@@ -28,78 +28,100 @@ then unpack and test/install from the tarball.
2828Among the significant enhancements in version 2.5.0 compared to
2929the 2.4.0 release are:
3030
31- The property/field advanced search expression feature has been
32- enhanced. The RPN search expression format was previously
33- undocumented. Search expressions are usually built using the
34- expression editor on the search page. They can be built manually
35- by modifying the search URL. However errors in expressions could
36- return results that didn't match the user's intent. This release
37- documents the RPN expression syntax, adds expression error
38- detection, and improves error reporting.
39-
40- To boost security, Roundup updated the default hash method for
41- password storage. Now, we're using PBKDF2 with SHA512. Because of
42- this change, you should change (lower) the value of
43- password_pbkdf2_default_rounds in your tracker's config.ini. Check
44- the upgrading documentation for more info. (Note this may cause
45- longer authentication times, the upgrade doc describes how to
46- downgrade the hash method.)
47-
48- For better security, Roundup's session token is now prefixed with
49- the magic ``__Secure__`` tag when using HTTPS. This adds to the
50- existing ``Secure`` property that comes with the session cookie.
51-
52- Roundup verifies the user's authorization for the data fetched
53- from the database. A new optional ``filter`` argument has been
54- added to Permission objects. When the administrator supplies a
55- filter function, it can boosts performance with SQL server
56- databases. This function should provide selection criteria to
57- offload permission checks to the database. Consequently, less data
58- is retrieved from the database, leading to quicker display of
59- index pages with reduced CPU and network traffic.
60-
61- Requsting binary data from a REST endpoint has been a
62- hassle. Since JSON can't handle binary data, images (and other
63- binary data) need to be encoded. This makes them significantly
64- larger. The workaround was to use a non-REST endpoint for fetching
65- non-text attachments. This update lets the REST endpoint return
66- raw message or file content data. You can utilize the
67- ``binary_content`` endpoint along with an appropriate ``Accept``
68- header (e.g. ``image/jpeg``) in your request.
69-
70- The ``roundup-gettext`` tool has been enhanced to extract
71- translatable strings from detectors and extensions. This will
72- simplify the process of translating your trackers.
31+ * The property/field advanced search expression feature has been
32+ enhanced and documented/
33+
34+ Search expressions are usually built using the
35+ expression editor on the search page. They can be built manually
36+ by modifying the search URL but the RPN search expression format
37+ was undocumented. Errors in expressions could return results that
38+ didn't match the user's intent. This release documents the RPN
39+ expression syntax, adds basic expression error detection, and
40+ improves error reporting.
41+
42+ * The default hash method for password storage is more secure.
43+
44+ We use PBKDF2 with SHA512 (was SHA1). With this change you can
45+ lower the value of password_pbkdf2_default_rounds in your
46+ tracker's config.ini. Check the upgrading documentation for more
47+ info. (Note this may cause longer authentication times, the
48+ upgrade doc describes how to downgrade the hash method if required.)
49+
50+ * Roundup's session token is now prefixed with the magic
51+ ``__Secure__`` tag when using HTTPS.
52+
53+ This adds another layer of protection in addition to the
54+ existing ``Secure`` property that comes with the session cookie.
55+
56+ * Data authorization can be done at the database level speeding up
57+ display of index pages.
58+
59+ Roundup verifies the user's authorization for the data fetched
60+ from the database after retrieving data from the database. A new
61+ optional ``filter`` argument has been added to Permission
62+ objects. When the administrator supplies a filter function, it
63+ can boost performance with SQL server databases by pushing
64+ selection criteria to the database. By offloading some
65+ permission checks to the database, less data is retrieved from
66+ the database. This leads to quicker display of index pages with
67+ reduced CPU and network traffic.
68+
69+ * The REST endpoint can supply binary data (images, pdf, ...) to
70+ its clients.
71+
72+ Requesting binary data from a REST endpoint has been a
73+ hassle. Since JSON can't handle binary data, images (and other
74+ binary data) need to be encoded. This makes them significantly
75+ larger. The workaround was to use a non-REST endpoint for fetching
76+ non-text attachments. This update lets the REST endpoint return
77+ raw message or file content data. You can utilize the
78+ ``binary_content`` endpoint along with an appropriate ``Accept``
79+ header (e.g. ``image/jpeg``) in your request.
80+
81+ * Extract translatable strings from your tracker easily
82+
83+ The ``roundup-gettext`` tool has been enhanced to extract
84+ translatable strings from detectors and extensions. This will
85+ simplify the process of translating your trackers.
7386
7487Other miscellaneous fixes include:
7588
76- * Fixed a crash bug on Windows with Python 3.13.
89+ * Fix a crash bug on Windows with Python 3.13.
7790
78- * Updated documentation on required REST headers, along with other
91+ * Update documentation on required REST headers, along with other
7992 documentation updates.
8093
81- * Early detection of error conditions when we can't provide the
82- requested REST format response (like when XML is requested).
94+ * Improve handling of an error condition generated when an invalid
95+ REST response format is requested. For example if XML output is
96+ requested, but dicttoxml is not installed, we now return an
97+ error without doing any work.
8398
84- * An error is not generated if a PUT REST request sets the user's address
85- to its current value.
99+ * Fix an incorrect error report when a PUT REST request sets
100+ the user's email address to its current value.
86101
87- * Added support for the ``defusedxml`` Python module to enhance
102+ * Add support for the ``defusedxml`` Python module to enhance
88103 security when using XML.
89104
90- * Introduced a templating function:
105+ * Introduce the templating function:
91106 ``utils.set_http_response(integer)`` to set the HTTP return code
92- directly from your template.
93-
94- * Added the ability to generate native HTML date and
95- number/integer inputs. Check Upgrading for caveats, as this
96- feature is disabled by default.
97-
98- * Re-enabled support for GPG/PGP signed emails, which requires
107+ directly from your template. This allows the template logic to
108+ return a 404 or other code when the user invokes a template
109+ incorrectly.
110+
111+ * Add a new ``registerUtilMethod('name', my_function)``. which
112+ makes it easier to define and use complex templating utilities.
113+ It passes a default argument that allows access to the client
114+ instance, translation functions, and other templating utility
115+ functions. Previously you had to pass the arguments explicitly
116+ when calling the utility from the template.
117+
118+ * Add the ability to generate native HTML date and
119+ number/integer inputs. Check the upgrading document for caveats.
120+ This feature is disabled by default.
121+
122+ * Re-enable support for GPG/PGP signed emails, which requires
99123 installation from the test PyPi repository.
100124
101- * Removed XHTML support to simplify the code base.
102-
103125The file CHANGES.txt has a detailed list of feature
104126additions and bug fixes for each release. The most recent
105127changes from there are at the end of this announcement. Also
0 commit comments