|
1 | | -I'm proud to release version 1.4.11 of Roundup which fixes a number bugs |
2 | | -and closes a potential security hole. |
3 | | - |
4 | | -ALL tracker maintainers MUST read the upgrading documentation to make sure |
5 | | -the hole is fixed in their tracker. |
6 | | - |
7 | | -Other changes in this release: |
8 | | - |
9 | | -- Generic class editor may now restore retired items (thanks Ralf Hemmecke) |
10 | | -- Fix security hole allowing user permission escalation (thanks Ralf |
11 | | - Schlatterbeck) |
12 | | -- More SSL fixes. SSL wants the underlying socket non-blocking. So we |
13 | | - don't call socket.setdefaulttimeout in case of SSL. This apparently |
14 | | - never raises a WantReadError from SSL. |
15 | | - This also fixes a case where a WantReadError is raised and apparently |
16 | | - the bytes already read are dropped (seems the WantReadError is really |
17 | | - an error, not just an indication to retry). |
18 | | -- Correct initial- and end-handshakes for SSL |
19 | | -- Update FAQ to mention infinite redirects with pathological settings of |
20 | | - the tracker->web variable. Closes issue2537286, thanks to "stuidge" |
21 | | - for reporting. |
22 | | -- Fix some format errors in italian translation file |
23 | | -- Some bugs issue classifiers were causing database lookup errors |
24 | | -- Fix security-problem: If user hasn't permission on a message (notably |
25 | | - files and content properties) and is on the nosy list, the content was |
26 | | - sent via email. We now check that user has permission on the message |
27 | | - content and files properties. Thanks to Intevation for funding this |
28 | | - fix. |
29 | | -- Fix traceback on .../msgN/ url, this requests the file content and for |
30 | | - apache mod_wsgi produced a traceback because the mime type is None for |
31 | | - messages, fixes issue2550586, thanks to Thomas Arendsen Hein for |
32 | | - reporting and to Intevation for funding the fix. |
33 | | -- Handle OPTIONS http request method in wsgi handler, fixes issue2550587. |
34 | | - Thanks to Thomas Arendsen Hein for reporting and to Intevation for |
35 | | - funding the fix. |
36 | | -- Add documentation for migrating to the Register permission and |
37 | | - fix mailgw to use Register permission, fixes issue2550599 |
38 | | -- Fix styling of calendar to make it more usable, fixes issue2550608 |
39 | | -- Fix typo in email section of user guide, fixes issue2550607 |
40 | | -- Fix WSGI response code (thanks Peter Pöml) |
41 | | -- Fix linking of an existing item to a newly created item, e.g. |
42 | | - edit action in web template is name="issue-1@link@msg" value="msg1" |
43 | | - would trigger a traceback about an unbound variable. |
44 | | - Add new regression test for this case. May be related to (now closed) |
45 | | - issue1177477. Thanks to Intevation for funding the fix. |
46 | | -- Clean up all the places where role processing occurs. This is now in a |
47 | | - central place in hyperdb.Class and is used consistently throughout. |
48 | | - This also means now a template can override the way role processing |
49 | | - occurs (e.g. for elaborate permission schemes). Thanks to intevation |
50 | | - for funding the change. |
51 | | -- Fix issue2550606 (german translation bug) "an hour" is only used in |
52 | | - the context "in an hour" or "an hour ago" which translates to german |
53 | | - "in einer Stunde" or "vor einer Stunde". So "an hour" is translated |
54 | | - "einer Stunde" (which sounds wrong at first). Also note that date.py |
55 | | - already has a comment saying "XXX this is internationally broken" -- |
56 | | - but at least there's a workaround for german :-) Thanks to Chris |
57 | | - (radioking) for reporting. |
| 1 | +I'm proud to release version 1.4.12 of Roundup which fixes a number bugs. |
58 | 2 |
|
59 | 3 | If you're upgrading from an older version of Roundup you *must* follow |
60 | 4 | the "Software Upgrade" guidelines given in the maintenance documentation. |
61 | 5 |
|
| 6 | +This release includes: |
| 7 | + |
| 8 | +- Support IMAP CRAM-MD5, thanks Jochen Maes |
| 9 | +- Proper handling of 'Create' permissions in both mail gateway (earlier |
| 10 | + commit r4405 by Richard), web interface, and xmlrpc. This used to |
| 11 | + check 'Edit' permission previously. See |
| 12 | + http://thread.gmane.org/gmane.comp.bug-tracking.roundup.devel/5133 |
| 13 | + Add regression tests for proper handling of 'Create' and 'Edit' |
| 14 | + permissions. |
| 15 | +- Fix handling of non-ascii in realname in the nosy mailer, this used to |
| 16 | + mangle the email address making it unusable when replying. Thanks to |
| 17 | + intevation for funding the fix. |
| 18 | +- Fix documentation on user required to run the tests, fixes |
| 19 | + issue2550618, thanks to Chris aka 'radioking' |
| 20 | +- Add simple doc about translating customised tracker content |
| 21 | +- Add "flup" setup documentation, thanks Christian Glass |
| 22 | +- Fix "Web Access" permission check to allow serving of static files to |
| 23 | + Anonymous again |
| 24 | +- Add check for "Web Access" permission in all web templating permission |
| 25 | + checks |
| 26 | +- Improvements in upgrading documentation, thanks Christian Glass |
| 27 | +- Display 'today' in the account user's timezone, thanks David Wolever |
| 28 | +- Fix file handle leak in some web interfaces with logging turned on, |
| 29 | + fixes issue1675845 |
| 30 | +- Attempt to generate more human-readable addresses in email, fixes |
| 31 | + issue2550632 |
| 32 | +- Allow value to be specified to multilink form element templating, fixes |
| 33 | + issue2550613, thanks David Wolever |
| 34 | +- Fix thread safety with stdin in roundup-server, fixes issue2550596 |
| 35 | + (thanks Werner Hunger) |
| 36 | + |
62 | 37 | Roundup requires python 2.3 or later (but not 3+) for correct operation. |
63 | 38 |
|
64 | 39 | To give Roundup a try, just download (see below), unpack and run:: |
|
0 commit comments