Mercurial > p > roundup > code
annotate doc/announcement.txt @ 4625:59de7ad827e2 1.4.20
Release preparation
| author | Ralf Schlatterbeck <rsc@runtux.com> |
|---|---|
| date | Tue, 15 May 2012 12:38:36 +0200 |
| parents | 116113c4bb05 |
| children | d6e9f95cc30e |
| rev | line source |
|---|---|
| 4625 | 1 I'm proud to release version 1.4.20 of Roundup which can be seen as a |
| 2 security release. We've fixed several security issues, in particular | |
| 3 some XSS issues. We've also dropped support for python 2.4 with this | |
| 4 release. This release also introduces some minor features and, as usual, | |
| 5 fixes some bugs: | |
|
4432
1fd51bdf6054
pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents:
4394
diff
changeset
|
6 |
|
1fd51bdf6054
pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents:
4394
diff
changeset
|
7 Features: |
|
1fd51bdf6054
pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents:
4394
diff
changeset
|
8 |
| 4625 | 9 - Experimental support for the new Chameleon templating engine. |
| 10 We now have two configurable templating engines, the old Zope TAL | |
| 11 templates (called zopetal in the config) and the new Chameleon (called | |
| 12 chameleon in the config). A new config-option "template_engine" under | |
| 13 [main] can take these config-options, the default is zopetal. | |
| 14 Thanks to Cheer Xiao for the idea of making this configurable *and* | |
| 15 for the actual implementation! (Ralf) | |
| 16 WARNING: Chameleon support is highly experimental and *not* recommended for | |
| 17 production use. It has known performance issues and i18n is not yet | |
| 18 functioning. It's still under active development. Only use this feature if | |
| 19 you want to experiment with Chameleon and/or help with Roundup | |
| 20 developement. If you found a bug in Chameleon support, please report after | |
| 21 testing against latest Roundup source from the Mercurial repository. | |
| 22 - issue2550678: Allow pagesize=-1 which returns all results. | |
| 23 Suggested and implemented by John Kristensen. | |
| 24 Tested by Satchidanand Haridas. (Bernhard) | |
| 25 - Allow to turn off translation of generated html options in menu method | |
| 26 of LinkHTMLProperty and MultilinkHTMLProperty -- default is | |
| 27 translation as it used to be (Ralf) | |
| 28 - Sending of OpenPGP encrypted mail to all users or selected users (via | |
| 29 roles) is now working. (Ralf) | |
| 30 - Add config-option "nosy" to messages_to_author setting in [nosy] | |
| 31 section of config: This will send a message to the author only | |
| 32 in the case where the author is on the nosy-list (either added | |
| 33 earlier or via the add_author setting). Current config-options | |
| 34 for this setting will send / not send to author without considering | |
| 35 the nosy list. (Ralf) | |
|
4357
13b3155869e0
Beginnings of a big code cleanup / modernisation to make 2to3 happy
Richard Jones <richard@users.sourceforge.net>
parents:
4351
diff
changeset
|
36 |
|
4382
bddc72753d91
pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents:
4357
diff
changeset
|
37 Fixed: |
|
4394
d4cd0a264098
fixed reporting of source missing warnings
Richard Jones <richard@users.sourceforge.net>
parents:
4392
diff
changeset
|
38 |
| 4625 | 39 - issue2550730: FAQ has broken link to Zope book. Reported and fixed by |
| 40 John Rouillard.(Bernhard) | |
| 41 - issue2550728: remove buggy parentheses in TAL/DummyEngine.py. | |
| 42 Reported and fixed by Ralf Hemmecke. (Bernhard) | |
| 43 - issue2550715: IndexError when requesting non-existing file via http. | |
| 44 Reported and fixed by Cedric Krier. (Bernhard) | |
| 45 - issue2550712: exportcsvaction errors poorly when given invalid columns. | |
| 46 Reported by Will Kahn-Greene, fixed by Cedric Krier. (Bernhard) | |
| 47 - issue2550695: 'No sort or group' settings not retained when editing queries. | |
| 48 Reported and fixed by John Kristensen. Tested by Satchidanand Haridas. | |
| 49 (Bernhard) | |
| 50 - Fix matching of incoming email addresses to the alternate_addresses | |
| 51 field of a user -- this would match substrings, e.g. if the user has | |
| 52 discuss-support@example.com as an alternate email and an incoming mail | |
| 53 is addressed to support@example.com this would (wrongly) match. (Ralf) | |
| 54 - issue2550729: Fix password history display for anydbm backend, thanks | |
| 55 to Ralf Hemmecke for reporting. (Ralf) | |
| 56 - OpenPGP support is again working (pyme API has changed significantly) and | |
| 57 we now have a regression test. We now take care that bounce-messages | |
| 58 for incoming encrypted mails or mails where the policy dictates that | |
| 59 outgoing traffic should be encrypted is actually OpenPGP encrypted. (Ralf) | |
| 60 - Ignore confirm set() fields by themselves in the absence of non-"confirm" | |
| 61 values; otherwise a bare confirm field can be used to change the a | |
| 62 password. Reported by Cam Blackwood. (Ralf) | |
| 63 - Updated version of simplified Chinese message file by Cheer Xiao: | |
| 64 Corrected some mistakes, added a few more items and did some | |
| 65 formating. (Ralf) | |
| 66 - Fix xmlrpc URL parsing so that passwords may contain a ':' character | |
|
4526
ce6e868187de
- release preparation
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4500
diff
changeset
|
67 (Ralf) |
| 4625 | 68 - Be more tolerant when parsing RFC2047 encoded mail headers. Use |
| 69 backported version of my proposed changes to | |
| 70 email.header.decode_header in http://bugs.python.org/issue1079 | |
| 71 (Ralf) | |
| 72 - issue2550684 Fix XSS vulnerability when username contains HTML code, | |
| 73 thanks to Thomas Arendsen Hein for reporting and patch. (Ralf) | |
| 74 - issue2550711 Fix XSS vulnerability in @action parameter, | |
| 75 thanks to "om" for reporting. (Ralf) | |
| 76 - issue2550535 In some cases even when keep_quoted_text=yes is | |
| 77 configured we would strip quoted sections. This hit the python | |
| 78 bug-tracker especially for python interpreter examples with leading | |
| 79 '>>>' strings. The fix is slightly different compared to the proposal | |
| 80 as this broke keep_quoted_text=no in certain cases. We also fix a bug | |
| 81 where keep_quoted_text=no would drop the last line of a non-quoted | |
| 82 section if there wasn't an empty line between the next quotes. (Ralf) | |
| 83 - issue2431638 wrong registration link in bounce mail for non-registered | |
| 84 users reported *years* ago by anonymous (Ralf) | |
| 85 - Fix doc/upgrading.txt which produces errors with latest docutils about | |
| 86 wrong block structure. Fix .gitignore in doc directory. Thanks to | |
| 87 Cheer Xiao for the patches. (Ralf) | |
| 88 - Fix wrong execute permissions on some files, thanks to Cheer Xiao for | |
| 89 the patch. (Ralf) | |
| 90 - Fix override of TemplatingUtils in instance.py, thanks to Cheer Xiao | |
| 91 for the patch. (Ralf) | |
| 92 - Fix another XSS with the "otk" parameter, thanks to Jesse Ruderman for | |
| 93 reporting. (Ralf) | |
| 94 - Mark cookies HttpOnly and -- if https is used -- secure. Fixes | |
| 95 issue2550689, but is untested if this really works in browsers. | |
| 96 Thanks to Joseph Myers for reporting. (Ralf) | |
| 97 - Fix another XSS with the ok- and error message, see issue2550724. We | |
| 98 solve this differently from the proposals in the bug-report by not | |
| 99 allowing *any* html-tags in ok/error messages anymore. Thanks to | |
| 100 David Benjamin for the bug-report and to Ezio Melotti for several | |
| 101 proposed fixes. (Ralf) | |
|
3722
41feeed84caa
*** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
3721
diff
changeset
|
102 |
|
2253
91118ac2fa7f
pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents:
2219
diff
changeset
|
103 If you're upgrading from an older version of Roundup you *must* follow |
|
91118ac2fa7f
pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents:
2219
diff
changeset
|
104 the "Software Upgrade" guidelines given in the maintenance documentation. |
|
91118ac2fa7f
pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents:
2219
diff
changeset
|
105 |
| 4625 | 106 Roundup requires python 2.5 or later (but not 3+) for correct operation. |
|
1291
bf8b2380adb3
added CGI :remove:<propname> and :add:<propname>...
Richard Jones <richard@users.sourceforge.net>
parents:
1286
diff
changeset
|
107 |
|
1780
d2801a2b0a77
Initial implementation (half-baked) at new Tracker instance.
Richard Jones <richard@users.sourceforge.net>
parents:
1744
diff
changeset
|
108 To give Roundup a try, just download (see below), unpack and run:: |
|
d2801a2b0a77
Initial implementation (half-baked) at new Tracker instance.
Richard Jones <richard@users.sourceforge.net>
parents:
1744
diff
changeset
|
109 |
|
4601
116113c4bb05
doc/announcement.txt: Fix command to run the demo.
anatoly techtonik <techtonik@gmail.com>
parents:
4600
diff
changeset
|
110 python demo.py |
|
282
fb1b67a8fd98
Reverted a change in hyperdb...
Richard Jones <richard@users.sourceforge.net>
parents:
281
diff
changeset
|
111 |
|
3537
d819ff1b3116
*** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
3536
diff
changeset
|
112 Release info and download page: |
|
4600
8093356fef8c
doc/announcement.txt: Provide direct link to PyPI page.
anatoly techtonik <techtonik@gmail.com>
parents:
4567
diff
changeset
|
113 http://pypi.python.org/pypi/roundup |
|
282
fb1b67a8fd98
Reverted a change in hyperdb...
Richard Jones <richard@users.sourceforge.net>
parents:
281
diff
changeset
|
114 Source and documentation is available at the website: |
|
4436
528ace81fd16
fix URL in announcement; fix handling of unicode in announcement
Richard Jones <richard@users.sourceforge.net>
parents:
4432
diff
changeset
|
115 http://roundup-tracker.org/ |
|
286
2313560b8477
Initial cut at trying to handle people responding to CC'ed messages...
Richard Jones <richard@users.sourceforge.net>
parents:
283
diff
changeset
|
116 Mailing lists - the place to ask questions: |
|
320
61c42790c3f1
Bugfix in filter "widget" placement, thanks Roch'e
Richard Jones <richard@users.sourceforge.net>
parents:
316
diff
changeset
|
117 http://sourceforge.net/mail/?group_id=31577 |
|
286
2313560b8477
Initial cut at trying to handle people responding to CC'ed messages...
Richard Jones <richard@users.sourceforge.net>
parents:
283
diff
changeset
|
118 |
|
2313560b8477
Initial cut at trying to handle people responding to CC'ed messages...
Richard Jones <richard@users.sourceforge.net>
parents:
283
diff
changeset
|
119 |
|
282
fb1b67a8fd98
Reverted a change in hyperdb...
Richard Jones <richard@users.sourceforge.net>
parents:
281
diff
changeset
|
120 About Roundup |
|
fb1b67a8fd98
Reverted a change in hyperdb...
Richard Jones <richard@users.sourceforge.net>
parents:
281
diff
changeset
|
121 ============= |
|
241
54da66e7e583
Added the release announcement text to the repo...
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
122 |
|
2030
3f6e27e9b063
tweaks to make un-quoted-printable-aware readers bitch and moan to me less
Richard Jones <richard@users.sourceforge.net>
parents:
1780
diff
changeset
|
123 Roundup is a simple-to-use and -install issue-tracking system with |
|
3f6e27e9b063
tweaks to make un-quoted-printable-aware readers bitch and moan to me less
Richard Jones <richard@users.sourceforge.net>
parents:
1780
diff
changeset
|
124 command-line, web and e-mail interfaces. It is based on the winning design |
|
241
54da66e7e583
Added the release announcement text to the repo...
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
125 from Ka-Ping Yee in the Software Carpentry "Track" design competition. |
|
54da66e7e583
Added the release announcement text to the repo...
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
126 |
|
2030
3f6e27e9b063
tweaks to make un-quoted-printable-aware readers bitch and moan to me less
Richard Jones <richard@users.sourceforge.net>
parents:
1780
diff
changeset
|
127 Note: Ping is not responsible for this project. The contact for this |
|
3f6e27e9b063
tweaks to make un-quoted-printable-aware readers bitch and moan to me less
Richard Jones <richard@users.sourceforge.net>
parents:
1780
diff
changeset
|
128 project is richard@users.sourceforge.net. |
|
241
54da66e7e583
Added the release announcement text to the repo...
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
129 |
|
2030
3f6e27e9b063
tweaks to make un-quoted-printable-aware readers bitch and moan to me less
Richard Jones <richard@users.sourceforge.net>
parents:
1780
diff
changeset
|
130 Roundup manages a number of issues (with flexible properties such as |
|
659
e429649ed124
More documentation cleanups.
Richard Jones <richard@users.sourceforge.net>
parents:
580
diff
changeset
|
131 "description", "priority", and so on) and provides the ability to: |
|
e429649ed124
More documentation cleanups.
Richard Jones <richard@users.sourceforge.net>
parents:
580
diff
changeset
|
132 |
|
e429649ed124
More documentation cleanups.
Richard Jones <richard@users.sourceforge.net>
parents:
580
diff
changeset
|
133 (a) submit new issues, |
|
e429649ed124
More documentation cleanups.
Richard Jones <richard@users.sourceforge.net>
parents:
580
diff
changeset
|
134 (b) find and edit existing issues, and |
|
e429649ed124
More documentation cleanups.
Richard Jones <richard@users.sourceforge.net>
parents:
580
diff
changeset
|
135 (c) discuss issues with other participants. |
|
e429649ed124
More documentation cleanups.
Richard Jones <richard@users.sourceforge.net>
parents:
580
diff
changeset
|
136 |
|
241
54da66e7e583
Added the release announcement text to the repo...
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
137 The system will facilitate communication among the participants by managing |
|
54da66e7e583
Added the release announcement text to the repo...
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
138 discussions and notifying interested parties when issues are edited. One of |
|
54da66e7e583
Added the release announcement text to the repo...
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
139 the major design goals for Roundup that it be simple to get going. Roundup |
| 4625 | 140 is therefore usable "out of the box" with any python 2.5+ (but not 3+) |
|
4226
d0a3ac73b4c1
clarify python version
Richard Jones <richard@users.sourceforge.net>
parents:
4117
diff
changeset
|
141 installation. It doesn't even need to be "installed" to be operational, |
|
d0a3ac73b4c1
clarify python version
Richard Jones <richard@users.sourceforge.net>
parents:
4117
diff
changeset
|
142 though an install script is provided. |
|
241
54da66e7e583
Added the release announcement text to the repo...
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
143 |
|
1102
d94bd5369456
first cut at 0.5 announcement
Richard Jones <richard@users.sourceforge.net>
parents:
797
diff
changeset
|
144 It comes with two issue tracker templates (a classic bug/feature tracker and |
| 3943 | 145 a minimal skeleton) and four database back-ends (anydbm, sqlite, mysql |
| 146 and postgresql). | |
|
1102
d94bd5369456
first cut at 0.5 announcement
Richard Jones <richard@users.sourceforge.net>
parents:
797
diff
changeset
|
147 |