|
1 | | -I'm proud to release version 1.4.20 of Roundup which can be seen as a |
2 | | -security release. We've fixed several security issues, in particular |
3 | | -some XSS issues. We've also dropped support for python 2.4 with this |
4 | | -release. This release also introduces some minor features and, as usual, |
5 | | -fixes some bugs: |
| 1 | +I'm proud to release version 1.4.21 of Roundup which has been possible |
| 2 | +due to the help of several contributors. This release introduces some |
| 3 | +minor features and, as usual, fixes some bugs: |
6 | 4 |
|
7 | 5 | Features: |
8 | 6 |
|
9 | | -- Experimental support for the new Chameleon templating engine. |
10 | | - We now have two configurable templating engines, the old Zope TAL |
11 | | - templates (called zopetal in the config) and the new Chameleon (called |
12 | | - chameleon in the config). A new config-option "template_engine" under |
13 | | - [main] can take these config-options, the default is zopetal. |
14 | | - Thanks to Cheer Xiao for the idea of making this configurable *and* |
15 | | - for the actual implementation! (Ralf) |
16 | | - WARNING: Chameleon support is highly experimental and *not* recommended for |
17 | | - production use. It has known performance issues and i18n is not yet |
18 | | - functioning. It's still under active development. Only use this feature if |
19 | | - you want to experiment with Chameleon and/or help with Roundup |
20 | | - developement. If you found a bug in Chameleon support, please report after |
21 | | - testing against latest Roundup source from the Mercurial repository. |
22 | | -- issue2550678: Allow pagesize=-1 which returns all results. |
23 | | - Suggested and implemented by John Kristensen. |
24 | | - Tested by Satchidanand Haridas. (Bernhard) |
25 | | -- Allow to turn off translation of generated html options in menu method |
26 | | - of LinkHTMLProperty and MultilinkHTMLProperty -- default is |
27 | | - translation as it used to be (Ralf) |
28 | | -- Sending of OpenPGP encrypted mail to all users or selected users (via |
29 | | - roles) is now working. (Ralf) |
30 | | -- Add config-option "nosy" to messages_to_author setting in [nosy] |
31 | | - section of config: This will send a message to the author only |
32 | | - in the case where the author is on the nosy-list (either added |
33 | | - earlier or via the add_author setting). Current config-options |
34 | | - for this setting will send / not send to author without considering |
35 | | - the nosy list. (Ralf) |
| 7 | +- issue2550782: Added a new irker detector to send notifications on IRC |
| 8 | + when an issue is created or messages are added. (Ezio Melotti) |
| 9 | +- Beta version of responsive templates using devel schema |
| 10 | + and Twitter Bootstrap for styling (Pradip Caulagi) |
| 11 | +- pywin32 is not longer required to run on Windows (anatoly techtonik) |
| 12 | +- Rewritten portalocker.py logic in ctypes for Windows (anatoly techtonik) |
| 13 | +- Add an interface to register clearCache callbacks in roundupdb. |
| 14 | + Sometimes complicated computations may require an application cache. |
| 15 | + This application can now register a callback to clear the application |
| 16 | + cache, because roundup knows better when to clear it (usually when a |
| 17 | + transaction ends, either with rollback or with commit). The interface |
| 18 | + for this is currently considered experimental. The current interface |
| 19 | + is registerClearCacheCallback(self, method, param) where method is |
| 20 | + called with param as the only parameter. (Ralf Schlatterbeck) |
| 21 | +- Add a script to remove file-spam from a tracker, see |
| 22 | + scripts/spam-remover. (Ralf Schlatterbeck) |
36 | 23 |
|
37 | 24 | Fixed: |
38 | 25 |
|
39 | | -- issue2550730: FAQ has broken link to Zope book. Reported and fixed by |
40 | | - John Rouillard.(Bernhard) |
41 | | -- issue2550728: remove buggy parentheses in TAL/DummyEngine.py. |
42 | | - Reported and fixed by Ralf Hemmecke. (Bernhard) |
43 | | -- issue2550715: IndexError when requesting non-existing file via http. |
44 | | - Reported and fixed by Cedric Krier. (Bernhard) |
45 | | -- issue2550712: exportcsvaction errors poorly when given invalid columns. |
46 | | - Reported by Will Kahn-Greene, fixed by Cedric Krier. (Bernhard) |
47 | | -- issue2550695: 'No sort or group' settings not retained when editing queries. |
48 | | - Reported and fixed by John Kristensen. Tested by Satchidanand Haridas. |
49 | | - (Bernhard) |
50 | | -- Fix matching of incoming email addresses to the alternate_addresses |
51 | | - field of a user -- this would match substrings, e.g. if the user has |
52 | | - [email protected] as an alternate email and an incoming mail |
53 | | - is addressed to [email protected] this would (wrongly) match. (Ralf) |
54 | | -- issue2550729: Fix password history display for anydbm backend, thanks |
55 | | - to Ralf Hemmecke for reporting. (Ralf) |
56 | | -- OpenPGP support is again working (pyme API has changed significantly) and |
57 | | - we now have a regression test. We now take care that bounce-messages |
58 | | - for incoming encrypted mails or mails where the policy dictates that |
59 | | - outgoing traffic should be encrypted is actually OpenPGP encrypted. (Ralf) |
60 | | -- Ignore confirm set() fields by themselves in the absence of non-"confirm" |
61 | | - values; otherwise a bare confirm field can be used to change the a |
62 | | - password. Reported by Cam Blackwood. (Ralf) |
63 | | -- Updated version of simplified Chinese message file by Cheer Xiao: |
64 | | - Corrected some mistakes, added a few more items and did some |
65 | | - formating. (Ralf) |
66 | | -- Fix xmlrpc URL parsing so that passwords may contain a ':' character |
67 | | - (Ralf) |
68 | | -- Be more tolerant when parsing RFC2047 encoded mail headers. Use |
69 | | - backported version of my proposed changes to |
70 | | - email.header.decode_header in http://bugs.python.org/issue1079 |
71 | | - (Ralf) |
72 | | -- issue2550684 Fix XSS vulnerability when username contains HTML code, |
73 | | - thanks to Thomas Arendsen Hein for reporting and patch. (Ralf) |
74 | | -- issue2550711 Fix XSS vulnerability in @action parameter, |
75 | | - thanks to "om" for reporting. (Ralf) |
76 | | -- issue2550535 In some cases even when keep_quoted_text=yes is |
77 | | - configured we would strip quoted sections. This hit the python |
78 | | - bug-tracker especially for python interpreter examples with leading |
79 | | - '>>>' strings. The fix is slightly different compared to the proposal |
80 | | - as this broke keep_quoted_text=no in certain cases. We also fix a bug |
81 | | - where keep_quoted_text=no would drop the last line of a non-quoted |
82 | | - section if there wasn't an empty line between the next quotes. (Ralf) |
83 | | -- issue2431638 wrong registration link in bounce mail for non-registered |
84 | | - users reported *years* ago by anonymous (Ralf) |
85 | | -- Fix doc/upgrading.txt which produces errors with latest docutils about |
86 | | - wrong block structure. Fix .gitignore in doc directory. Thanks to |
87 | | - Cheer Xiao for the patches. (Ralf) |
88 | | -- Fix wrong execute permissions on some files, thanks to Cheer Xiao for |
89 | | - the patch. (Ralf) |
90 | | -- Fix override of TemplatingUtils in instance.py, thanks to Cheer Xiao |
91 | | - for the patch. (Ralf) |
92 | | -- Fix another XSS with the "otk" parameter, thanks to Jesse Ruderman for |
93 | | - reporting. (Ralf) |
94 | | -- Mark cookies HttpOnly and -- if https is used -- secure. Fixes |
95 | | - issue2550689, but is untested if this really works in browsers. |
96 | | - Thanks to Joseph Myers for reporting. (Ralf) |
97 | | -- Fix another XSS with the ok- and error message, see issue2550724. We |
98 | | - solve this differently from the proposals in the bug-report by not |
99 | | - allowing *any* html-tags in ok/error messages anymore. Thanks to |
100 | | - David Benjamin for the bug-report and to Ezio Melotti for several |
101 | | - proposed fixes. (Ralf) |
| 26 | +- issue2550765: Don't show links in calendar that will fail. |
| 27 | + Found and fixed by Cedric Krier. (Bernhard) |
| 28 | +- issue2550765: use <meta name="robots" content="noindex, nofollow"> in the |
| 29 | + _generic.calendar.html to prevent robots to follow all the links in the |
| 30 | + calendar. (Ezio Melotti) |
| 31 | +- "BaseException.with_traceback" is not available on Python 2, so use |
| 32 | + "raise E, V, T" instead of "raise E(V).with_traceback(T)". This change was |
| 33 | + originally introduced in 74476eaac38a. (Ezio Melotti) |
| 34 | +- issue2550759: Trailing punctuation is no longer included when URLs are |
| 35 | + converted to links. (Ezio Melotti) |
| 36 | +- issue2550574: Restore sample detectors removed in roundup 1.4.9 |
| 37 | + (Thomas Arendsen Hein) |
| 38 | +- Prevent AttributeError when removing all roles of a user |
| 39 | + (Thomas Arendsen Hein) |
| 40 | +- issue2550762 Minor Documentation fix in doc/developers.txt, thanks |
| 41 | + to W. Trevor King. (Bernhard Reiter) |
| 42 | +- issue2550766: Minor formatting issues in the docs for date properties, |
| 43 | + thanks John Kristensen. (Bernhard Reiter) |
| 44 | +- issue2550738: Fixes for various documentation typoes, |
| 45 | + thanks Nathan Russell. (John Kristensen) |
| 46 | +- issue2550756: Fix `oder' typo in mailer.Mailer.bounce_message docstring, |
| 47 | + thanks W. Trevor King (John Kristensen) |
| 48 | +- Fix basic authentication: instatiating the login action would fail if |
| 49 | + the user is not set. We now first set the user to anonymous and then |
| 50 | + try basic authentication if enabled. (Ralf Schlatterbeck) |
| 51 | +- Fix xmlrpc permissions for lookup method: Allow if the key attribute |
| 52 | + is either searchable or viewable, don't check id attribute (Ralf |
| 53 | + Schlatterbeck) |
| 54 | +- Fix installation documentation (section Prerequisites) to require at |
| 55 | + least python 2.5, thanks to John P. Rouillard for discovering this. |
| 56 | + (committed by Ralf Schlatterbeck) |
| 57 | +- Fix version_check.py to require at least python 2.5 (anatoly techtonik) |
| 58 | +- Fixing the download button re-activating the cheeseshop plugin in the |
| 59 | + sphinx config. Thanks to Richard for the hint. (Bernhard Reiter) |
| 60 | +- issue2550783 devel template's schema.py permissions referenced the |
| 61 | + organization property for the user, but the property is called |
| 62 | + organisation. Thanks to Pradip Caulagi. (committed by John Rouillard) |
| 63 | +- issue2550749 - the xmlrpc interface is invoked on content type |
| 64 | + and not url path. Sending any text/xml data to roundup results in |
| 65 | + invoking the xml-rpc interface, but a REST or other interface could |
| 66 | + also consume xml data and do something different. So require the use |
| 67 | + of 'http(s)://.../xmlrpc' uri to trigger the xmlrpc interface. |
| 68 | + (John Rouillard) |
| 69 | +- issue2550774: Remove generating documentation with rst2html, and update the |
| 70 | + README.txt with how to create the html docs using sphinx, thanks Kai Storbeck |
| 71 | + (John Kristensen) |
| 72 | +- issue2550774: Include doc/conf.py in the release tarball, so people can build |
| 73 | + their own documentation in html, thanks Kai Storbeck (John Kristensen) |
| 74 | +- issue2550774: Update website/www/Makefile to symlink COPYING.txt so "make" |
| 75 | + works again, thanks Kai Storbeck (John Kristensen) |
| 76 | +- issue2550760: Several improvements to the manpages |
| 77 | + thanks Kai Storbeck & Bastian Kleineidam (John Kristensen) |
102 | 78 |
|
103 | 79 | If you're upgrading from an older version of Roundup you *must* follow |
104 | 80 | the "Software Upgrade" guidelines given in the maintenance documentation. |
|
0 commit comments