Mercurial > p > roundup > code

comparison website/www/index.txt @ 8373:0f2e86085a79

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
doc: update to reflect changes 2.4.0 -> 2.5.0. did have 2.3.0 -> 2.4.0.
author John Rouillard <rouilj@ieee.org>
date Fri, 11 Jul 2025 22:28:57 -0400
parents a4cb4e75d4e9
children 93f9d8622111
comparison
equal deleted inserted replaced
8372:0c63629bf8f0 8373:0f2e86085a79
30 height="18" width="127"> 30 height="18" width="127">
31 </a> 31 </a>
32 32
33 <!-- supported python versions: <img src="https://shields.io/pypi/pyversions/roundup"> --> 33 <!-- supported python versions: <img src="https://shields.io/pypi/pyversions/roundup"> -->
34 <!-- license: <img src="https://img.shields.io/pypi/l/roundup"> --> 34 <!-- license: <img src="https://img.shields.io/pypi/l/roundup"> -->
35 <!-- changes since 2.4.0 <img src="https://img.shields.io/github/commits-since/roundup-tracker/roundup/2.4.0/master?sort=semver"> --> 35 <!-- changes since 2.5.0 <img src="https://img.shields.io/github/commits-since/roundup-tracker/roundup/2.5.0/master?sort=semver"> -->
36 <!-- status beta, stable, mature.... <img src="https://img.shields.io/pypi/status/roundup"> --> 36 <!-- status beta, stable, mature.... <img src="https://img.shields.io/pypi/status/roundup"> -->
37 <!-- mozilla observatory <img src="https://img.shields.io/mozilla-observatory/grade/www.roundup-tracker.org?publish"> --> 37 <!-- mozilla observatory <img src="https://img.shields.io/mozilla-observatory/grade/www.roundup-tracker.org?publish"> -->
38 <!-- commits from last named release: <img alt="GitHub commits difference between two branches/tags/commits" src="https://img.shields.io/github/commits-difference/roundup-tracker/roundup?base=2.4.0&head=master">a --> 38 <!-- commits from last named release: <img alt="GitHub commits difference between two branches/tags/commits" src="https://img.shields.io/github/commits-difference/roundup-tracker/roundup?base=2.5.0&head=master">a -->
39 <!-- newest tag by date - use for alpha/beta release notifications? 39 <!-- newest tag by date - use for alpha/beta release notifications?
40 <img alt="GitHub tag (latest by date)" src="https://img.shields.io/github/v/tag/roundup-tracker/roundup"> --> 40 <img alt="GitHub tag (latest by date)" src="https://img.shields.io/github/v/tag/roundup-tracker/roundup"> -->
41 41
42 <!-- downloads/month --> 42 <!-- downloads/month -->
43 <a style="display:block; margin-block-start: 0.5em;" 43 <a style="display:block; margin-block-start: 0.5em;"
77 in the Software Carpentry “Track” design competition. 77 in the Software Carpentry “Track” design competition.
78 78
79 Roundup is highly customizable, allowing users to tailor the system to 79 Roundup is highly customizable, allowing users to tailor the system to
80 their specific needs and preferences. 80 their specific needs and preferences.
81 81
82 The latest stable version of Roundup is 2.4.0, which includes bug 82 The latest stable version of Roundup is 2.5.0, which includes bug
83 fixes and additional features compared to the previous 2.3.0 release. 83 fixes and additional features compared to the previous 2.4.0 release.
84 84
85 Roundup is compatible with Python 2.7.12+ or 3.6+. 85 Roundup is compatible with Python 3.7+.
86 86
87 .. admonition:: Python 2 Support 87 .. admonition:: Python 2 Support
88 88
89 Python 2 support ends with release 2.4.0 (July 2024). 89 Python 2 support ends with release 2.4.0 (July 2024).
90 Several Continuous Integration (CI) services are 90 Several Continuous Integration (CI) services are
94 <docs/upgrading.html#python-3-support-info>`_ 94 <docs/upgrading.html#python-3-support-info>`_
95 95
96 Release Highlights 96 Release Highlights
97 ================== 97 ==================
98 98
99 Some improvements from the 2.3.0 release are: 99 Some improvements from the 2.4.0 release are:
100 100
101 * three CVE's have been fixed. One requires changes to your 101 * **XSS vulnerability with devel and responsive templates fixed**
102 tracker's home directory. The other two are fixed by 102
103 installing 2.4.0. See 103 Just before release an XSS security issue with trackers based on
104 https://www.roundup-tracker.org/docs/security.html for 104 the devel or responsive templates was discovered. The `updating
105 details and instructions on how to fix these in 2.4.0 and 105 directions`_ include instructions on fixing this issue with the
106 earlier releases. 106 html templates from earlier releases. (CVE-2025-53865)
107 107
108 * new classhelper component thanks to a team of students 108 .. _`updating directions`: docs/upgrading.html#cve-2025-53865
109 from CS682 at U-Mass Boston. This fixes many issues with 109
110 the old classhelper. It is implemented as a web-component 110 * **The property/field advanced search expression feature has been
111 and needs REST interface access. It will fall back to the 111 enhanced and documented.**
112 classic classhelper if REST is not available or if the 112
113 browser does not support web-components. 113 Search expressions are usually built using the
114 114 expression editor on the search page. They can be built manually
115 * fix Windows Python installation using pip. It used to go 115 by modifying the search URL but the RPN search expression format
116 into an infinite loop during install or download. Also fix 116 was undocumented. Errors in expressions could return results that
117 installation of shared files (templates) so roundup-admin 117 didn't match the user's intent. This release documents the RPN
118 can find them. 118 expression syntax, adds basic expression error detection, and
119 119 improves error reporting.
120 * using ``@current_user`` as a value in a search URL for a 120
121 user property will use the current logged in user. Now you 121 * **The default hash method for password storage is more secure.**
122 can share searches like: "My issues" as "my" will become 122
123 the current logged in user. 123 We use PBKDF2 with SHA512 (was SHA1). With this change you can
124 124 lower the value of password_pbkdf2_default_rounds in your
125 * login failures to the REST/XML-RPC interfaces are now rate 125 tracker's config.ini. Check the upgrading documentation for more
126 limited to limit password guessing attacks. 126 info. (Note this may cause longer authentication times, the
127 127 upgrade doc describes how to downgrade the hash method if required.)
128 * utf8mb4 is the default charset for MySQL. This requires 128
129 migrating your database using the mysql client. You can 129 * **Roundup's session token is now prefixed with the magic
130 choose to keep the older character set in config.ini. 130 ``__Secure__`` tag when using HTTPS.**
131 131
132 * PostgreSQL services defined in pg_service.conf can be 132 This adds another layer of protection in addition to the
133 used. PostgreSQL schemas are supported to eliminate the 133 existing ``Secure`` property that comes with the session cookie.
134 need for the roundup user to have database 134
135 creation/deletion privileges. 135 * **Data authorization can be done at the database level speeding up
136 136 display of index pages.**
137 * fix out of memory issue when importing larger trackers 137
138 into PostgreSQL. 138 Roundup verifies the user's authorization for the data fetched
139 139 from the database after retrieving data from the database. A new
140 * multiple roundup-admin improvements: display protected 140 optional ``filter`` argument has been added to Permission
141 properties (like creation date), better formatting of 141 objects. When the administrator supplies a filter function, it
142 output, command history. Also on windows, pyreadline3 is 142 can boost performance with SQL server databases by pushing
143 supported to provide an editable interactive command line. 143 selection criteria to the database. By offloading some
144 144 permission checks to the database, less data is retrieved from
145 * an experimental wsgi performance improvement in 2.3.0 is 145 the database. This leads to quicker display of index pages with
146 now now the default and is opt-out. 146 reduced CPU and network traffic.
147 147
148 * new template functions: utils.readfile and 148 * **The REST endpoint can supply binary data (images, pdf, ...) to
149 utils.expandfile. Javascript that is included in the 149 its clients.**
150 Python core will be moved to external files and be able to 150
151 have values from Roundup substituted in the Javascript. 151 Requesting binary data from a REST endpoint has been a
152 152 hassle. Since JSON can't handle binary data, images (and other
153 * allow content-type of a template to be set from inside the 153 binary data) need to be encoded. This makes them significantly
154 template. This allows returning json or xml from a 154 larger. The workaround was to use a non-REST endpoint for fetching
155 template without a .json or .xml extention. 155 non-text attachments. This update lets the REST endpoint return
156 156 raw message or file content data. You can utilize the
157 * fix import/export on windows to use Unix style line 157 ``binary_content`` endpoint along with an appropriate ``Accept``
158 endings fixing export/import on Windows and making exports 158 header (e.g. ``image/jpeg``) in your request.
159 portable across platforms. 159
160 160 * **Extract translatable strings from your tracker easily.**
161 More info on the 79 changes can be found in the `change notes`_. 161
162 The ``roundup-gettext`` tool has been enhanced to extract
163 translatable strings from detectors and extensions. This will
164 simplify the process of translating your trackers.
165
166 More info on the 42 changes can be found in the `change notes`_.
162 167
163 Roundup Use Cases 168 Roundup Use Cases
164 ================= 169 =================
165 170
166 For more information on Roundup see the :doc:`features list 171 For more information on Roundup see the :doc:`features list
Roundup Issue Tracker: http://roundup-tracker.org/