|
1 | | -## v.REALLY NEXT |
| 1 | +## v.NEXT |
2 | 2 |
|
3 | 3 | * Upgraded dependencies: |
4 | 4 | - less: 1.7.1 (from 1.6.1) |
5 | 5 |
|
6 | 6 |
|
7 | | -## v.NEXT |
| 7 | +## v0.8.2 |
| 8 | + |
| 9 | +#### Meteor Accounts |
| 10 | + |
| 11 | +* Switch `accounts-password` to use bcrypt to store passwords on the |
| 12 | + server. (Previous versions of Meteor used a protocol called SRP.) |
| 13 | + Users will be transparently transitioned when they log in. This |
| 14 | + transition is one-way, so you cannot downgrade a production app once |
| 15 | + you upgrade to 0.8.2. If you are maintaining an authenticating DDP |
| 16 | + client: |
| 17 | + - Clients that use the plaintext password login handler (i.e. call |
| 18 | + the `login` method with argument `{ password: <plaintext |
| 19 | + password> }`) will continue to work, but users will not be |
| 20 | + transitioned from SRP to bcrypt when logging in with this login |
| 21 | + handler. |
| 22 | + - Clients that use SRP will no longer work. These clients should |
| 23 | + instead directly call the `login` method, as in |
| 24 | + `Meteor.loginWithPassword`. The argument to the `login` method |
| 25 | + can be either: |
| 26 | + - `{ password: <plaintext password> }`, or |
| 27 | + - `{ password: { digest: <password hash>, algorithm: "sha-256" } }`, |
| 28 | + where the password hash is the hex-encoded SHA256 hash of the |
| 29 | + plaintext password. |
| 30 | + |
| 31 | +* Show the display name of the currently logged-in user after following |
| 32 | + an email verification link or a password reset link in `accounts-ui`. |
| 33 | + |
| 34 | +* Add a `userEmail` option to `Meteor.loginWithMeteorDeveloperAccount` |
| 35 | + to pre-fill the user's email address in the OAuth popup. |
| 36 | + |
| 37 | +* Ensure that the user object has updated token information before |
| 38 | + it is passed to email template functions. #2210 |
| 39 | + |
| 40 | +* Export the function that serves the HTTP response at the end of an |
| 41 | + OAuth flow as `OAuth._endOfLoginResponse`. This function can be |
| 42 | + overridden to make the OAuth popup flow work in certain mobile |
| 43 | + environments where `window.opener` is not supported. |
| 44 | + |
| 45 | +* Remove support for OAuth redirect URLs with a `redirect` query |
| 46 | + parameter. This OAuth flow was never documented and never fully |
| 47 | + worked. |
| 48 | + |
| 49 | + |
| 50 | +#### Blaze |
| 51 | + |
| 52 | +* Blaze now tracks individual CSS rules in `style` attributes and won't |
| 53 | + overwrite changes to them made by other JavaScript libraries. |
| 54 | + |
| 55 | +* Add {{> UI.dynamic}} to make it easier to dynamically render a |
| 56 | + template with a data context. |
8 | 57 |
|
9 | | -* Migrate from SRP to bcrypt in `accounts-password`. Users will be |
10 | | - transparently upgraded when they log in. |
| 58 | +* Add `UI._templateInstance()` for accessing the current template |
| 59 | + instance from within a block helper. |
| 60 | + |
| 61 | +* Add `UI._parentData(n)` for accessing parent data contexts from |
| 62 | + within a block helper. |
| 63 | + |
| 64 | +* Add preliminary API for registering hooks to run when Blaze intends to |
| 65 | + insert, move, or remove DOM elements. For example, you can use these |
| 66 | + hooks to animate nodes as they are inserted, moved, or removed. To use |
| 67 | + them, you can set the `_uihooks` property on a container DOM |
| 68 | + element. `_uihooks` is an object that can have any subset of the |
| 69 | + following three properties: |
| 70 | + |
| 71 | + - `insertElement: function (node, next)`: called when Blaze intends |
| 72 | + to insert the DOM element `node` before the element `next` |
| 73 | + - `moveElement: function (node, next)`: called when Blaze intends to |
| 74 | + move the DOM element `node` before the element `next` |
| 75 | + - `removeElement: function (node)`: called when Blaze intends to |
| 76 | + remove the DOM element `node` |
| 77 | + |
| 78 | + Note that when you set one of these functions on a container |
| 79 | + element, Blaze will not do the actual operation; it's your |
| 80 | + responsibility to actually insert, move, or remove the node (by |
| 81 | + calling `$(node).remove()`, for example). |
11 | 82 |
|
12 | 83 | * The `findAll` method on template instances now returns a vanilla |
13 | 84 | array, not a jQuery object. The `$` method continues to |
14 | 85 | return a jQuery object. #2039 |
15 | 86 |
|
| 87 | +* Fix a Blaze memory leak by cleaning up event handlers when a template |
| 88 | + instance is destroyed. #1997 |
| 89 | + |
| 90 | +* Fix a bug where helpers used by {{#with}} were still re-running when |
| 91 | + their reactive data sources changed after they had been removed from |
| 92 | + the DOM. |
| 93 | + |
| 94 | +* Stop not updating form controls if they're focused. If a field is |
| 95 | + edited by one user while another user is focused on it, it will just |
| 96 | + lose its value but maintain its focus. #1965 |
| 97 | + |
| 98 | +* Add `_nestInCurrentComputation` option to `UI.render`, fixing a bug in |
| 99 | + {{#each}} when an item is added inside a computation that subsequently |
| 100 | + gets invalidated. #2156 |
| 101 | + |
| 102 | +* Fix bug where "=" was not allowed in helper arguments. #2157 |
| 103 | + |
| 104 | +* Fix bug when a template tag immediately follows a Spacebars block |
| 105 | + comment. #2175 |
| 106 | + |
| 107 | + |
| 108 | +#### Command-line tool |
| 109 | + |
| 110 | +* Add --directory flag to `meteor bundle`. Setting this flag outputs a |
| 111 | + directory rather than a tarball. |
| 112 | + |
16 | 113 | * Speed up updates of NPM modules by upgrading Node to include our fix for |
17 | 114 | https://github.com/npm/npm/issues/3265 instead of passing `--force` to |
18 | 115 | `npm install`. |
19 | 116 |
|
20 | 117 | * Always rebuild on changes to npm-shrinkwrap.json files. #1648 |
21 | 118 |
|
| 119 | +* Fix uninformative error message when deploying to long hostnames. #1208 |
| 120 | + |
| 121 | +* Increase a buffer size to avoid failing when running MongoDB due to a |
| 122 | + large number of processes running on the machine, and fix the error |
| 123 | + message when the failure does occur. #2158 |
| 124 | + |
| 125 | +* Clarify a `meteor mongo` error message when using the MONGO_URL |
| 126 | + environment variable. #1256 |
| 127 | + |
| 128 | + |
| 129 | +#### Testing |
| 130 | + |
22 | 131 | * Run server tests from multiple clients serially instead of in |
23 | 132 | parallel. This allows testing features that modify global server |
24 | 133 | state. #2088 |
25 | 134 |
|
| 135 | + |
| 136 | +#### Security |
| 137 | + |
26 | 138 | * Add Content-Type headers on JavaScript and CSS resources. |
27 | 139 |
|
28 | 140 | * Add `X-Content-Type-Options: nosniff` header to |
29 | 141 | `browser-policy-content`'s default policy. If you are using |
30 | 142 | `browser-policy-content` and you don't want your app to send this |
31 | 143 | header, then call `BrowserPolicy.content.allowContentTypeSniffing()`. |
32 | 144 |
|
33 | | -* Fix a Blaze memory leak by cleaning up event handlers when a template |
34 | | - instance is destroyed. #1997 |
| 145 | +* Use `Meteor.absoluteUrl()` to compute the redirect URL in the `force-ssl` |
| 146 | + package (instead of the host header). |
| 147 | + |
| 148 | + |
| 149 | +#### Miscellaneous |
35 | 150 |
|
36 | 151 | * Allow `check` to work on the server outside of a Fiber. #2136 |
37 | 152 |
|
|
40 | 155 | * The legacy polling observe driver handles errors communicating with MongoDB |
41 | 156 | better and no longer gets "stuck" in some circumstances. |
42 | 157 |
|
43 | | -* Add {{> UI.dynamic}} to make it easier to dynamically render a |
44 | | - template with a data context. XXX Update "Using Blaze" wiki page. |
45 | | - |
46 | | -* Show the display name of the currently logged-in user after following |
47 | | - a verification link or password reset link in `accounts-ui`. |
48 | | - |
49 | | -* Use `Meteor.absoluteUrl()` to compute the redirect URI in `force-ssl` |
50 | | - instead of the host header. |
51 | | - |
52 | 158 | * Automatically rewind cursors before calls to `fetch`, `forEach`, or `map`. On |
53 | 159 | the client, don't cache the return value of `cursor.count()` (consistently |
54 | 160 | with the server behavior). `cursor.rewind()` is now a no-op. #2114 |
55 | 161 |
|
56 | | -* Allow externally applied CSS style attributes to interop with Blaze |
57 | | - dynamic style attributes. |
58 | | - |
59 | | -* Add `userEmail` option to `Meteor.loginWithMeteorDeveloperAccount`. |
60 | | - |
61 | | -* Fix uninformative error message when deploying to long hostnames. #1208 |
62 | | - |
63 | | -* Ensure that the user object has updated token information on it before |
64 | | - it is passed to email template functions. #2210 |
65 | | - |
66 | 162 | * Remove an obsolete hack in reporting line numbers for LESS errors. #2216 |
67 | 163 |
|
68 | | -* Fix a bug where helpers used by {{#with}} were still re-running when |
69 | | - their reactive data sources change after they have been removed from |
70 | | - the DOM. |
71 | | - |
72 | 164 | * Avoid exceptions when accessing localStorage in certain Internet |
73 | 165 | Explorer configurations. #1291, #1688. |
74 | 166 |
|
75 | | -* Add `UI._templateInstance()` for accessing the current template |
76 | | - instance from within a block helper. |
77 | | - |
78 | | -* Add `UI._parentData(n)` for accessing parent data contexts from |
79 | | - within a block helper. |
80 | | - |
81 | | -* Stop not updating form controls if they're focused. If a field is |
82 | | - edited by one user while another user is focused on it, it will just |
83 | | - lose its value but maintain its focus. #1965 |
84 | | - |
85 | | -* Add tentative API for registering hooks to run when Blaze intends to |
86 | | - insert, move, or remove DOM elements. XXX more detail |
87 | | - |
88 | | -* Export the function that serves the HTTP response at the end of an |
89 | | - OAuth flow as `OAuth._endOfLoginResponse`. This function can be |
90 | | - overridden to make the OAuth popup flow work in certain mobile |
91 | | - environments where `window.opener` is not supported. |
92 | | - |
93 | | -* Remove support for OAuth redirect URLs where a `redirect` query |
94 | | - parameter. This OAuth flow was never documented and never fully |
95 | | - worked. |
96 | | - |
97 | | -* Add `_nestInCurrentComputation` option to `UI.render`, fixing a bug in |
98 | | - {{#each}} when an item is added inside a computation that subsequently |
99 | | - gets invalidated. #2156 |
100 | | - |
101 | | -* Fix bug where "=" was not allowed in helper arguments. #2157 |
102 | | - |
103 | | -* Fix bug when a template tag immediately follows a Spacebars block |
104 | | - comment. #2175 |
105 | | - |
106 | 167 | * Make `handle.ready()` reactively stop, where `handle` is a |
107 | 168 | subscription handle. |
108 | 169 |
|
109 | | -* Increase a buffer size to avoid failing when running MongoDB due to a |
110 | | - large number of processes running on the machine, and fix the error |
111 | | - message when the failure does occur. #2158 |
112 | | - |
113 | 170 | * Fix an error message from `audit-argument-checks` after login. |
114 | 171 |
|
115 | | -* Add --directory flag to `meteor bundle`. Setting this flag outputs a |
116 | | - directory rather than a tarball. |
117 | | - |
118 | 172 | * Make the DDP server send an error if the client sends a connect |
119 | 173 | message with a missing or malformed `support` field. #2125 |
120 | 174 |
|
121 | 175 | * Fix missing `jquery` dependency in the `amplify` package. #2113 |
122 | 176 |
|
123 | 177 | * Ban inserting EJSON custom types as documents. #2095 |
124 | 178 |
|
125 | | -* Clarify a `meteor mongo` error message when using the MONGO_URL |
126 | | - environment variable. #1256 |
127 | | - |
128 | | -* XXX 1e4838ccd38c2df142591a67d675ac38eb8a5630 #2106 |
129 | | - |
130 | | -* XXX df2820ffd92 |
131 | | - |
132 | | -* XXX 00157d8aed23fc290fb985fef73b1c293fa24e63 |
| 179 | +* Fix incorrect URL rewrites in stylesheets. #2106 |
133 | 180 |
|
134 | 181 | * Upgraded dependencies: |
135 | 182 | - node: 0.10.28 (from 0.10.26) |
|
0 commit comments