|
1 | | -I'm proud to release version 1.4.10 of Roundup which fixes some bugs: |
2 | | - |
3 | | -- Minor update of doc/developers.txt to point to the new resources |
4 | | - on www.roundup-tracker.org (Bernhard Reiter) |
5 | | -- Small CSS improvements regaring the search box (thanks Thomas Arendsan Hein) |
6 | | - (issue 2550589) |
7 | | -- Indexers behaviour made more consistent regarding length of indexed words |
8 | | - and stopwords (thanks Thomas Arendsen Hein, Bernhard Reiter)(issue 2550584) |
9 | | -- fixed typos in the installation instructions (thanks Thomas Arendsen Hein) |
10 | | - (issue 2550573) |
11 | | -- New config option csv_field_size: Pythons csv module (which is used |
12 | | - for export/import) has a new field size limit starting with python2.5. |
13 | | - We now issue a warning during export if the limit is too small and use |
14 | | - the csv_field_size configuration during import to set the limit for |
15 | | - the csv module. |
16 | | -- Small fix for CGI-handling of XMLRPC requests for python2.4, this |
17 | | - worked only for 2.5 and beyond due to a change in the xmlrpc interface |
18 | | - in python |
19 | | -- Document filter method of xmlrpc interface |
20 | | -- Fix interaction of SSL and XMLRPC, now XMLRPC works with SSL |
| 1 | +I'm proud to release version 1.4.11 of Roundup which fixes a number bugs |
| 2 | +and closes a potential security hole. |
| 3 | + |
| 4 | +All tracker maintainers must read the upgrading documentation to make sure |
| 5 | +the hole is fixed in their tracker. |
| 6 | + |
| 7 | +Other changes in this release: |
| 8 | + |
| 9 | +- Generic class editor may now restore retired items (thanks Ralf Hemmecke) |
| 10 | +- Fix security hole allowing user permission escalation (thanks Ralf |
| 11 | + Schlatterbeck) |
| 12 | +- More SSL fixes. SSL wants the underlying socket non-blocking. So we |
| 13 | + don't call socket.setdefaulttimeout in case of SSL. This apparently |
| 14 | + never raises a WantReadError from SSL. |
| 15 | + This also fixes a case where a WantReadError is raised and apparently |
| 16 | + the bytes already read are dropped (seems the WantReadError is really |
| 17 | + an error, not just an indication to retry). |
| 18 | +- Correct initial- and end-handshakes for SSL |
| 19 | +- Update FAQ to mention infinite redirects with pathological settings of |
| 20 | + the tracker->web variable. Closes issue2537286, thanks to "stuidge" |
| 21 | + for reporting. |
| 22 | +- Fix some format errors in italian translation file |
| 23 | +- Some bugs issue classifiers were causing database lookup errors |
| 24 | +- Fix security-problem: If user hasn't permission on a message (notably |
| 25 | + files and content properties) and is on the nosy list, the content was |
| 26 | + sent via email. We now check that user has permission on the message |
| 27 | + content and files properties. Thanks to Intevation for funding this |
| 28 | + fix. |
| 29 | +- Fix traceback on .../msgN/ url, this requests the file content and for |
| 30 | + apache mod_wsgi produced a traceback because the mime type is None for |
| 31 | + messages, fixes issue2550586, thanks to Thomas Arendsen Hein for |
| 32 | + reporting and to Intevation for funding the fix. |
| 33 | +- Handle OPTIONS http request method in wsgi handler, fixes issue2550587. |
| 34 | + Thanks to Thomas Arendsen Hein for reporting and to Intevation for |
| 35 | + funding the fix. |
| 36 | +- Add documentation for migrating to the Register permission and |
| 37 | + fix mailgw to use Register permission, fixes issue2550599 |
| 38 | +- Fix styling of calendar to make it more usable, fixes issue2550608 |
| 39 | +- Fix typo in email section of user guide, fixes issue2550607 |
| 40 | +- Fix WSGI response code (thanks Peter Pöml) |
| 41 | +- Fix linking of an existing item to a newly created item, e.g. |
| 42 | + edit action in web template is name="issue-1@link@msg" value="msg1" |
| 43 | + would trigger a traceback about an unbound variable. |
| 44 | + Add new regression test for this case. May be related to (now closed) |
| 45 | + issue1177477. Thanks to Intevation for funding the fix. |
| 46 | +- Clean up all the places where role processing occurs. This is now in a |
| 47 | + central place in hyperdb.Class and is used consistently throughout. |
| 48 | + This also means now a template can override the way role processing |
| 49 | + occurs (e.g. for elaborate permission schemes). Thanks to intevation |
| 50 | + for funding the change. |
| 51 | +- Fix issue2550606 (german translation bug) "an hour" is only used in |
| 52 | + the context "in an hour" or "an hour ago" which translates to german |
| 53 | + "in einer Stunde" or "vor einer Stunde". So "an hour" is translated |
| 54 | + "einer Stunde" (which sounds wrong at first). Also note that date.py |
| 55 | + already has a comment saying "XXX this is internationally broken" -- |
| 56 | + but at least there's a workaround for german :-) Thanks to Chris |
| 57 | + (radioking) for reporting. |
21 | 58 |
|
22 | 59 | If you're upgrading from an older version of Roundup you *must* follow |
23 | 60 | the "Software Upgrade" guidelines given in the maintenance documentation. |
|
0 commit comments