Â
## 2.14.6
- Increased test coverage (thanks Richard)
- Fixed some newly discovered security issues in admin:
 CSRF vulnerability in admin that allows disabling apps
 Brute force password attack vulnerability in admin
 (thanks Narendra and Leonel)Â
## 2.14.1-5
- fixed two major security issues that caused the examples app to leak information
- new Auth(…,host_names=[…]) to prevent host header injection
- improved scheduler
- pep8 enhancements
- many bug fixes
- restored GAE support that was broken in 2.13.*
- improved fabfile for deployment
- refactored examples with stupid.css
- new JWT implementation (experimental)
- new gluon.contrib.redis_scheduler
- myconf.get
- LDAP groups (experimental)
- .flash -> .w2p_flash
- Updated feedparser.py 5.2.1
- Updated jQuery 1.12.2
- welcome app now checks for version number
- Redis improvements. New syntax:
   BEFORE:
   from gluon.contrib.redis_cache import RedisCache
   cache.redis = RedisCache('localhost:6379',db=None, debug=True)
   NOW:
   from gluon.contrib.redis_utils import RConn
   from gluon.contrib.redis_cache import RedisCache
   rconn = RConn()
   # or RConn(host='localhost', port=6379,
   # db=0, password=None, socket_timeout=None,
   # socket_connect_timeout=None, .....)
   # exactly as a redis.StrictRedis instance
   cache.redis = RedisCache(redis_conn=rconn, debug=True)
   BEFORE:
   from gluon.contrib.redis_session import RedisSession
   sessiondb = RedisSession('localhost:6379',db=0, session_expiry=False)
   session.connect(request, response, db = sessiondb)
   NOW:
   from gluon.contrib.redis_utils import RConn
   from gluon.contrib.redis_session import RedisSession
   rconn = RConn()
   sessiondb = RedisSession(redis_conn=rconn, session_expiry=False)
   session.connect(request, response, db = sessiondb)
Many thanks to Richard and Simone for their work and dedication.