This release is a stable bugfix release. It fixes issues we've discovered since the release 0.3.1, including security issues CVE-2016-3691 and CVE-2016-3114.
The summary of the changes since 0.3.1 release is below.
Fixes
(bugfix, something now works as intended, users can (or can have to) drop workarounds, probably minor risk)
Authentication
Further sanitize requests to prevent GET CSRF (CVE-2016-3691) cs
Properly invoke PermFunctions (CVE-2016-3114) cs
API
- Avoid sending double Content-Length header (Issue #201) cs
Docs
Improve mod_wsgi documentation (Issue #203) cs
Add notes about IIS, Windows Authentication and Mercurial cs
VCS
- Fix repo size calculation cs
Changelog
- Fix range selection from changelog in git repos (Issue #190) cs