Changelog History
Page 20
-
v0.9.1.1 Changes
September 06, 2014๐ Fix backwards compatibility for packages that had weak dependencies on packages renamed in 0.9.1 (
ui
,deps
,livedata
). #2521๐ Fix error when using the
reactive-dict
package without themongo
package.
-
v0.9.0 Changes
August 26, 2014๐ฆ Meteor 0.9.0 introduces the Meteor Package Server. Incorporating lessons from our community's Meteorite tool, Meteor 0.9.0 allows users to develop and publish ๐ฆ Meteor packages to a central repository. The
meteor publish
command is used to ๐ฆ publish packages. Non-core packages can now be added withmeteor add
, and you ๐ฆ can specify version constraints on the packages you use. Binary packages can be published for additional architectures withmeteor publish-for-arch
, which ๐ allows cross-platform deploys and bundling. You can search for packages withmeteor search
and display information on them withmeteor show
, or you can ๐ use the Atmosphere web interface developed by Percolate Studio at https://atmospherejs.com/๐ See https://docs.meteor.com/#writingpackages and ๐ฆ https://docs.meteor.com/#packagejs for more details.
Other packaging-related changes:
๐ฆ
meteor list
now lists the packages your app is using, which was formerly the behavior ofmeteor list --using
. To search for packages you are not currently using, usemeteor search
. The concept of an "internal" package (which did not show up inmeteor list
) no longer exists.To prepare a bundle created with
meteor bundle
for execution on a server, you now runnpm install
with no arguments instead of having to specify a few specific npm modules and their versions explicitly. See the README in the generated bundle for more details.๐ All
under_score
-stylepackage.js
APIs (Package.on_use
,api.add_files
, etc) have been replaced withcamelCase
names (Package.onUse
,api.addFiles
, etc). The old names continue to work for now.๐ There's a new
archMatching
option toPlugin.registerSourceHandler
, which should be used by any plugin whose output is only for the client or only for the server (eg, CSS and HTML templating packages); this allows Meteor to avoid restarting the server when files processed by these plugins change.
Other changes:
When running your app with the local development server, changes that only affect the client no longer require restarting the server. Changes that only affect CSS no longer require the browser to refresh the page, both in local development and in some production environments. #490
๐ฒ When a call to
match
fails in a method or subscription, log the failure on the server. (This matches the behavior described in our docs)๐ฆ The
appcache
package now defaults to functioning on all browsers that support the AppCache API, rather than a whitelist of browsers. The main effect of this change is thatappcache
is now enabled by default on Firefox, because Firefox no longer makes a confusing popup. You can still disable individual browsers withAppCache.config
. #2241๐ป The
forceApprovalPrompt
option can now be specified inAccounts.ui.config
in addition toMeteor.loginWithGoogle
. #2149Don't leak websocket clients in server-to-server DDP in some cases (and fix "Got open from inactive client" error). https://github.com/faye/websocket-driver-node/pull/8
โก๏ธ Updated OAuth url for login with Meetup.
๐ Allow minimongo
changed
callbacks to mutate theiroldDocument
argument. #2231๐ Fix upsert called from client with no callback. #2413
Avoid a few harmless exceptions in OplogObserveDriver.
๐จ Refactor
observe-sequence
package.๐ Fix
spiderable
race condition.Re-apply our fix of NPM bug https://github.com/npm/npm/issues/3265 which got accidentally reverted upstream.
โช Workaround for a crash in recent Safari versions. https://github.com/meteor/meteor/commit/e897539adb
โฌ๏ธ Upgraded dependencies:
- less: 1.7.4 (from 1.7.1)
- tar: 1.0.1 (from 0.1.19)
- fstream: 1.0.2 (from 0.1.25)
Patches by GitHub users Cangit, dandv, ImtiazMajeed, MaximDubrovin, mitar, mquandalle, rcy, RichardLitt, thatneat, and twhy.
-
v0.9.0.1 Changes
August 27, 2014๐ Fix issues preventing hot code reload from automatically reloading webapps in two cases: when the old app was a pre-0.9.0 app, and when the app used appcache. (In both cases, an explicit reload still worked.)
๐ Fix publishing packages containing a plugin with platform-specific code but no platform-specific code in the main package.
๐ Fix
meteor add package@version
when the package was already added with a different version constraint.๐ Improve treatment of pre-release packages (packages with a dash in their version). Guarantee that they will not be chosen by the constraint solver unless explicitly requested.
meteor list
won't suggest that you update to them.๐ Fix slow spiderable executions.
๐ Fix dev-mode client-only restart when client files changed very soon after server restart.
๐ Fix stack trace on
meteor add
constraint solver failure.๐ Fix "access-denied" stack trace when publishing packages.
-
v0.8.3 Changes
July 29, 2014Blaze
๐จ Refactor Blaze to simplify internals while preserving the public API.
UI.Component
has been replaced withBlaze.View.
๐ Fix performance issues and memory leaks concerning event handlers.
โ Add
UI.remove
, which removes a template afterUI.render
/UI.insert
.โ Add
this.autorun
to the template instance, which is likeDeps.autorun
but is automatically stopped when the template is destroyed.Create
<a>
tags as SVG elements when they havexlink:href
attributes. (Previously,<a>
tags inside SVGs were never created as SVG elements.) #2178Throw an error in
{{foo bar}}
iffoo
is missing or not a function.Cursors returned from template helpers for #each should implement the
observeChanges
method and don't have to be Minimongo cursors (allowing new custom data stores for Blaze like Miniredis).โ Remove warnings when {{#each}} iterates over a list of strings, numbers, or other items that contains duplicates. #1980
Meteor Accounts
๐ Fix regression in 0.8.2 where an exception would be thrown if
Meteor.loginWithPassword
didn't have a callback. Callbacks toMeteor.loginWithPassword
are now optional again. #2255๐ Fix OAuth popup flow in mobile apps that don't support
window.opener
. #2302๐ Fix "Email already exists" error with MongoDB 2.6. #2238
mongo-livedata and minimongo
๐ Fix performance issue where a large batch of oplog updates could block the node event loop for long periods. #2299.
๐ Fix oplog bug resulting in error message "Buffer inexplicably empty". #2274
๐ Fix regression from 0.8.2 that caused collections to appear empty in reactive
findOne()
orfetch
queries that run before a mutator returns. #2275
Miscellaneous
0๏ธโฃ Stop including code by default that automatically refreshes the page if JavaScript and CSS don't load correctly. While this code is useful in some multi-server deployments, it can cause infinite refresh loops if there are errors on the page. Add the
reload-safetybelt
package to your app if you want to include this code.On the server,
Meteor.startup(c)
now callsc
immediately if the server has already started up, matching the client behavior. #2239โ Add support for server-side source maps when debugging with
node-inspector
.โ Add
WebAppInternals.addStaticJs()
for adding static JavaScript code to be served in the app, inline if allowed bybrowser-policy
.โ Make the
tinytest/run
method return immediately, so thatwait
method calls from client tests don't block on server tests completing.๐ฒ Log errors from method invocations on the client if there is no callback provided.
โฌ๏ธ Upgraded dependencies:
- node: 0.10.29 (from 0.10.28)
- less: 1.7.1 (from 1.6.1)
Patches contributed by GitHub users Cangit, cmather, duckspeaker, zol.
-
v0.8.3.1 Changes
December 09, 2014- ๐ Fix a security issue in allow/deny rules that could result in data loss. If your app uses allow/deny rules, or uses packages that use allow/deny rules, we recommend that you update immediately. Backport from 1.0.1.
-
v0.8.2 Changes
June 23, 2014Meteor Accounts
Switch
accounts-password
to use bcrypt to store passwords on the server. (Previous versions of Meteor used a protocol called SRP.) Users will be transparently transitioned when they log in. This transition is one-way, so you cannot downgrade a production app once you upgrade to 0.8.2. If you are maintaining an authenticating DDP client:- Clients that use the plaintext password login handler (i.e. call
the
login
method with argument{ password: <plaintext password> }
) will continue to work, but users will not be transitioned from SRP to bcrypt when logging in with this login handler. - Clients that use SRP will no longer work. These clients should
instead directly call the
login
method, as inMeteor.loginWithPassword
. The argument to thelogin
method can be either:{ password: <plaintext password> }
, or{ password: { digest: <password hash>, algorithm: "sha-256" } }
, where the password hash is the hex-encoded SHA256 hash of the plaintext password.
- Clients that use the plaintext password login handler (i.e. call
the
๐ Show the display name of the currently logged-in user after following an email verification link or a password reset link in
accounts-ui
.โ Add a
userEmail
option toMeteor.loginWithMeteorDeveloperAccount
to pre-fill the user's email address in the OAuth popup.โก๏ธ Ensure that the user object has updated token information before it is passed to email template functions. #2210
Export the function that serves the HTTP response at the end of an OAuth flow as
OAuth._endOfLoginResponse
. This function can be overridden to make the OAuth popup flow work in certain mobile environments wherewindow.opener
is not supported.โ Remove support for OAuth redirect URLs with a
redirect
query parameter. This OAuth flow was never documented and never fully worked.
Blaze
๐ Blaze now tracks individual CSS rules in
style
attributes and won't overwrite changes to them made by other JavaScript libraries.โ Add
{{> UI.dynamic}}
to make it easier to dynamically render a template with a data context.โ Add
UI._templateInstance()
for accessing the current template instance from within a block helper.โ Add
UI._parentData(n)
for accessing parent data contexts from within a block helper.โ Add preliminary API for registering hooks to run when Blaze intends to insert, move, or remove DOM elements. For example, you can use these hooks to animate nodes as they are inserted, moved, or removed. To use them, you can set the
_uihooks
property on a container DOM element._uihooks
is an object that can have any subset of the following three properties:insertElement: function (node, next)
: called when Blaze intends to insert the DOM elementnode
before the elementnext
moveElement: function (node, next)
: called when Blaze intends to move the DOM elementnode
before the elementnext
removeElement: function (node)
: called when Blaze intends to remove the DOM elementnode
Note that when you set one of these functions on a container element, Blaze will not do the actual operation; it's your responsibility to actually insert, move, or remove the node (by calling
$(node).remove()
, for example).The
findAll
method on template instances now returns a vanilla array, not a jQuery object. The$
method continues to return a jQuery object. #2039๐ Fix a Blaze memory leak by cleaning up event handlers when a template instance is destroyed. #1997
๐ Fix a bug where helpers used by {{#with}} were still re-running when their reactive data sources changed after they had been removed from the DOM.
โก๏ธ Stop not updating form controls if they're focused. If a field is edited by one user while another user is focused on it, it will just lose its value but maintain its focus. #1965
โ Add
_nestInCurrentComputation
option toUI.render
, fixing a bug in {{#each}} when an item is added inside a computation that subsequently gets invalidated. #2156๐ Fix bug where "=" was not allowed in helper arguments. #2157
๐ Fix bug when a template tag immediately follows a Spacebars block comment. #2175
Command-line tool
โ Add --directory flag to
meteor bundle
. Setting this flag outputs a directory rather than a tarball.โก๏ธ Speed up updates of NPM modules by upgrading Node to include our fix for https://github.com/npm/npm/issues/3265 instead of passing
--force
tonpm install
.Always rebuild on changes to npm-shrinkwrap.json files. #1648
๐ Fix uninformative error message when deploying to long hostnames. #1208
Increase a buffer size to avoid failing when running MongoDB due to a large number of processes running on the machine, and fix the error message when the failure does occur. #2158
Clarify a
meteor mongo
error message when using the MONGO_URL environment variable. #1256
โ Testing
- โ Run server tests from multiple clients serially instead of in parallel. This allows testing features that modify global server state. #2088
๐ Security
โ Add Content-Type headers on JavaScript and CSS resources.
โ Add
X-Content-Type-Options: nosniff
header tobrowser-policy-content
's default policy. If you are usingbrowser-policy-content
and you don't want your app to send this header, then callBrowserPolicy.content.allowContentTypeSniffing()
.๐ Use
Meteor.absoluteUrl()
to compute the redirect URL in theforce-ssl
package (instead of the host header).
Miscellaneous
๐ Allow
check
to work on the server outside of a Fiber. #2136EJSON custom type conversion functions should not be permitted to yield. #2136
The legacy polling observe driver handles errors communicating with MongoDB better and no longer gets "stuck" in some circumstances.
Automatically rewind cursors before calls to
fetch
,forEach
, ormap
. On the client, don't cache the return value ofcursor.count()
(consistently with the server behavior).cursor.rewind()
is now a no-op. #2114โ Remove an obsolete hack in reporting line numbers for LESS errors. #2216
Avoid exceptions when accessing localStorage in certain Internet Explorer configurations. #1291, #1688.
๐ Make
handle.ready()
reactively stop, wherehandle
is a subscription handle.๐ Fix an error message from
audit-argument-checks
after login.๐ Make the DDP server send an error if the client sends a connect message with a missing or malformed
support
field. #2125๐ Fix missing
jquery
dependency in theamplify
package. #2113Ban inserting EJSON custom types as documents. #2095
๐ Fix incorrect URL rewrites in stylesheets. #2106
โฌ๏ธ Upgraded dependencies:
- node: 0.10.28 (from 0.10.26)
- uglify-js: 2.4.13 (from 2.4.7)
- sockjs server: 0.3.9 (from 0.3.8)
- websocket-driver: 0.3.4 (from 0.3.2)
- stylus: 0.46.3 (from 0.42.3)
Patches contributed by GitHub users awwx, babenzele, Cangit, dandv, ducdigital, emgee3, felixrabe, FredericoC, jbruni, kentonv, mizzao, mquandalle, subhog, tbjers, tmeasday.
-
v0.8.1 Changes
April 30, 2014Meteor Accounts
๐ Fix a security flaw in OAuth1 and OAuth2 implementations. If you are using any OAuth accounts packages (such as
accounts-google
oraccounts-twitter
), we recommend that you update immediately and log out your users' current sessions with the following MongoDB command:$ db.users.update({}, { $set: { 'services.resume.loginTokens': [] } }, { multi: true });
OAuth redirect URLs are now required to be on the same origin as your app.
๐ฒ Log out a user's other sessions when they change their password.
Store pending OAuth login results in the database instead of in-memory, so that an OAuth flow succeeds even if different requests go to different server processes.
When validateLoginAttempt callbacks return false, don't override a more specific error message.
โ Add
Random.secret()
for generating security-critical secrets like login tokens.Meteor.logoutOtherClients
now calls the user callback when other login tokens have actually been removed from the database, not when they have been marked for eventual removal. #1915๐ Rename
Oauth
toOAuth
.Oauth
is now an alias for backwards compatibility.โ Add
oauth-encryption
package for encrypting sensitive account credentials in the database.๐ป A validate login hook can now override the exception thrown from
beginPasswordExchange
like it can for other login methods.โ Remove an expensive observe over all users in the
accounts-base
package.
Blaze
0๏ธโฃ Disallow
javascript:
URLs in URL attribute values by default, to help prevent cross-site scripting bugs. CallUI._allowJavascriptUrls()
to allow them.๐ Fix
UI.toHTML
on templates containing{{#with}}
.๐ Fix
{{#with}}
over a data context that is mutated. #2046๐ป Clean up autoruns when calling
UI.toHTML
.Properly clean up event listeners when removing templates.
โ Add support for
{{!-- block comments --}}
in Spacebars. Block comments may contain}}
, so they are more useful than{{! normal comments}}
for commenting out sections of Spacebars templates.Don't dynamically insert
<tbody>
tags in reactive tablesWhen handling a custom jQuery event, additional arguments are no longer lost -- they now come after the template instance argument. #1988
DDP and MongoDB
๐ค Extend latency compensation to support an arbitrary sequence of inserts in methods. Previously, documents created inside a method stub on the client would eventually be replaced by new documents from the server, causing the screen to flicker. Calling
insert
inside a method body now generates the same ID on the client (inside the method stub) and on the server. A sequence of inserts also generates the same sequence of IDs. Code that wants a random stream that is consistent between method stub and real method execution can get one withDDP.randomStream
. https://trello.com/c/moiiS2rP/57-pattern-for-creating-multiple-database-records-from-a-methodThe document passed to the
insert
callback ofallow
anddeny
now only has a_id
field if the client explicitly specified one; this allows you to useallow
/deny
rules to prevent clients from specifying their own_id
. As an exception,allow
/deny
rules with atransform
always have an_id
.DDP now has an implementation of bidirectional heartbeats which is consistent across SockJS and websocket transports. This enables connection keepalive and allows servers and clients to more consistently and efficiently detect disconnection.
The DDP protocol version number has been incremented to "pre2" (adding randomSeed and heartbeats).
The oplog observe driver handles errors communicating with MongoDB better and knows to re-poll all queries after a MongoDB failover.
๐ Fix bugs involving mutating DDP method arguments.
meteor command-line tool
๐ Move boilerplate HTML from tools to webapp. Change internal
Webapp.addHtmlAttributeHook
API.โ Add
meteor list-sites
command for listing the sites that you have deployed to meteor.com with your Meteor developer account.Third-party template languages can request that their generated source loads before other JavaScript files, just like *.html files, by passing the isTemplate option to Plugin.registerSourceHandler.
You can specify a particular interface for the dev mode runner to bind to with
meteor -p host:port
.Don't include proprietary tar tags in bundle tarballs.
๐ Convert relative URLs to absolute URLs when merging CSS files.
โฌ๏ธ Upgraded dependencies
- Node.js from 0.10.25 to 0.10.26.
- MongoDB driver from 1.3.19 to 1.4.1
- stylus: 0.42.3 (from 0.42.2)
- ๐ showdown: 0.3.1
- ๐ css-parse: an unreleased version (from 1.7.0)
- ๐ css-stringify: an unreleased version (from 1.4.1)
Patches contributed by GitHub users aldeed, apendua, arbesfeld, awwx, dandv, davegonzalez, emgee3, justinsb, mquandalle, Neftedollar, Pent, sdarnell, and timhaines.
-
v0.8.1.3 Changes
May 22, 2014๐ Fix a security issue in the
spiderable
package.spiderable
now uses the ROOT_URL environment variable instead of the Host header to determine which page to snapshot.๐ Fix hardcoded Twitter URL in
oauth1
package. This fixes a regression in 0.8.0.1 that broke Atmosphere packages that do OAuth1 logins. #2154.โ Add
credentialSecret
argument toGoogle.retrieveCredential
, which was forgotten in a previous release.โ Remove nonexistent
-a
and-r
aliases for--add
and--remove
inmeteor help authorized
. #2155โ Add missing
underscore
dependency in theoauth-encryption
package. #2165โช Work around IE8 bug that caused some apps to fail to render when minified. #2037.
-
v0.8.1.2 Changes
May 12, 2014๐ Fix memory leak (introduced in 0.8.1) by making sure to unregister sessions at the server when they are closed due to heartbeat timeout.
โ Add
credentialSecret
argument toGoogle.retrieveCredential
,Facebook.retrieveCredential
, etc., which is needed to use them as of 0.8.1. #2118๐ Fix 0.8.1 regression that broke apps using a
ROOT_URL
with a path prefix. #2109
-
v0.8.1.1 Changes
May 01, 2014