![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
diff --git a/CHANGES.txt b/CHANGES.txt
index e87e499f9344e5104a3b6305717164da0350c375..af4da31d8e0941fc93950cb9061b68adaef995d2 100644 (file)
--- a/CHANGES.txt
+++ b/CHANGES.txt
This file contains the changes to the Roundup system over time. The entries
-are given with the most recent entry first.
+are given with the most recent entry first. If no other name is given,
+Richard Jones did the change.
-2010-??-?? 1.4.16
+20XX-XX-XX 1.4.17 (rXXXX)
+
+Features:
+
+- Add explicit "Search" permissions, see Security Fix below.
+
+Fixed:
+
+- Some minor typos fixed in doc/customizing.txt (Thanks Ralf Hemmecke).
+- Security Fix: Add a check for search-permissions: now we allow
+ searching for properties only if the property is readable without a
+ check method or if an explicit search permission (see above unter
+ "Features) is given for the property. This fixes cases where a user
+ doesn't have access to a property but can deduce the content by
+ crafting a clever search, group or sort query.
+ see doc/upgrading.txt for how to fix your trackers!
+
+2010-10-08 1.4.16 (r4541)
Features:
title with the changed subject. Thanks to Arkadiusz Kita and Peter
Funk for requesting the feature and discussing the implementation.
http://thread.gmane.org/gmane.comp.bug-tracking.roundup.user/10169
+- new rdbms config item sqlite_timeout makes the previously hard-coded
+ timeout of 30 seconds configurable. This is the time a client waits
+ for the locked database to become free before giving up. Used only for
+ SQLite backend.
+- new mailgw config item unpack_rfc822 that unpacks message attachments
+ of type message/rfc822 and attaches the individual parts instead of
+ attaching the whole message/rfc822 attachment to the roundup issue.
Fixed:
- fixed reporting of source missing warnings
+- relevant tests made locale independent, issue2550660 (thanks
+ Benni Bärmann for reporting).
+- fix for incorrect except: syntax, issue2550661 (thanks Jakub Wilk)
+- No longer use the root logger, use a logger with prefix "roundup",
+ see http://thread.gmane.org/gmane.comp.bug-tracking.roundup.devel/5356
+- improve handling of '>' when URLs are converted to links, issue2550664
+ (thanks Ezio Melotti)
+- fixed registration, issue2550665 (thanks Timo Paulssen)
+- make sorting of multilinks in the web interface more robust, issue2550663
+- Fix charset of first text-part of outgoing multipart messages, thanks Dirk
+ Geschke for reporting, see
+ http://thread.gmane.org/gmane.comp.bug-tracking.roundup.user/10223
+- Fix handling of incoming message/rfc822 attachments. These resulted in
+ a weird mail usage error because the email module threw a TypeError
+ which roundup interprets as a Reject exception. Fixes issue2550667.
+ Added regression tests for message/rfc822 attachments with and without
+ configured unpacking (mailgw unpack_rfc822, see Features above)
+ Thanks to Benni Bärmann for reporting.
+- Allow search_popup macro to work with all db classes, issue2550567
+ (thanks John Kristensen)
+- lower memory footprint for (journal-) import
2010-07-12 1.4.15