diff --git a/CHANGES.txt b/CHANGES.txt
index 5b945994acf96c3a51dee96226a405d1a5df85d5..21be4c998e198eb5b98454febe9def55a4990abe 100644 (file)
--- a/CHANGES.txt
+++ b/CHANGES.txt
are given with the most recent entry first. If no other name is given,
Richard Jones did the change.
-20XX-XX-XX 1.4.17 (rXXXX)
+2011-XX-XX 1.4.19 (r46XX)
+
+Fixed:
+
+- Yet another fix to the mail gateway, messages got *all* files of
+ an issue, not just the new ones. Thanks to Rafal Bisingier for
+ reporting and proposing a fix. The regression test was updated.
+ (Ralf)
+- Fix version numbers in upgrade documentation, the file-unlink defect
+ was in 1.4.17 not 1.4.16. Thanks to Rafal Bisingier.
+
+2011-05-29 1.4.18 (r4610)
+
+Features:
+
+- Norwegian Bokmal translation by Christian Aastorp
+- Allow to specify additional cc and bcc emails (not roundup users) for
+ nosymessage used by the nosyreaction reactor. (Ralf)
+
+Fixed:
+
+- File-unlink defect in mailgw fixed! If an email was received
+ that contained no attachments, all previous files of the issue were unlinked.
+ This defect was introduced with the 1.4.17 release as an unwanted result
+ of the mail gate code refactoring. Thanks to Rafal Bisingier for reporting
+ and proposing a fix. There is now a regression test in place. (Ralf)
+
+2011-05-13 1.4.17 (r4605)
Features:
+- Allow declaration of default_values for properties in schema.
- Add explicit "Search" permissions, see Security Fix below.
- Add "lookup" method to xmlrpc interface (Ralf Schlatterbeck)
- Multilinks can be filtered by combining elements with AND, OR and NOT
(Ralf Schlatterbeck)
- Fixed bug in mailgw refactoring, patch issue2550697 (thanks Hubert
Touvet)
+- Fix Password handling security issue2550688 (thanks Joseph Myers for
+ reporting and Eli Collins for fixing) -- this fixes all observations
+ by Joseph Myers except for auto-migration of existing passwords.
+- Add new config-option 'migrate_passwords' in section 'web' to
+ auto-migrate passwords at web-login time. Default for the new option
+ is "yes" so if you don't want that passwords are auto-migrated to a
+ more secure password scheme on user login, set this to "no" before
+ running your tracker(s) after the upgrade.
+- Add new config-option 'password_pbkdf2_default_rounds' in 'main'
+ section to configure the default parameter for new password
+ generation. Set this to a higher value on faster systems which want
+ more security. Thanks to Eli Collins for implementing this (see
+ issue2550688).
+- Fix documentation for roundup-server about the 'host' parameter as
+ suggested in issue2550693, fixes the first part of this issue. Make
+ 'localhost' the new default for this parameter, note the upgrading
+ documentation of changed behaviour. We also deprecate the empty host
+ parameter for binding to all interfaces now (still left in for
+ compatibility). Thanks to Toni Mueller for providing the first version
+ of this patch and discussing implementations.
+- Fixed bug in filter_iter refactoring (lazy multilinks), in rare cases
+ this would result in duplicate multilinks to the same node. We're now
+ going the safe route and doing lazy evaluation only for read-only
+ access, whenever updates are done we fetch everything.
2010-10-08 1.4.16 (r4541)