X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=CHANGES.txt;h=6b66a3c2054a466e4f6985a16b8627c84cc09ca3;hb=8b8b6f5da468851e86eaf6a1920ed56a4875f257;hp=8b3164844fb293e0f02259ad3e214241bac7d48c;hpb=93d3a8efd0c1fb69612a60c9e7fbf1c19677a07f;p=roundup.git diff --git a/CHANGES.txt b/CHANGES.txt index 8b31648..6b66a3c 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,12 +1,49 @@ This file contains the changes to the Roundup system over time. The entries are given with the most recent entry first. -2009-XX-XX 1.4.XX (rXXXX) +2010-XX-XX 1.4.12 (rXXXX) + +Features: +- Support IMAP CRAM-MD5, thanks Jochen Maes + +Fixes: +- Proper handling of 'Create' permissions in both mail gateway (earlier + commit r4405 by Richard), web interface, and xmlrpc. This used to + check 'Edit' permission previously. See + http://thread.gmane.org/gmane.comp.bug-tracking.roundup.devel/5133 + Add regression tests for proper handling of 'Create' and 'Edit' + permissions. +- Fix handling of non-ascii in realname in the nosy mailer, this used to + mangle the email address making it unusable when replying. Thanks to + intevation for funding the fix. +- Fix documentation on user required to run the tests, fixes + issue2550618, thanks to Chris aka 'radioking' +- Add simple doc about translating customised tracker content +- Add "flup" setup documentation, thanks Christian Glass +- Fix "Web Access" permission check to allow serving of static files to + Anonymous again +- Add check for "Web Access" permission in all web templating permission + checks +- Improvements in upgrading documentation, thanks Christian Glass +- Display 'today' in the account user's timezone, thanks David Wolever +- Fix file handle leak in some web interfaces with logging turned on, + fixes issue1675845 +- Attempt to generate more human-readable addresses in email, fixes + issue2550632 +- Allow value to be specified to multilink form element templating, fixes + issue2550613, thanks David Wolever +- Fix thread safety with stdin in roundup-server, fixes issue2550596 + (thanks Werner Hunger) + + +2009-12-21 1.4.11 (r4413) Features: - Generic class editor may now restore retired items (thanks Ralf Hemmecke) Fixes: +- Fix security hole allowing user permission escalation (thanks Ralf + Schlatterbeck) - More SSL fixes. SSL wants the underlying socket non-blocking. So we don't call socket.setdefaulttimeout in case of SSL. This apparently never raises a WantReadError from SSL. @@ -34,6 +71,25 @@ Fixes: - Add documentation for migrating to the Register permission and fix mailgw to use Register permission, fixes issue2550599 - Fix styling of calendar to make it more usable, fixes issue2550608 +- Fix typo in email section of user guide, fixes issue2550607 +- Fix WSGI response code (thanks Peter Pöml) +- Fix linking of an existing item to a newly created item, e.g. + edit action in web template is name="issue-1@link@msg" value="msg1" + would trigger a traceback about an unbound variable. + Add new regression test for this case. May be related to (now closed) + issue1177477. Thanks to Intevation for funding the fix. +- Clean up all the places where role processing occurs. This is now in a + central place in hyperdb.Class and is used consistently throughout. + This also means now a template can override the way role processing + occurs (e.g. for elaborate permission schemes). Thanks to intevation + for funding the change. +- Fix issue2550606 (german translation bug) "an hour" is only used in + the context "in an hour" or "an hour ago" which translates to german + "in einer Stunde" or "vor einer Stunde". So "an hour" is translated + "einer Stunde" (which sounds wrong at first). Also note that date.py + already has a comment saying "XXX this is internationally broken" -- + but at least there's a workaround for german :-) Thanks to Chris + (radioking) for reporting. 2009-10-09 1.4.10 (r4374)