--- a/doc/announcement.txt	Wed Oct 23 13:41:01 2019 -0400
+++ b/doc/announcement.txt	Wed Oct 23 14:20:36 2019 -0400
@@ -1,14 +1,17 @@
-I'm proud to release version 2.0.0alpha0 of Roundup which has been
-possible due to the help of several contributors.  This release
-contains some major changes, so make sure to read `docs/upgrading.txt
-<http://www.roundup-tracker.org/dev-docs/upgrading.html>`_ to bring your
-tracker up to date. The changes, as usual, include some new features
-and many bug fixes.
+I'm proud to release version 2.0.0alpha0 of the Roundup issue tracker
+which has been possible due to the help of several contributors. This
+release contains some major changes, so make sure to read
+`docs/upgrading.txt
+<http://www.roundup-tracker.org/dev-docs/upgrading.html>`_ to bring
+your tracker up to date. The changes, as usual, include some new
+features and many bug fixes.
 
 You can download it with:
 
    pip download roundup==2.0.0alpha0
 
+then unpack and test/install the tarball.
+
 Among the notable improvements are:
 
    Roundup is multilingual and will run under either Python 3 or
@@ -26,8 +29,9 @@
    PGP encryption is now done using the gpg module and not the
    obsolete pyme library. Thanks to Christof Meerwald.
 
-   Use of mod_python is deprecated. mod_wsgi documentation has been
-   updated and is the preferred mechanism.
+   Use of mod_python is deprecated. Apache mod_wsgi documentation
+   has been updated along with gunicorn and uwsgi and is the
+   preferred mechanism.
 	
 The file CHANGES.txt has a detailed list of feature additions and bug
 fixes. The most recent changes from there are at the end of this
@@ -177,7 +181,7 @@
      collection (unpaginated). Pagination index starts at 1 not 0.
    - accept content-type application/json payload for PUT, PATCH, POST
      requests in addition to application/x-www-form-urlencoded.
-     (John Rouillard)
+  (John Rouillard)
 - issue2550833: the export_csv web action now returns labels/names
   rather than id's. Replace calls to export_csv with the export_csv_id
   action to return the same data as the old export_csv action. (Tom
@@ -197,7 +201,7 @@
   parse the subject line. (John Rouillard)
 - The database filter method now can also do an exact string search.
 - The database filter method now has limit and offset parameters that
-  map to the corresponging parameters of SQL.
+  map to the corresponding parameters of SQL.
 - issue2551061: Add rudimentary experimental support for JSON Web
   Tokens (jwt) to allow delegation of limited access rights to third
   parties. See doc/rest.txt for details and intent. (John Rouillard)
@@ -207,7 +211,13 @@
 - issue2551059: added new values for tx_Source to indicate when /rest
   or /xmlrpc endpoint is being used rather than the normal web
   endpoints. (John Rouillard)
-  
+- issue2551062: roundup-admin security now validates all properties in
+  permissions. It reports invalid properties. (John Rouillard)
+- issue2551065: Reorder html entities generated by submit button so that
+  styles can be applied. Thanks to Garth Jensen for the patch against
+  release 1.6 that was ported to upcoming 2.0 release (Ralf
+  Schlatterbeck).
+
 Fixed:
 
 - issue2550811: work around Unicode encoding issues in jinja2 template
@@ -228,12 +238,12 @@
 - issue2550992: avoid errors from invalid Authorization
   headers. (Joseph Myers)
 - issue2551022: support non-ASCII prefixes in instance config for
-  finding static files. (Cedric Krier)
+  finding static files. (Cédric Krier)
 - issue2551023: Fix CSRF headers for use with wsgi and cgi. The
   env variable array used - separators rather than _. Compare:
   HTTP_X-REQUESTED-WITH to HTTP_X_REQUESTED_WITH. The last is
   correct. Also fix roundup-server to produce the latter form. (Patch
-  by Cedric Krier, reviewed/applied John Rouillard.)
+  by Cédric Krier, reviewed/applied John Rouillard.)
 - issue2551035 - fix XSS issue in wsgi and cgi when handing url not
   found/404. Reported by hannob at
   https://github.com/python/bugs.python.org/issues/34, issue opened by
@@ -248,9 +258,9 @@
   when using the anydbm backend (John Rouillard)
 - issue2551041 - change permission check from "Create User" to "Register
   User" in page.html for the responsive and devel templates. (reporter
-  Cedric Krier, John Rouillard)
+  Cédric Krier, John Rouillard)
 - issue2550144 - fix use of undefined icing macro in devel
-  template. Replace with frame macro. (Cedric Krier)
+  template. Replace with frame macro. (Cédric Krier)
 - handle UnicodeDecodeError in file class when file contents are
   not text (e.g. jpg). (John Rouillard)
 - issue2551033: prevent reverse engineering hidden data by using etags
@@ -285,3 +295,19 @@
   options with IDs and later look up the IDs as *key* of the
   Link/Multilink. Now numeric IDs take precedence -- like they already
   do in the menu method of Link and Multilink.
+- issue2551013: Reversed sorting in hyperdb property wrapper object's
+  sorted() method. Patch by David Sowder, application and doc change
+  by John Rouillard.
+- issue2550821 - patches for depricated mod_python apache.py interface
+  (John Rouillard)
+- issue2551005 - deprecation of mod_python (John Rouillard)
+- issue2551066: IMAP mail handling wasn't working and produced a
+  traceback.
+- issue2550925 if deployed as CGI and client sends an http PROXY
+  header, the tainted HTTP_PROXY environment variable is created. It
+  can affect calls using requests package or curl. A roundup admin
+  would have to write detectors/extensions that use these mechanisms.
+  Not exploitable in default config. (John Rouillard)
+- Add config option to keep/delete previous logging config. Needed to
+  make gunicorn --access-logfile work as it uses python logfile module
+  too.