Mercurial > p > roundup > code

annotate doc/announcement.txt @ 8357:abf1297e7a94

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
bug(security): fix XSS exploit in devel and responsive templates Replace all occurances of: tal:content="structure context/MUMBLE/plain" with tal:content="context/MUMBLE/plain" This seems to have been an old way to handle display of a field when the user did not have edit rights. It does not occur in current (later than 2009) classic tracker templates. But probably was unsed in earlier classic templates since devel, reponsive and the roundup issue tracker templates were based on classic. Add CVE placeholder to security.txt and link to fix directions added to upgrading.txt. Add note in announcement.txt and CHANGES.txt Add a details element around the table of contents in the upgrading guide. It was getting long. Updated a missed XSS issue in the roundup tracker template. Live site is already fixed. XSS bug reported by 4bug of ChaMd5 Security Team H1 Group
author John Rouillard <rouilj@ieee.org>
date Tue, 08 Jul 2025 13:38:08 -0400
parents 85aae98b8c82
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
8348
2ed6fb7081c6 docs: augment the announcment with better description of top changes
John Rouillard <rouilj@ieee.org>
parents: 8328
diff changeset
1 I'm proud to release version 2.5.0 of the Roundup issue
8071
a4cb4e75d4e9 final changes for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 8062
diff changeset
2 tracker. This release is a bugfix and feature release, so
a4cb4e75d4e9 final changes for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 8062
diff changeset
3 make sure to read `docs/upgrading.txt
6782
a1868fe784d0 Changes for release 2.2.0.
John Rouillard <rouilj@ieee.org>
parents: 6736
diff changeset
4 <https://www.roundup-tracker.org/docs/upgrading.html>`_ to
a1868fe784d0 Changes for release 2.2.0.
John Rouillard <rouilj@ieee.org>
parents: 6736
diff changeset
5 bring your tracker up to date.
6456
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6442
diff changeset
6
8357
abf1297e7a94 bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents: 8353
diff changeset
7 The 42 changes, as usual, include some new features and many
6782
a1868fe784d0 Changes for release 2.2.0.
John Rouillard <rouilj@ieee.org>
parents: 6736
diff changeset
8 bug fixes.
6225
043a8ffd79ad Commits for roundup 2.0 release.
John Rouillard <rouilj@ieee.org>
parents: 6137
diff changeset
9
8348
2ed6fb7081c6 docs: augment the announcment with better description of top changes
John Rouillard <rouilj@ieee.org>
parents: 8328
diff changeset
10 Version 2.5.0 does not support Python 2. The minimum Python
2ed6fb7081c6 docs: augment the announcment with better description of top changes
John Rouillard <rouilj@ieee.org>
parents: 8328
diff changeset
11 version is 3.7.
8071
a4cb4e75d4e9 final changes for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 8062
diff changeset
12
6782
a1868fe784d0 Changes for release 2.2.0.
John Rouillard <rouilj@ieee.org>
parents: 6736
diff changeset
13 Note that you should run ``roundup-admin ... migrate`` to
a1868fe784d0 Changes for release 2.2.0.
John Rouillard <rouilj@ieee.org>
parents: 6736
diff changeset
14 update the database schema version. Do this before you use
a1868fe784d0 Changes for release 2.2.0.
John Rouillard <rouilj@ieee.org>
parents: 6736
diff changeset
15 the web, command-line or mail interface and before any users
a1868fe784d0 Changes for release 2.2.0.
John Rouillard <rouilj@ieee.org>
parents: 6736
diff changeset
16 access the tracker.
6225
043a8ffd79ad Commits for roundup 2.0 release.
John Rouillard <rouilj@ieee.org>
parents: 6137
diff changeset
17
7944
0b80d1e8c803 doc: prep announcement.txt for 2.4.0beta1
John Rouillard <rouilj@ieee.org>
parents: 7712
diff changeset
18 You can install it with::
6782
a1868fe784d0 Changes for release 2.2.0.
John Rouillard <rouilj@ieee.org>
parents: 6736
diff changeset
19
8017
2a1bfa4db6be docs: update to 2.4.0 release from 2.4.0b2.
John Rouillard <rouilj@ieee.org>
parents: 8013
diff changeset
20 pip install roundup
6782
a1868fe784d0 Changes for release 2.2.0.
John Rouillard <rouilj@ieee.org>
parents: 6736
diff changeset
21
7944
0b80d1e8c803 doc: prep announcement.txt for 2.4.0beta1
John Rouillard <rouilj@ieee.org>
parents: 7712
diff changeset
22 (preferably in a virtual environment). To download it, use::
5951
0a42163ac846 Final doc fixes and translation extraction.
John Rouillard <rouilj@ieee.org>
parents: 5949
diff changeset
23
8017
2a1bfa4db6be docs: update to 2.4.0 release from 2.4.0b2.
John Rouillard <rouilj@ieee.org>
parents: 8013
diff changeset
24 pip download roundup
7944
0b80d1e8c803 doc: prep announcement.txt for 2.4.0beta1
John Rouillard <rouilj@ieee.org>
parents: 7712
diff changeset
25
0b80d1e8c803 doc: prep announcement.txt for 2.4.0beta1
John Rouillard <rouilj@ieee.org>
parents: 7712
diff changeset
26 then unpack and test/install from the tarball.
7443
51fc06fabcee Changes for roundup release 2.3.0b2
John Rouillard <rouilj@ieee.org>
parents: 7039
diff changeset
27
8348
2ed6fb7081c6 docs: augment the announcment with better description of top changes
John Rouillard <rouilj@ieee.org>
parents: 8328
diff changeset
28 Among the significant enhancements in version 2.5.0 compared to
2ed6fb7081c6 docs: augment the announcment with better description of top changes
John Rouillard <rouilj@ieee.org>
parents: 8328
diff changeset
29 the 2.4.0 release are:
7443
51fc06fabcee Changes for roundup release 2.3.0b2
John Rouillard <rouilj@ieee.org>
parents: 7039
diff changeset
30
8357
abf1297e7a94 bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents: 8353
diff changeset
31 * **XSS vulnerability with devel and responsive templates fixed**
abf1297e7a94 bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents: 8353
diff changeset
32
abf1297e7a94 bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents: 8353
diff changeset
33 Just before release an XSS security issue with trackers based on
abf1297e7a94 bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents: 8353
diff changeset
34 the devel or responsive templates was discovered. The updating
abf1297e7a94 bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents: 8353
diff changeset
35 directions include instructions on fixing this issue with the
abf1297e7a94 bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents: 8353
diff changeset
36 html templates.
abf1297e7a94 bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents: 8353
diff changeset
37
8353
85aae98b8c82 docs: bold summary lines in update list; fix formatting issue.
John Rouillard <rouilj@ieee.org>
parents: 8352
diff changeset
38 * **The property/field advanced search expression feature has been
85aae98b8c82 docs: bold summary lines in update list; fix formatting issue.
John Rouillard <rouilj@ieee.org>
parents: 8352
diff changeset
39 enhanced and documented.**
8352
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8348
diff changeset
40
8353
85aae98b8c82 docs: bold summary lines in update list; fix formatting issue.
John Rouillard <rouilj@ieee.org>
parents: 8352
diff changeset
41 Search expressions are usually built using the
85aae98b8c82 docs: bold summary lines in update list; fix formatting issue.
John Rouillard <rouilj@ieee.org>
parents: 8352
diff changeset
42 expression editor on the search page. They can be built manually
85aae98b8c82 docs: bold summary lines in update list; fix formatting issue.
John Rouillard <rouilj@ieee.org>
parents: 8352
diff changeset
43 by modifying the search URL but the RPN search expression format
85aae98b8c82 docs: bold summary lines in update list; fix formatting issue.
John Rouillard <rouilj@ieee.org>
parents: 8352
diff changeset
44 was undocumented. Errors in expressions could return results that
85aae98b8c82 docs: bold summary lines in update list; fix formatting issue.
John Rouillard <rouilj@ieee.org>
parents: 8352
diff changeset
45 didn't match the user's intent. This release documents the RPN
85aae98b8c82 docs: bold summary lines in update list; fix formatting issue.
John Rouillard <rouilj@ieee.org>
parents: 8352
diff changeset
46 expression syntax, adds basic expression error detection, and
85aae98b8c82 docs: bold summary lines in update list; fix formatting issue.
John Rouillard <rouilj@ieee.org>
parents: 8352
diff changeset
47 improves error reporting.
8352
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8348
diff changeset
48
8353
85aae98b8c82 docs: bold summary lines in update list; fix formatting issue.
John Rouillard <rouilj@ieee.org>
parents: 8352
diff changeset
49 * **The default hash method for password storage is more secure.**
6695
b3ba03d2b214 2.2.0b1 release changes
John Rouillard <rouilj@ieee.org>
parents: 6456
diff changeset
50
8352
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8348
diff changeset
51 We use PBKDF2 with SHA512 (was SHA1). With this change you can
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8348
diff changeset
52 lower the value of password_pbkdf2_default_rounds in your
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8348
diff changeset
53 tracker's config.ini. Check the upgrading documentation for more
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8348
diff changeset
54 info. (Note this may cause longer authentication times, the
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8348
diff changeset
55 upgrade doc describes how to downgrade the hash method if required.)
8328
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
56
8353
85aae98b8c82 docs: bold summary lines in update list; fix formatting issue.
John Rouillard <rouilj@ieee.org>
parents: 8352
diff changeset
57 * **Roundup's session token is now prefixed with the magic
85aae98b8c82 docs: bold summary lines in update list; fix formatting issue.
John Rouillard <rouilj@ieee.org>
parents: 8352
diff changeset
58 ``__Secure__`` tag when using HTTPS.**
8352
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8348
diff changeset
59
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8348
diff changeset
60 This adds another layer of protection in addition to the
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8348
diff changeset
61 existing ``Secure`` property that comes with the session cookie.
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8348
diff changeset
62
8353
85aae98b8c82 docs: bold summary lines in update list; fix formatting issue.
John Rouillard <rouilj@ieee.org>
parents: 8352
diff changeset
63 * **Data authorization can be done at the database level speeding up
85aae98b8c82 docs: bold summary lines in update list; fix formatting issue.
John Rouillard <rouilj@ieee.org>
parents: 8352
diff changeset
64 display of index pages.**
7443
51fc06fabcee Changes for roundup release 2.3.0b2
John Rouillard <rouilj@ieee.org>
parents: 7039
diff changeset
65
8352
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8348
diff changeset
66 Roundup verifies the user's authorization for the data fetched
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8348
diff changeset
67 from the database after retrieving data from the database. A new
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8348
diff changeset
68 optional ``filter`` argument has been added to Permission
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8348
diff changeset
69 objects. When the administrator supplies a filter function, it
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8348
diff changeset
70 can boost performance with SQL server databases by pushing
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8348
diff changeset
71 selection criteria to the database. By offloading some
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8348
diff changeset
72 permission checks to the database, less data is retrieved from
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8348
diff changeset
73 the database. This leads to quicker display of index pages with
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8348
diff changeset
74 reduced CPU and network traffic.
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8348
diff changeset
75
8353
85aae98b8c82 docs: bold summary lines in update list; fix formatting issue.
John Rouillard <rouilj@ieee.org>
parents: 8352
diff changeset
76 * **The REST endpoint can supply binary data (images, pdf, ...) to
85aae98b8c82 docs: bold summary lines in update list; fix formatting issue.
John Rouillard <rouilj@ieee.org>
parents: 8352
diff changeset
77 its clients.**
6439
5296d27ac97c Implementing RELEASE.txt 2.1.0b1 release
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
78
8352
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8348
diff changeset
79 Requesting binary data from a REST endpoint has been a
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8348
diff changeset
80 hassle. Since JSON can't handle binary data, images (and other
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8348
diff changeset
81 binary data) need to be encoded. This makes them significantly
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8348
diff changeset
82 larger. The workaround was to use a non-REST endpoint for fetching
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8348
diff changeset
83 non-text attachments. This update lets the REST endpoint return
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8348
diff changeset
84 raw message or file content data. You can utilize the
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8348
diff changeset
85 ``binary_content`` endpoint along with an appropriate ``Accept``
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8348
diff changeset
86 header (e.g. ``image/jpeg``) in your request.
6456
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6442
diff changeset
87
8353
85aae98b8c82 docs: bold summary lines in update list; fix formatting issue.
John Rouillard <rouilj@ieee.org>
parents: 8352
diff changeset
88 * **Extract translatable strings from your tracker easily.**
8352
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8348
diff changeset
89
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8348
diff changeset
90 The ``roundup-gettext`` tool has been enhanced to extract
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8348
diff changeset
91 translatable strings from detectors and extensions. This will
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8348
diff changeset
92 simplify the process of translating your trackers.
6456
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6442
diff changeset
93
8348
2ed6fb7081c6 docs: augment the announcment with better description of top changes
John Rouillard <rouilj@ieee.org>
parents: 8328
diff changeset
94 Other miscellaneous fixes include:
2ed6fb7081c6 docs: augment the announcment with better description of top changes
John Rouillard <rouilj@ieee.org>
parents: 8328
diff changeset
95
8352
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8348
diff changeset
96 * Fix a crash bug on Windows with Python 3.13.
8348
2ed6fb7081c6 docs: augment the announcment with better description of top changes
John Rouillard <rouilj@ieee.org>
parents: 8328
diff changeset
97
8352
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8348
diff changeset
98 * Update documentation on required REST headers, along with other
8348
2ed6fb7081c6 docs: augment the announcment with better description of top changes
John Rouillard <rouilj@ieee.org>
parents: 8328
diff changeset
99 documentation updates.
7443
51fc06fabcee Changes for roundup release 2.3.0b2
John Rouillard <rouilj@ieee.org>
parents: 7039
diff changeset
100
8352
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8348
diff changeset
101 * Improve handling of an error condition generated when an invalid
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8348
diff changeset
102 REST response format is requested. For example if XML output is
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8348
diff changeset
103 requested, but dicttoxml is not installed, we now return an
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8348
diff changeset
104 error without doing any work.
6456
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6442
diff changeset
105
8352
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8348
diff changeset
106 * Fix an incorrect error report when a PUT REST request sets
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8348
diff changeset
107 the user's email address to its current value.
8348
2ed6fb7081c6 docs: augment the announcment with better description of top changes
John Rouillard <rouilj@ieee.org>
parents: 8328
diff changeset
108
8352
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8348
diff changeset
109 * Add support for the ``defusedxml`` Python module to enhance
8348
2ed6fb7081c6 docs: augment the announcment with better description of top changes
John Rouillard <rouilj@ieee.org>
parents: 8328
diff changeset
110 security when using XML.
4394
d4cd0a264098 fixed reporting of source missing warnings
Richard Jones <richard@users.sourceforge.net>
parents: 4392
diff changeset
111
8352
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8348
diff changeset
112 * Introduce the templating function:
8348
2ed6fb7081c6 docs: augment the announcment with better description of top changes
John Rouillard <rouilj@ieee.org>
parents: 8328
diff changeset
113 ``utils.set_http_response(integer)`` to set the HTTP return code
8352
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8348
diff changeset
114 directly from your template. This allows the template logic to
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8348
diff changeset
115 return a 404 or other code when the user invokes a template
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8348
diff changeset
116 incorrectly.
7443
51fc06fabcee Changes for roundup release 2.3.0b2
John Rouillard <rouilj@ieee.org>
parents: 7039
diff changeset
117
8352
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8348
diff changeset
118 * Add a new ``registerUtilMethod('name', my_function)``. which
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8348
diff changeset
119 makes it easier to define and use complex templating utilities.
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8348
diff changeset
120 It passes a default argument that allows access to the client
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8348
diff changeset
121 instance, translation functions, and other templating utility
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8348
diff changeset
122 functions. Previously you had to pass the arguments explicitly
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8348
diff changeset
123 when calling the utility from the template.
7944
0b80d1e8c803 doc: prep announcement.txt for 2.4.0beta1
John Rouillard <rouilj@ieee.org>
parents: 7712
diff changeset
124
8352
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8348
diff changeset
125 * Add the ability to generate native HTML date and
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8348
diff changeset
126 number/integer inputs. Check the upgrading document for caveats.
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8348
diff changeset
127 This feature is disabled by default.
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8348
diff changeset
128
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8348
diff changeset
129 * Re-enable support for GPG/PGP signed emails, which requires
8348
2ed6fb7081c6 docs: augment the announcment with better description of top changes
John Rouillard <rouilj@ieee.org>
parents: 8328
diff changeset
130 installation from the test PyPi repository.
2ed6fb7081c6 docs: augment the announcment with better description of top changes
John Rouillard <rouilj@ieee.org>
parents: 8328
diff changeset
131
7944
0b80d1e8c803 doc: prep announcement.txt for 2.4.0beta1
John Rouillard <rouilj@ieee.org>
parents: 7712
diff changeset
132 The file CHANGES.txt has a detailed list of feature
8071
a4cb4e75d4e9 final changes for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 8062
diff changeset
133 additions and bug fixes for each release. The most recent
a4cb4e75d4e9 final changes for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 8062
diff changeset
134 changes from there are at the end of this announcement. Also
a4cb4e75d4e9 final changes for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 8062
diff changeset
135 see the information in doc/upgrading.txt.
5335
e7293df727dc Working through RELEASE.txt - updates for 1.6 release.
John Rouillard <rouilj@ieee.org>
parents: 5333
diff changeset
136
7944
0b80d1e8c803 doc: prep announcement.txt for 2.4.0beta1
John Rouillard <rouilj@ieee.org>
parents: 7712
diff changeset
137 If you find bugs, please report them to issues AT
0b80d1e8c803 doc: prep announcement.txt for 2.4.0beta1
John Rouillard <rouilj@ieee.org>
parents: 7712
diff changeset
138 roundup-tracker.org or create an account at
0b80d1e8c803 doc: prep announcement.txt for 2.4.0beta1
John Rouillard <rouilj@ieee.org>
parents: 7712
diff changeset
139 https://issues.roundup-tracker.org and open a new ticket. If
0b80d1e8c803 doc: prep announcement.txt for 2.4.0beta1
John Rouillard <rouilj@ieee.org>
parents: 7712
diff changeset
140 you have patches to fix the issues they can be attached to
0b80d1e8c803 doc: prep announcement.txt for 2.4.0beta1
John Rouillard <rouilj@ieee.org>
parents: 7712
diff changeset
141 the email or uploaded to the tracker.
5949
573b688fffeb RELEASE.txt changes checkin pre 2.0.0alpha0
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
142
573b688fffeb RELEASE.txt changes checkin pre 2.0.0alpha0
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
143 Upgrading
573b688fffeb RELEASE.txt changes checkin pre 2.0.0alpha0
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
144 =========
3722
41feeed84caa *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 3721
diff changeset
145
7944
0b80d1e8c803 doc: prep announcement.txt for 2.4.0beta1
John Rouillard <rouilj@ieee.org>
parents: 7712
diff changeset
146 If you're upgrading from an older version of Roundup you
0b80d1e8c803 doc: prep announcement.txt for 2.4.0beta1
John Rouillard <rouilj@ieee.org>
parents: 7712
diff changeset
147 *must* follow all the "Software Upgrade" guidelines given in
0b80d1e8c803 doc: prep announcement.txt for 2.4.0beta1
John Rouillard <rouilj@ieee.org>
parents: 7712
diff changeset
148 the doc/upgrading.txt documentation.
2253
91118ac2fa7f pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents: 2219
diff changeset
149
6782
a1868fe784d0 Changes for release 2.2.0.
John Rouillard <rouilj@ieee.org>
parents: 6736
diff changeset
150 Note that you should run ``roundup-admin ... migrate`` for
a1868fe784d0 Changes for release 2.2.0.
John Rouillard <rouilj@ieee.org>
parents: 6736
diff changeset
151 all your trackers to update the database schema version. Do
a1868fe784d0 Changes for release 2.2.0.
John Rouillard <rouilj@ieee.org>
parents: 6736
diff changeset
152 this before you use the web, command-line or mail interface
a1868fe784d0 Changes for release 2.2.0.
John Rouillard <rouilj@ieee.org>
parents: 6736
diff changeset
153 and before any users access the tracker.
6439
5296d27ac97c Implementing RELEASE.txt 2.1.0b1 release
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
154
8313
3614cd64f4c4 build: issue2551397: remove support for python 3.6
John Rouillard <rouilj@ieee.org>
parents: 8072
diff changeset
155 Roundup requires Python 3 newer than or equal to version 3.7 for
3614cd64f4c4 build: issue2551397: remove support for python 3.6
John Rouillard <rouilj@ieee.org>
parents: 8072
diff changeset
156 correct operation. (Python 3.4 or 3.5, or 3.6 may work, but are not
3614cd64f4c4 build: issue2551397: remove support for python 3.6
John Rouillard <rouilj@ieee.org>
parents: 8072
diff changeset
157 tested.) Note that Roundup 2.4.0 was the last release to support
3614cd64f4c4 build: issue2551397: remove support for python 3.6
John Rouillard <rouilj@ieee.org>
parents: 8072
diff changeset
158 Python 2. You should deploy new trackers with Python 3 and plan on
3614cd64f4c4 build: issue2551397: remove support for python 3.6
John Rouillard <rouilj@ieee.org>
parents: 8072
diff changeset
159 upgrading older trackers from Python 2 to Python 3. See the upgrade
3614cd64f4c4 build: issue2551397: remove support for python 3.6
John Rouillard <rouilj@ieee.org>
parents: 8072
diff changeset
160 guide.
5949
573b688fffeb RELEASE.txt changes checkin pre 2.0.0alpha0
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
161
7944
0b80d1e8c803 doc: prep announcement.txt for 2.4.0beta1
John Rouillard <rouilj@ieee.org>
parents: 7712
diff changeset
162 To give Roundup a try, just download (directions above),
0b80d1e8c803 doc: prep announcement.txt for 2.4.0beta1
John Rouillard <rouilj@ieee.org>
parents: 7712
diff changeset
163 unpack and run::
1780
d2801a2b0a77 Initial implementation (half-baked) at new Tracker instance.
Richard Jones <richard@users.sourceforge.net>
parents: 1744
diff changeset
164
4601
116113c4bb05 doc/announcement.txt: Fix command to run the demo.
anatoly techtonik <techtonik@gmail.com>
parents: 4600
diff changeset
165 python demo.py
282
fb1b67a8fd98 Reverted a change in hyperdb...
Richard Jones <richard@users.sourceforge.net>
parents: 281
diff changeset
166
6456
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6442
diff changeset
167 then open the url printed by the demo app.
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6442
diff changeset
168
3537
d819ff1b3116 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents: 3536
diff changeset
169 Release info and download page:
7944
0b80d1e8c803 doc: prep announcement.txt for 2.4.0beta1
John Rouillard <rouilj@ieee.org>
parents: 7712
diff changeset
170
7712
a03f8f681992 doc: fix links: 302/302, images from lfw.org, wayback for sc
John Rouillard <rouilj@ieee.org>
parents: 7530
diff changeset
171 https://pypi.org/project/roundup/
7944
0b80d1e8c803 doc: prep announcement.txt for 2.4.0beta1
John Rouillard <rouilj@ieee.org>
parents: 7712
diff changeset
172
282
fb1b67a8fd98 Reverted a change in hyperdb...
Richard Jones <richard@users.sourceforge.net>
parents: 281
diff changeset
173 Source and documentation is available at the website:
7944
0b80d1e8c803 doc: prep announcement.txt for 2.4.0beta1
John Rouillard <rouilj@ieee.org>
parents: 7712
diff changeset
174
7039
1a241b01b699 change roundup-tracker.org to www.roundup-tracker.org.
John Rouillard <rouilj@ieee.org>
parents: 6782
diff changeset
175 https://www.roundup-tracker.org/
7944
0b80d1e8c803 doc: prep announcement.txt for 2.4.0beta1
John Rouillard <rouilj@ieee.org>
parents: 7712
diff changeset
176
286
2313560b8477 Initial cut at trying to handle people responding to CC'ed messages...
Richard Jones <richard@users.sourceforge.net>
parents: 283
diff changeset
177 Mailing lists - the place to ask questions:
7944
0b80d1e8c803 doc: prep announcement.txt for 2.4.0beta1
John Rouillard <rouilj@ieee.org>
parents: 7712
diff changeset
178
5756
e48b039b0ec0 issue2550966: fix suboptimal links in docs.
John Rouillard <rouilj@ieee.org>
parents: 5349
diff changeset
179 https://sourceforge.net/p/roundup/mailman/
286
2313560b8477 Initial cut at trying to handle people responding to CC'ed messages...
Richard Jones <richard@users.sourceforge.net>
parents: 283
diff changeset
180
2313560b8477 Initial cut at trying to handle people responding to CC'ed messages...
Richard Jones <richard@users.sourceforge.net>
parents: 283
diff changeset
181
282
fb1b67a8fd98 Reverted a change in hyperdb...
Richard Jones <richard@users.sourceforge.net>
parents: 281
diff changeset
182 About Roundup
fb1b67a8fd98 Reverted a change in hyperdb...
Richard Jones <richard@users.sourceforge.net>
parents: 281
diff changeset
183 =============
241
54da66e7e583 Added the release announcement text to the repo...
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
184
7944
0b80d1e8c803 doc: prep announcement.txt for 2.4.0beta1
John Rouillard <rouilj@ieee.org>
parents: 7712
diff changeset
185 Roundup is a simple-to-use and install issue-tracking system
0b80d1e8c803 doc: prep announcement.txt for 2.4.0beta1
John Rouillard <rouilj@ieee.org>
parents: 7712
diff changeset
186 with command-line, web and e-mail interfaces. It is based on
0b80d1e8c803 doc: prep announcement.txt for 2.4.0beta1
John Rouillard <rouilj@ieee.org>
parents: 7712
diff changeset
187 the winning design from Ka-Ping Yee in the Software
0b80d1e8c803 doc: prep announcement.txt for 2.4.0beta1
John Rouillard <rouilj@ieee.org>
parents: 7712
diff changeset
188 Carpentry "Track" design competition.
241
54da66e7e583 Added the release announcement text to the repo...
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
189
7944
0b80d1e8c803 doc: prep announcement.txt for 2.4.0beta1
John Rouillard <rouilj@ieee.org>
parents: 7712
diff changeset
190 Roundup manages a number of issues (with flexible properties
0b80d1e8c803 doc: prep announcement.txt for 2.4.0beta1
John Rouillard <rouilj@ieee.org>
parents: 7712
diff changeset
191 such as "description", "priority", and so on) and provides
0b80d1e8c803 doc: prep announcement.txt for 2.4.0beta1
John Rouillard <rouilj@ieee.org>
parents: 7712
diff changeset
192 the ability to:
659
e429649ed124 More documentation cleanups.
Richard Jones <richard@users.sourceforge.net>
parents: 580
diff changeset
193
e429649ed124 More documentation cleanups.
Richard Jones <richard@users.sourceforge.net>
parents: 580
diff changeset
194 (a) submit new issues,
e429649ed124 More documentation cleanups.
Richard Jones <richard@users.sourceforge.net>
parents: 580
diff changeset
195 (b) find and edit existing issues, and
e429649ed124 More documentation cleanups.
Richard Jones <richard@users.sourceforge.net>
parents: 580
diff changeset
196 (c) discuss issues with other participants.
e429649ed124 More documentation cleanups.
Richard Jones <richard@users.sourceforge.net>
parents: 580
diff changeset
197
7944
0b80d1e8c803 doc: prep announcement.txt for 2.4.0beta1
John Rouillard <rouilj@ieee.org>
parents: 7712
diff changeset
198 The system facilitates communication among the participants
0b80d1e8c803 doc: prep announcement.txt for 2.4.0beta1
John Rouillard <rouilj@ieee.org>
parents: 7712
diff changeset
199 by managing discussions and notifying interested parties
0b80d1e8c803 doc: prep announcement.txt for 2.4.0beta1
John Rouillard <rouilj@ieee.org>
parents: 7712
diff changeset
200 when issues are edited. One of the major design goals for
0b80d1e8c803 doc: prep announcement.txt for 2.4.0beta1
John Rouillard <rouilj@ieee.org>
parents: 7712
diff changeset
201 Roundup that it be simple to get going. Roundup is therefore
8313
3614cd64f4c4 build: issue2551397: remove support for python 3.6
John Rouillard <rouilj@ieee.org>
parents: 8072
diff changeset
202 usable "out of the box" with any Python 3.7+
7944
0b80d1e8c803 doc: prep announcement.txt for 2.4.0beta1
John Rouillard <rouilj@ieee.org>
parents: 7712
diff changeset
203 installation. It doesn't even need to be "installed" to be
0b80d1e8c803 doc: prep announcement.txt for 2.4.0beta1
John Rouillard <rouilj@ieee.org>
parents: 7712
diff changeset
204 operational, though an install script is provided.
241
54da66e7e583 Added the release announcement text to the repo...
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
205
6456
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6442
diff changeset
206 It comes with five basic issue tracker templates
1102
d94bd5369456 first cut at 0.5 announcement
Richard Jones <richard@users.sourceforge.net>
parents: 797
diff changeset
207
5337
01dabc0483b0 more changes to prep for 1.6 release.
John Rouillard <rouilj@ieee.org>
parents: 5335
diff changeset
208 * a classic bug/feature tracker
01dabc0483b0 more changes to prep for 1.6 release.
John Rouillard <rouilj@ieee.org>
parents: 5335
diff changeset
209 * a more extensive devel tracker for bug/features etc.
01dabc0483b0 more changes to prep for 1.6 release.
John Rouillard <rouilj@ieee.org>
parents: 5335
diff changeset
210 * a responsive version of the devel tracker
5949
573b688fffeb RELEASE.txt changes checkin pre 2.0.0alpha0
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
211 * a jinja2 version of the devel template (work in progress)
573b688fffeb RELEASE.txt changes checkin pre 2.0.0alpha0
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
212 * a minimal skeleton
573b688fffeb RELEASE.txt changes checkin pre 2.0.0alpha0
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
213
7944
0b80d1e8c803 doc: prep announcement.txt for 2.4.0beta1
John Rouillard <rouilj@ieee.org>
parents: 7712
diff changeset
214 and supports four database back-ends (anydbm, sqlite, mysql
0b80d1e8c803 doc: prep announcement.txt for 2.4.0beta1
John Rouillard <rouilj@ieee.org>
parents: 7712
diff changeset
215 and postgresql).
5949
573b688fffeb RELEASE.txt changes checkin pre 2.0.0alpha0
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
216
573b688fffeb RELEASE.txt changes checkin pre 2.0.0alpha0
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
217 Recent Changes
573b688fffeb RELEASE.txt changes checkin pre 2.0.0alpha0
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
218 ==============
573b688fffeb RELEASE.txt changes checkin pre 2.0.0alpha0
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
219
8328
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
220 From 2.4.0 to 2.5.0
6439
5296d27ac97c Implementing RELEASE.txt 2.1.0b1 release
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
221
8071
a4cb4e75d4e9 final changes for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 8062
diff changeset
222 Fixed:
a4cb4e75d4e9 final changes for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 8062
diff changeset
223
8328
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
224 - issue2551343 - Remove support for PySQLite. It is unmaintained
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
225 and sqlite3 is used which is the default for a Python
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
226 distribution. (John Rouillard)
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
227 - replace use of os.listdir with os.scandir. Performance
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
228 improvement. Using with Python 2 requires 'pip install
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
229 scandir'. (John Rouillard)
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
230 - issue2551131 - Return accept-patch if patch body not accepted
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
231 (415 code). Accept-Patch returned with acceptable values. (John
8071
a4cb4e75d4e9 final changes for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 8062
diff changeset
232 Rouillard)
8328
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
233 - issue2551074 - In "responsive" template: click on hide comment leads
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
234 to a red error msg. (Report by Ludwig Reiter; fix John Rouillard)
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
235 - issue2550698 - added documentation on filtering using RPN property
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
236 expressions. (John Rouillard)
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
237 - issue2551372 - Better document necessary headers for REST and fix
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
238 logging to log missing Origin header (Ralf Schlatterbeck with
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
239 suggestions on documentation by John Rouillard)
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
240 - issue2551289 - Invalid REST Accept header with post/put performs
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
241 change before returning 406. Error before making any changes to the
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
242 db if we can't respond with requested format. (John Rouillard)
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
243 - issue2551356 - Add etag header when If-Modified-Since GET request
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
244 returns not-modified (304). Breaking change to function signature
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
245 for client.py-Client::_serve_file(). (John Rouillard)
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
246 - issue2551381 - roundup-server parses URI's with multiple '?"
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
247 incorrectly. (John Rouillard)
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
248 - issue2551382 - invalid @verbose, @page_* values in rest uri's
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
249 generate 409 not 400 error. (John Rouillard)
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
250 - fix issues with rest doc and use of PUT on a property item. Response
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
251 is similar to use of PUT on the item, not a GET on the
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
252 item. Discovered while fuzz testing. (John Rouillard)
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
253 - issue2551383 - Setting same address via REST PUT command results in
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
254 an error. Now the userauditor does not trigger an error if a user
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
255 sets the primary address to the existing value. (John Rouillard)
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
256 - issue2551253 - Modify password PBKDF2 method to use SHA512. The
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
257 default password hashing algorithm has been upgraded to
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
258 PBKDF2-SHA512 from PBKDF2-SHA1. The default pbkdf2 rounds in the
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
259 config file has been changed to 250000. The admin should change it
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
260 manually if it is at 2 million. PBKDF2-SHA512 (PBKDF2S5) has been
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
261 available since release 2.3, but it required a manual step to make
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
262 it the default. (John Rouillard)
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
263 - fixed a crash with roundup-admin perftest password when rounds not set
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
264 on command line. (John Rouillard)
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
265 - issue2551374 - Add error handling for filter expressions. Filter
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
266 expression errors are now reported. (John Rouillard)
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
267 - issue2551384: Modify flow in client.py's REST handler to verify
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
268 authorization earlier. The validation order for REST requests
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
269 has been changed. Checking user authorization to use the REST
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
270 interface is done before validating the Origin header. As a
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
271 result, incorrectly formatted CORS preflight requests
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
272 (e.g. missing Origin header) can now return HTTP status 403 as
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
273 well as status 400. (John Rouillard)
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
274 - issue2551387 - TypeError: not indexable. Fix crash due to
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
275 uninitialized list element on a (Mini)FieldStorage when unexpected
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
276 input is posted via wsgi. (Reported and debugged by Christof
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
277 Meerwald; fix John Rouillard)
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
278 - close http socket and send a 408 status when a timeout exception
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
279 is handed in roundup-server. This prevents another exception
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
280 caused by using a timed out socket. (John Rouillard)
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
281 - issue2551391, partial fix for issue1513369. input fields were
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
282 not getting id's assigned. Fixed automatic id assignment to
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
283 input fields. Thinko in the code. (John Rouillard)
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
284 - issue1895197 - translated help texts in admin.py not displayed
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
285 correctly. (Initial patch tobias-herp, John Rouillard)
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
286 - issue2551238 - roundup-server should exit with error if -d
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
287 <pidfile> is used without -l <logfile>. Added code to report
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
288 the issue. Added issue with relative paths for log file whn
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
289 using -L and -d with roundup-server. (John Rouillard)
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
290 - Allow the specification of a "form" parameter for Date fields to make
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
291 the popup calendar work when the enclosing form has a name different
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
292 from "itemSynopsis". (Ralf Schlatterbeck)
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
293 - issue2551376: Fix tracebacks in item templates (Ralf Schlatterbeck)
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
294 - issue2551396: Use of os.path.stat.ST_MTIME in python 3.13 crashes
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
295 roundup on windows. Replaced with equivalent stat.ST_MTIME. (Randy
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
296 on IRC, fix: John Rouillard and R. David Murray (bitdancer))
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
297 - issue2551323: remove functions used for XHTML template
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
298 support. XHTML was deprecated in Roundup 2.3.0 and an invalid value
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
299 in 2.4.0. (John Rouillard)
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
300 - issue2551406: 'Templating Error: too many values to unpack' crash
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
301 fixed. (reported by and patch Christof Meerwald, commit/test John
8071
a4cb4e75d4e9 final changes for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 8062
diff changeset
302 Rouillard)
8328
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
303 - fix potential HTTP Response Splitting issue in
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
304 roundup-server. Discovered by CodeQL in CI. (John Rouillard)
8071
a4cb4e75d4e9 final changes for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 8062
diff changeset
305
a4cb4e75d4e9 final changes for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 8062
diff changeset
306 Features:
a4cb4e75d4e9 final changes for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 8062
diff changeset
307
8328
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
308 - issue2551287 - Enhance roundup_gettext.py to extract strings from
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
309 detectors/extensions. If the polib module is available,
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
310 roundup-gettext will extract translatable strings from the tracker's
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
311 Python code. If polib is missing, it will print a warning. (Patch
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
312 Marcus Priesch, cleanup to remove python 2 issues, John Rouillard.)
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
313 - issue2551315 - Document use of
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
314 RestfulInstance.max_response_row_size to limit data returned
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
315 from rest request. (John Rouillard)
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
316 - issue2551330 - Add an optional 'filter' function to the Permission
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
317 objects and the addPermission method. This is used to optimize search
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
318 performance by not checking items returned from a database query
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
319 one-by-one (using the check function) but instead offload the
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
320 permission checks to the database. For SQL backends this performs the
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
321 filtering in the database. (Ralf Schlatterbeck)
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
322 - issue2551370 - mark roundup session cookie with __Secure-
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
323 prefix. (John Rouillard)
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
324 - add -P flag to roundup-server to log client address from
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
325 X-Forwarded-For reverse proxy header rather than connecting
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
326 address. This logs the actual client address when
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
327 roundup-server is run behind a reverse proxy. It also appends a
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
328 + sign to the logged address/name. (John Rouillard)
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
329 - issue2551068 - Provide way to retrieve file/msg data via rest
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
330 endpoint. Raw file/msg data can be retrieved using the
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
331 /binary_content attribute and an Accept header to select the mime
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
332 type for the data (e.g. image/png for a png file). The existing html
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
333 interface method still works and is supported, but is legacy. (John
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
334 Rouillard)
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
335 - added fuzz testing for some code. Found issue2551382 and
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
336 others. (John Rouillard)
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
337 - issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
338 Added support for defusedxml to better secure the xmlrpc
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
339 endpoint. (John Rouillard)
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
340 - Added new instance.registerUtilMethod() method to make using complex
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
341 templating easier as it provides a default Client instance to the
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
342 templating method. (John Rouillard)
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
343 - Added new templating utils.set_http_response(integer) method to
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
344 allow reporting an error to the user from a template. (John
8071
a4cb4e75d4e9 final changes for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 8062
diff changeset
345 Rouillard)
8328
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
346 - issue2551390 - Replace text input/calendar popup with native
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
347 date input. Also add double-click and exit keyboard handlers to
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
348 allow copy/paste/editing the text version of the date. Configurable
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
349 via the use_browser_date_input setting in the [web] section of
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
350 config.ini. By default browser native dates are turned off.
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
351 (John Rouillard, Ralf Schlatterbeck)
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
352 - Use native number type input for Number() and Integer()
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
353 properties. Integer() uses step=1 as well. Configurable via the
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
354 use_browser_number_input setting in the [web] section of config.ini.
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
355 Set off by default. See
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
356 https://issues.roundup-tracker.org/issue2551398 for discussion of
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
357 issues with native number inputs. (John Rouillard, Ralf
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
358 Schlatterbeck)
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
359 - issue2551231 - template.py-HTMLClass::classhelp doesn't merge
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
360 user defined classes. It now merges them in. (John Rouillard)
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
361 - re-enable support for GPG/PGP encrypted emails using new python gpg
3bf6ad421347 chore: update files for release 2.5.0b1.
John Rouillard <rouilj@ieee.org>
parents: 8313
diff changeset
362 package on the test pypi instance. (Paul Schwabauer)
Roundup Issue Tracker: http://roundup-tracker.org/