| changeset | abf1297e7a94 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | bug(security): fix XSS exploit in devel and responsive templates Replace all occurances of: tal:content="structure context/MUMBLE/plain" with tal:content="context/MUMBLE/plain" This seems to have been an old way to handle display of a field when the user did not have edit rights. It does not occur in current (later than 2009) classic tracker templates. But probably was unsed in earlier classic templates since devel, reponsive and the roundup issue tracker templates were based on classic. Add CVE placeholder to security.txt and link to fix directions added to upgrading.txt. Add note in announcement.txt and CHANGES.txt Add a details element around the table of contents in the upgrading guide. It was getting long. Updated a missed XSS issue in the roundup tracker template. Live site is already fixed. XSS bug reported by 4bug of ChaMd5 Security Team H1 Group |
| files |
| changeset | 85aae98b8c82 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | docs: bold summary lines in update list; fix formatting issue. When scanning the document, the summary lines in the list didn't standout. Also the spacing before and after the summary line were equal. The spacing under the line should be less to tie it to the following paragraph. Not sure I like the bolded summary lines, it's a little too much emphasis. I think the css tweak works though. |
| files |
| changeset | 6ea309c6d17c |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | docs: fix registerutilMethod docs, format for highlights. |
| files |
| changeset | 2ed6fb7081c6 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | docs: augment the announcment with better description of top changes |
| files |
| changeset | 3bf6ad421347 |
|---|---|
| branch | |
| bookmark | |
| tag | 2.5.0b1 |
| user | John Rouillard <rouilj@ieee.org> |
| description | chore: update files for release 2.5.0b1. |
| files |
| changeset | 3614cd64f4c4 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | build: issue2551397: remove support for python 3.6 3.7 ci build works. Make changes to make 3.7 current minimum supported version. Also removed some references that apply only when running under 2.7. |
| files |
| changeset | 3a2762144b65 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | docs: formating/syntax changes. |
| files |
| changeset | a4cb4e75d4e9 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | final changes for 2.4.0 release |
| files |
| changeset | 28aa76443f58 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125 Directions for fixing: * `CVE-2024-39124`_ - :ref:`classhelpers (_generic.help.html) are vulnerable to an XSS attack. <CVE-2024-39124>` Requires fixing tracker homes. * `CVE-2024-39125`_ - :ref:`if Referer header is set to a script tag, it will be executed. <CVE-2024-39125>` Fixed in release 2.4.0, directions available for fixing in prior versions. * `CVE-2024-39126`_ - :ref:`PDF, XML and SVG files downloaded from an issue can contain embedded JavaScript which is executed. <CVE-2024-39126>` Fixed in release 2.4.0, directions available for fixing in prior versions. prior to 2.4.0 release this weekend that fixes the last two CVE's. |
| files |
| changeset | 2a1bfa4db6be |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | docs: update to 2.4.0 release from 2.4.0b2. |
| files |
| changeset | 301b0988a351 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | 2.4.0b2 release updates |
| files |
| changeset | 75774e89b483 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | 2.4.0b1 release commits |
| files |
| changeset | 9bd25a87bcc1 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | docs: spelling corrections. |
| files |
| changeset | a377590eba34 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | changes for 2.4.0b0 release |
| files |
| changeset | bee475ae8653 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | doc: update pip command and typo fixes |
| files |
| changeset | 0b80d1e8c803 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | doc: prep announcement.txt for 2.4.0beta1 Still have to add the classhelper web-component, but get the rest of the beta announcement ready. [skip travis] |
| files |
| changeset | a03f8f681992 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | doc: fix links: 302/302, images from lfw.org, wayback for sc Some documents result in 302 status: www.lfw.org -> lfw.org new location for IIS documentation pypi link missing trailing / All software carpentry links inline point to wayback machine. Some images used in original_overview still point to lfw. Make them point to new downloaded copies of images. |
| files |
| changeset | ed2bc951277b |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | Updates for 2.3.0 release. |
| files |
| changeset | 52f22cfcbdc1 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | update for latest change to sort method. |
| files |
| changeset | d397647d8d5a |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | Add latest fix and update number of changes. |
| files |
| changeset | ad8010b3a2e2 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | Correct minimum python 2 version, add python 2 support blurb. Also correct a directional reference on downloading Roundup. |
| files |
| changeset | d33fed8da090 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | Fix spelling mistakes in notable changes sections. |
| files |
| changeset | 51fc06fabcee |
|---|---|
| branch | |
| bookmark | |
| tag | 2.3.0b2 |
| user | John Rouillard <rouilj@ieee.org> |
| description | Changes for roundup release 2.3.0b2 I missed changing announcements.txt so the b1 release has the 2.2.0 release announcment when I uploaded to test.pipi.org. |
| files |
| changeset | 1a241b01b699 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | change roundup-tracker.org to www.roundup-tracker.org. The latter is the perferred entry point. |
| files |
| changeset | a1868fe784d0 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | Changes for release 2.2.0. |
| files |
| changeset | 0b10732e09ee |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | Fix typos, complete license declaration. |
| files |
| changeset | 397da806918e |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | format fix. |
| files |
| changeset | b56bd672ebbf |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | formatting changes |
| files |
| changeset | b3ba03d2b214 |
|---|---|
| branch | |
| bookmark | |
| tag | 2.2.0b1 |
| user | John Rouillard <rouilj@ieee.org> |
| description | 2.2.0b1 release changes |
| files |
| changeset | cbc18a8bc61f |
|---|---|
| branch | |
| bookmark | |
| tag | 2.1.0 |
| user | John Rouillard <rouilj@ieee.org> |
| description | Changes for release of version 2.1.0. Updates specified in RELEASE.txt. |
| files |
| changeset | 013a2e3da452 |
|---|---|
| branch | |
| bookmark | |
| tag | 2.1.0b1 |
| user | John Rouillard <rouilj@ieee.org> |
| description | fix rest issue hat only shows up when running check with python3 |
| files |
| changeset | 5296d27ac97c |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | Implementing RELEASE.txt 2.1.0b1 release Also spellcheck CHANGES.txt. |
| files |
| changeset | b2eb59ada444 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | Replace http:....roundup-tracker.org with https. Also fix wiki links. |
| files |
| changeset | 043a8ffd79ad |
|---|---|
| branch | |
| bookmark | |
| tag | 2.0.0 |
| user | John Rouillard <rouilj@ieee.org> |
| description | Commits for roundup 2.0 release. |
| files |
| changeset | eb9d00db0923 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | Forgot to check in changed doc files for 2.0.0beta0 |
| files |
| changeset | d7ff9cb70f34 |
|---|---|
| branch | |
| bookmark | |
| tag | 2.0.0alpha0 |
| user | John Rouillard <rouilj@ieee.org> |
| description | More release doc updates. |
| files |
| changeset | c8549ddb123d |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | Removed non-ascii character from Cedric Krier's name. |
| files |
| changeset | 0a42163ac846 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | Final doc fixes and translation extraction. |
| files |
| changeset | 573b688fffeb |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | RELEASE.txt changes checkin pre 2.0.0alpha0 |
| files |
| changeset | b68d3d8531d5 |
|---|---|
| branch | maint-1.6 |
| bookmark | |
| tag | 1.6.1 |
| user | John Rouillard <rouilj@ieee.org> |
| description | Changes to prepare for 1.6.1 release. |
| files |
| changeset | e48b039b0ec0 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | issue2550966: fix suboptimal links in docs. I think I got the majority of them. Some links still don't resolve because they are gone and there is no replacement afaict. Also the check is picking up example links like: https://.../rest and http://localhost:8017/... which should not be checked but are. |
| files |
| changeset | b11bc7c77d09 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | fix typo in display path for html doc. |
| files |
| changeset | 01dabc0483b0 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | more changes to prep for 1.6 release. replace old url's for pypi with new ones. fix restrucured text in announce.txt, fix typos. change licensing to include 2018 remove bdist_windist directions. pypi doesn't accept .exe anymore updated directions for using pypi |
| files |
| changeset | e7293df727dc |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | Working through RELEASE.txt - updates for 1.6 release. |
| files |
| changeset | a196891cf786 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | Change minimum version requirement. |
| files |
| changeset | 8853f422fb62 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | anatoly techtonik <techtonik@gmail.com> |
| description | Preparing 1.5.1 steps 4/16 4. python setup.py check failed doc/announcement.txt contains non-ascii: 'ascii' codec can't encode character u'\xe9' in position 6698: ordinal not in range(128) It was hard to find u'\xe9', because setup.py encoded text to 'utf8' before final check. After removing encoding step: doc/announcement.txt contains non-ascii: 'ascii' codec can't decode byte 0xc3 in position 6698: ordinal not in range(128) Which is fixed. Also fixed reST warning caused by |u symbol: warning: check: Inline substitution_reference start-string without end-string. (line 156) |
| files |
| changeset | cf22972fe080 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | anatoly techtonik <techtonik@gmail.com> |
| description | Preparing 1.5.1 steps 3/16 1. ./run_test.py passed [x] windows, 2.7 [x] linux, 2.7 2. Update version CHANGES.txt roundup/__init__.py 3. Update documentation doc/announcement.txt doc/upgrading.txt |
| files |
| changeset | f25a3bf59c2d |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Ralf Schlatterbeck <rsc@runtux.com> |
| description | After-release fix, the announcement unfortunately has the wrong version in the repo (but the correct one in the announcement). Sorry. |
| files |
| changeset | f61bd780892e |
|---|---|
| branch | |
| bookmark | |
| tag | 1.5.0 |
| user | Ralf Schlatterbeck <rsc@runtux.com> |
| description | Release preparation |
| files |
| changeset | 8ee41c7372e7 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | anatoly techtonik <techtonik@gmail.com> |
| description | doc: Fix some Sphinx warnings. |
| files |
| changeset | 146458fb53b3 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | anatoly techtonik <techtonik@gmail.com> |
| description | Fix typo. |
| files |
| changeset | d6e9f95cc30e |
|---|---|
| branch | |
| bookmark | |
| tag | 1.4.21 |
| user | Ralf Schlatterbeck <rsc@runtux.com> |
| description | Release preparation |
| files |
| changeset | 59de7ad827e2 |
|---|---|
| branch | |
| bookmark | |
| tag | 1.4.20 |
| user | Ralf Schlatterbeck <rsc@runtux.com> |
| description | Release preparation |
| files |
| changeset | 116113c4bb05 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | anatoly techtonik <techtonik@gmail.com> |
| description | doc/announcement.txt: Fix command to run the demo. |
| files |
| changeset | 8093356fef8c |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | anatoly techtonik <techtonik@gmail.com> |
| description | doc/announcement.txt: Provide direct link to PyPI page. |
| files |
| changeset | 32b24abfe98e |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Eric S. Raymond <esr@thyrsus.com> |
| description | Documentation polishing. |
| files |
| changeset | ce6e868187de |
|---|---|
| branch | |
| bookmark | |
| tag | 1.4.19 |
| user | Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net> |
| description | - release preparation |
| files |
| changeset | 591ebcc4e68c |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net> |
| description | - restore old announcement header for next release... |
| files |
| changeset | 431bf4e7d3d7 |
|---|---|
| branch | |
| bookmark | |
| tag | 1.4.18 |
| user | Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net> |
| description | - release preparation - upgrading docs contains script to find affected issues and how to fix these |
| files |
| changeset | 41ea7d838c82 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net> |
| description | release preparation |
| files |