Mercurial > p > roundup > code
comparison CHANGES.txt @ 7239:18b7d95ee08f
Log addition of CSP section for admin doc. Attribute other changes.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Thu, 30 Mar 2023 19:42:20 -0400 |
| parents | f636acd7d63c |
| children | 78c3f4aced76 |
comparison
equal
deleted
inserted
replaced
| 7238:98d7936d97a3 | 7239:18b7d95ee08f |
|---|---|
| 65 Schlatterbeck) | 65 Schlatterbeck) |
| 66 - Update some template schema files to assign Register permissions for the | 66 - Update some template schema files to assign Register permissions for the |
| 67 Anonymous user. Replaces the old Create permission. (John Rouillard) | 67 Anonymous user. Replaces the old Create permission. (John Rouillard) |
| 68 - Allow '*' and explicit origins in allowed_api_origins. Only return | 68 - Allow '*' and explicit origins in allowed_api_origins. Only return |
| 69 'Access-Control-Allow-Credentials' when not matching '*'. Fixes | 69 'Access-Control-Allow-Credentials' when not matching '*'. Fixes |
| 70 security issue with rest when using '*'. | 70 security issue with rest when using '*'. (John Rouillard) |
| 71 - issue2551263: In REST response expose rate limiting, sunset, allow | 71 - issue2551263: In REST response expose rate limiting, sunset, allow |
| 72 HTTP headers to calling javascript. | 72 HTTP headers to calling javascript. (John Rouillard) |
| 73 - issue2551257: When downloading an attached (user supplied file), | 73 - issue2551257: When downloading an attached (user supplied file), |
| 74 make sure that an 'X-Content-Type-Options: nosniff' header is sent. | 74 make sure that an 'X-Content-Type-Options: nosniff' header is sent. |
| 75 (John Rouillard) | |
| 75 - issue2551252 - default number of rounds for PKDF2 password increased | 76 - issue2551252 - default number of rounds for PKDF2 password increased |
| 76 to 2,000,000. | 77 to 2,000,000. (John Rouillard) |
| 77 - issue2551251 - migrate/re-encrypt PBKDF2 password if stored | 78 - issue2551251 - migrate/re-encrypt PBKDF2 password if stored |
| 78 password used a smaller number of rounds than set in | 79 password used a smaller number of rounds than set in |
| 79 password_pbkdf2_default_rounds. | 80 password_pbkdf2_default_rounds. (John Rouillard) |
| 80 - upgrade from jquery-3.5.1 to jquery-3.6.3. Update user.help.html | 81 - upgrade from jquery-3.5.1 to jquery-3.6.3. Update user.help.html |
| 81 to new version. | 82 to new version. (John Rouillard) |
| 82 - Dockerfile scanned with hadolint. Fixed multiple issues. | 83 - Dockerfile scanned with hadolint. Fixed multiple issues. (John Rouillard) |
| 83 | 84 |
| 84 Features: | 85 Features: |
| 85 | 86 |
| 86 - Dockerfile build allows adding additional python packages via | 87 - Dockerfile build allows adding additional python packages via |
| 87 pip, setting UID tracker is run under. (John Rouillard) | 88 pip, setting UID tracker is run under. (John Rouillard) |
| 107 command line options of the mailgw have changed, see upgrading.txt for | 108 command line options of the mailgw have changed, see upgrading.txt for |
| 108 details. (Ralf Schlatterbeck) | 109 details. (Ralf Schlatterbeck) |
| 109 - issue2551243: schema-dump.py enhanced with anti-CSRF headers. Flake8 | 110 - issue2551243: schema-dump.py enhanced with anti-CSRF headers. Flake8 |
| 110 cleanup and python2 support. (John Rouillard) | 111 cleanup and python2 support. (John Rouillard) |
| 111 - issue2551253 - new password hash PBDKF2-SHA512 added. Not available | 112 - issue2551253 - new password hash PBDKF2-SHA512 added. Not available |
| 112 by default. See issue ticket for details. | 113 by default. See issue ticket for details. (John Rouillard) |
| 113 - roundup-admin migrate command reports the schema version. | 114 - roundup-admin migrate command reports the schema version. |
| 114 - issue2551262 - the mail gateway subject prefix now allows spaces | 115 - issue2551262 - the mail gateway subject prefix now allows spaces |
| 115 before/after prefix. Also allow spaces between classname and id | 116 before/after prefix. Also allow spaces between classname and id |
| 116 number in prefix designator. So "[ issue 23 ] subject" is parsed | 117 number in prefix designator. So "[ issue 23 ] subject" is parsed |
| 117 like "[issue23] subject". | 118 like "[issue23] subject". (John Rouillard) |
| 119 - [doc]: add section on implementing CSP for Roundup to admin | |
| 120 doc. (John Rouillard) | |
| 118 | 121 |
| 119 2022-07-13 2.2.0 | 122 2022-07-13 2.2.0 |
| 120 | 123 |
| 121 Fixed: | 124 Fixed: |
| 122 | 125 |