version.StrictVersion distutils is dropped in Python 3.12 . Migrate to packaging as described on https://github.com/pypa/packaging/issues/520 .
Mads Kiilerich
0
r8777:ff6c3e28
venv: limit pip version to stay below 24.1 Latest pip version pip fail: WARNING: Ignoring version 5.0.5 of celery since it has invalid metadata: Requested celery<5.1,>=5 from .../celery-5.0.5-py3-none-any.whl (from Kallithea==0.7.0) has invalid metadata: Expected matching RIGHT_PARENTHESIS for LEFT_PARENTHESIS, after version specifier pytz (>dev) ~^ Please use pip<24.1 if you need to use this version. We already use setuptools<67 for the same reason. Pip will keep noting that a newer pip version is available. Resist the temptation to upgrade.
Mads Kiilerich
0
load next
< 1 2 3 4 5 6 7 .. 440 >
showing 20 out of 8797 commits