|
1 | | -I'm proud to release version 1.4.17 of Roundup which introduces some |
2 | | -minor features and, as usual, fixes some bugs: |
| 1 | +This is the announcement of version 1.4.18 of Roundup, a Bug-Fix Release |
| 2 | +for a critical bug in roundups mail gateway. |
| 3 | +The bug will lead to files being unlinked from issues when mails without |
| 4 | +attachment are received for an existing issue. See the "Software |
| 5 | +Upgrade" guidelines in doc/announcement.txt (or the html version) for a |
| 6 | +script you can run to find out potentially affected issues and how to |
| 7 | +fix this. As usual some minor features and some bug fixes: |
3 | 8 |
|
4 | 9 | Features: |
5 | 10 |
|
6 | | -- Allow declaration of default_values for properties in schema. |
7 | | -- Add explicit "Search" permissions, see Security Fix below. |
8 | | -- Add "lookup" method to xmlrpc interface (Ralf Schlatterbeck) |
9 | | -- Multilinks can be filtered by combining elements with AND, OR and NOT |
10 | | - operators now. A javascript gui was added for "keywords", see issue2550648. |
11 | | - Developed by Sascha Teichmann; funded by Intevation. (Bernhard Reiter) |
12 | | -- Factor MailGW message parsing into a separate class, thanks to John |
13 | | - Kristensen who did the major work in issue2550576 -- I wouldn't |
14 | | - have attempted it without this. Fixes issue2550576. (Ralf) |
15 | | -- Now if the -C option to roundup-mailgw specifies "issue" this refers |
16 | | - to an issue-like class. The real class is determined from the |
17 | | - configured default class, or the -c option to the mailgw, or the class |
18 | | - resulting from mail subject parsing. We also accept multiple -S |
19 | | - options for the same class now. (Ralf) |
20 | | -- Optimisation: Late evaluation of Multilinks (only in rdbms backends): |
21 | | - previously we materialized each multilink in a Node -- this creates an |
22 | | - SQL query for each multilink (e.g. 'files' and 'messages' for each |
23 | | - line in the issue index display) -- even if the multilinks aren't |
24 | | - displayed. Now we compute multilinks only if they're accessed (and |
25 | | - keep them cached). |
26 | | -- Add a filter_iter similar to the existing filter call. This feature is |
27 | | - considered experimental. This is currently not used in the |
28 | | - web-interface but passes all tests for the filter call except sorting |
29 | | - by Multilinks (which isn't supported by SQL and isn't a sane concept |
30 | | - anyway). When using filter_iter instead of filter this saves a *lot* |
31 | | - of SQL queries: Filter returns only the IDs of Nodes in the database, |
32 | | - the additional content of a Node has to be fetched in a separate SQL |
33 | | - call. The new filter_iter also returns the IDs of Nodes (one by one, |
34 | | - it's an iterator) but pre-seeds the cache with the content of the |
35 | | - Node. The information needed for seeding the cache is retrieved in the |
36 | | - same SQL query as the ids. |
| 11 | +- Norwegian Bokmal translation by Christian Aastorp |
| 12 | +- Allow to specify additional cc and bcc emails (not roundup users) for |
| 13 | + nosymessage used by the nosyreaction reactor. (Ralf) |
37 | 14 |
|
38 | 15 | Fixed: |
39 | 16 |
|
40 | | -- Security Fix: Add a check for search-permissions: now we allow |
41 | | - searching for properties only if the property is readable without a |
42 | | - check method or if an explicit search permission (see above unter |
43 | | - "Features) is given for the property. This fixes cases where a user |
44 | | - doesn't have access to a property but can deduce the content by |
45 | | - crafting a clever search, group or sort query. |
46 | | - see doc/upgrading.txt for how to fix your trackers! (Ralf Schlatterbeck). |
47 | | -- Range support in roundup-server so large files can be served, |
48 | | - e.g. media files on iOS/iPads; issue2550694. (Bernhard Reiter; |
49 | | - Thanks to Jon C. Thomason for the patch.) |
50 | | -- Fix search for xapian 1.2 issue2550676 |
51 | | - (Bernhard Reiter; Thanks to Olly Betts for providing the patch.) |
52 | | -- Some minor typos fixed in doc/customizing.txt (Thanks Ralf Hemmecke). |
53 | | -- XML-RPC documentation now linked from the docs/index (Bernhard Reiter). |
54 | | -- Fix setting of sys.path when importing schema.py, fixes issue2550675, |
55 | | - thanks to Bryce L Nordgren for reporting. (Ralf Schlatterbeck) |
56 | | -- clear the cache on commit for rdbms backends: Don't carry over cached |
57 | | - values from one transaction to the next (there may be other changes |
58 | | - from other transactions) see new ConcurrentDBTest for a |
59 | | - read-modify-update cycle that fails with the old caching behavior. |
60 | | - (Ralf Schlatterbeck) |
61 | | -- Fix incorrect setting of template in customizing.txt example action, |
62 | | - patch via issue2550682 (thanks John Kristensen) |
63 | | -- Configuration issue: On some postgresql 8.4 installations (notably on |
64 | | - debian squeeze) the default template database used for database |
65 | | - creation doesn't match the needed character encoding UTF8 -- a new |
66 | | - config option 'template' in the rdbms section now allows specification |
67 | | - of the template. You know you need this option if you get the error |
68 | | - message: |
69 | | - psycopg2.DataError: new encoding (UTF8) is incompatible with the |
70 | | - encoding of the template database (SQL_ASCII) |
71 | | - HINT: Use the same encoding as in the template database, or use |
72 | | - template0 as template. |
73 | | - (Ralf Schlatterbeck) |
74 | | -- Fixed bug in mailgw refactoring, patch issue2550697 (thanks Hubert |
75 | | - Touvet) |
76 | | -- Fix Password handling security issue2550688 (thanks Joseph Myers for |
77 | | - reporting and Eli Collins for fixing) -- this fixes all observations |
78 | | - by Joseph Myers except for auto-migration of existing passwords. |
79 | | -- Add new config-option 'migrate_passwords' in section 'web' to |
80 | | - auto-migrate passwords at web-login time. Default for the new option |
81 | | - is "yes" so if you don't want that passwords are auto-migrated to a |
82 | | - more secure password scheme on user login, set this to "no" before |
83 | | - running your tracker(s) after the upgrade. |
84 | | -- Add new config-option 'password_pbkdf2_default_rounds' in 'main' |
85 | | - section to configure the default parameter for new password |
86 | | - generation. Set this to a higher value on faster systems which want |
87 | | - more security. Thanks to Eli Collins for implementing this (see |
88 | | - issue2550688). |
89 | | -- Fix documentation for roundup-server about the 'host' parameter as |
90 | | - suggested in issue2550693, fixes the first part of this issue. Make |
91 | | - 'localhost' the new default for this parameter, note the upgrading |
92 | | - documentation of changed behaviour. We also deprecate the empty host |
93 | | - parameter for binding to all interfaces now (still left in for |
94 | | - compatibility). Thanks to Toni Mueller for providing the first version |
95 | | - of this patch and discussing implementations. |
96 | | -- Fixed bug in filter_iter refactoring (lazy multilinks), in rare cases |
97 | | - this would result in duplicate multilinks to the same node. We're now |
98 | | - going the safe route and doing lazy evaluation only for read-only |
99 | | - access, whenever updates are done we fetch everything. |
| 17 | +- Fix file-unlink bug in mailgw (Ralfs oversight when refactoring the mail |
| 18 | + gateway code) -- if a message is sent that contains no attachments, |
| 19 | + all previous files of the issue are unlinked, thanks to Rafal |
| 20 | + Bisingier for reporting and proposing a fix. |
| 21 | + I've now added a regression test that catches this issue. |
100 | 22 |
|
101 | 23 | If you're upgrading from an older version of Roundup you *must* follow |
102 | 24 | the "Software Upgrade" guidelines given in the maintenance documentation. |
|
0 commit comments