X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=CHANGES.txt;h=af4da31d8e0941fc93950cb9061b68adaef995d2;hb=bdcb21234cae9e506c37cbe90bc52803d5cc7c4e;hp=9a681fdc385f75d95f8f768816e3ff0baa127723;hpb=1a4f875e04401f7c3dbb100126cfe2626017bfec;p=roundup.git diff --git a/CHANGES.txt b/CHANGES.txt index 9a681fd..af4da31 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,11 +1,67 @@ This file contains the changes to the Roundup system over time. The entries -are given with the most recent entry first. +are given with the most recent entry first. If no other name is given, +Richard Jones did the change. -2010-??-?? 1.4.16 +20XX-XX-XX 1.4.17 (rXXXX) + +Features: + +- Add explicit "Search" permissions, see Security Fix below. + +Fixed: + +- Some minor typos fixed in doc/customizing.txt (Thanks Ralf Hemmecke). +- Security Fix: Add a check for search-permissions: now we allow + searching for properties only if the property is readable without a + check method or if an explicit search permission (see above unter + "Features) is given for the property. This fixes cases where a user + doesn't have access to a property but can deduce the content by + crafting a clever search, group or sort query. + see doc/upgrading.txt for how to fix your trackers! + +2010-10-08 1.4.16 (r4541) + +Features: + +- allow trackers to override the classes used to render properties in + templating per issue2550659 (thanks Ezio Melotti) +- new mailgw configuration item "subject_updates_title": If set to "no" + a changed subject in a reply to an issue will not update the issue + title with the changed subject. Thanks to Arkadiusz Kita and Peter + Funk for requesting the feature and discussing the implementation. + http://thread.gmane.org/gmane.comp.bug-tracking.roundup.user/10169 +- new rdbms config item sqlite_timeout makes the previously hard-coded + timeout of 30 seconds configurable. This is the time a client waits + for the locked database to become free before giving up. Used only for + SQLite backend. +- new mailgw config item unpack_rfc822 that unpacks message attachments + of type message/rfc822 and attaches the individual parts instead of + attaching the whole message/rfc822 attachment to the roundup issue. Fixed: - fixed reporting of source missing warnings +- relevant tests made locale independent, issue2550660 (thanks + Benni Bärmann for reporting). +- fix for incorrect except: syntax, issue2550661 (thanks Jakub Wilk) +- No longer use the root logger, use a logger with prefix "roundup", + see http://thread.gmane.org/gmane.comp.bug-tracking.roundup.devel/5356 +- improve handling of '>' when URLs are converted to links, issue2550664 + (thanks Ezio Melotti) +- fixed registration, issue2550665 (thanks Timo Paulssen) +- make sorting of multilinks in the web interface more robust, issue2550663 +- Fix charset of first text-part of outgoing multipart messages, thanks Dirk + Geschke for reporting, see + http://thread.gmane.org/gmane.comp.bug-tracking.roundup.user/10223 +- Fix handling of incoming message/rfc822 attachments. These resulted in + a weird mail usage error because the email module threw a TypeError + which roundup interprets as a Reject exception. Fixes issue2550667. + Added regression tests for message/rfc822 attachments with and without + configured unpacking (mailgw unpack_rfc822, see Features above) + Thanks to Benni Bärmann for reporting. +- Allow search_popup macro to work with all db classes, issue2550567 + (thanks John Kristensen) +- lower memory footprint for (journal-) import 2010-07-12 1.4.15