X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=CHANGES.txt;h=c3819b45e0a3f4beaebcd744e86540a3d11b9717;hb=8312a4fff586cbdced37bcd2c22c4afa711121d7;hp=0b321a824549bd066482f130b6c6329322870eee;hpb=b1b80b4f971a96799a9ae3ce49508be2214e6f56;p=roundup.git diff --git a/CHANGES.txt b/CHANGES.txt index 0b321a8..c3819b4 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,13 +1,985 @@ This file contains the changes to the Roundup system over time. The entries are given with the most recent entry first. -2004-??-?? 0.7.0 +2010-XX-XX 1.4.12 (rXXXX) + +Fixes: +- Proper handling of 'Create' permissions in both mail gateway (earlier + commit r4405 by Richard), web interface, and xmlrpc. This used to + check 'Edit' permission previously. See + http://thread.gmane.org/gmane.comp.bug-tracking.roundup.devel/5133 + Add regression tests for proper handling of 'Create' and 'Edit' + permissions. +- Fix handling of non-ascii in realname in the nosy mailer, this used to + mangle the email address making it unusable when replying. Thanks to + intevation for funding the fix. +- Fix documentation on user required to run the tests, fixes + issue2550618, thanks to Chris aka 'radioking' + + +2009-12-21 1.4.11 (r4411) + +Features: +- Generic class editor may now restore retired items (thanks Ralf Hemmecke) + +Fixes: +- Fix security hole allowing user permission escalation (thanks Ralf + Schlatterbeck) +- More SSL fixes. SSL wants the underlying socket non-blocking. So we + don't call socket.setdefaulttimeout in case of SSL. This apparently + never raises a WantReadError from SSL. + This also fixes a case where a WantReadError is raised and apparently + the bytes already read are dropped (seems the WantReadError is really + an error, not just an indication to retry). +- Correct initial- and end-handshakes for SSL +- Update FAQ to mention infinite redirects with pathological settings of + the tracker->web variable. Closes issue2537286, thanks to "stuidge" + for reporting. +- Fix some format errors in italian translation file +- Some bugs issue classifiers were causing database lookup errors +- Fix security-problem: If user hasn't permission on a message (notably + files and content properties) and is on the nosy list, the content was + sent via email. We now check that user has permission on the message + content and files properties. Thanks to Intevation for funding this + fix. +- Fix traceback on .../msgN/ url, this requests the file content and for + apache mod_wsgi produced a traceback because the mime type is None for + messages, fixes issue2550586, thanks to Thomas Arendsen Hein for + reporting and to Intevation for funding the fix. +- Handle OPTIONS http request method in wsgi handler, fixes issue2550587. + Thanks to Thomas Arendsen Hein for reporting and to Intevation for + funding the fix. +- Add documentation for migrating to the Register permission and + fix mailgw to use Register permission, fixes issue2550599 +- Fix styling of calendar to make it more usable, fixes issue2550608 +- Fix typo in email section of user guide, fixes issue2550607 +- Fix WSGI response code (thanks Peter Pöml) +- Fix linking of an existing item to a newly created item, e.g. + edit action in web template is name="issue-1@link@msg" value="msg1" + would trigger a traceback about an unbound variable. + Add new regression test for this case. May be related to (now closed) + issue1177477. Thanks to Intevation for funding the fix. +- Clean up all the places where role processing occurs. This is now in a + central place in hyperdb.Class and is used consistently throughout. + This also means now a template can override the way role processing + occurs (e.g. for elaborate permission schemes). Thanks to intevation + for funding the change. +- Fix issue2550606 (german translation bug) "an hour" is only used in + the context "in an hour" or "an hour ago" which translates to german + "in einer Stunde" or "vor einer Stunde". So "an hour" is translated + "einer Stunde" (which sounds wrong at first). Also note that date.py + already has a comment saying "XXX this is internationally broken" -- + but at least there's a workaround for german :-) Thanks to Chris + (radioking) for reporting. + + +2009-10-09 1.4.10 (r4374) + +Fixes: +- Minor update of doc/developers.txt to point to the new resources + on www.roundup-tracker.org (Bernhard Reiter) +- Small CSS improvements regaring the search box (thanks Thomas Arendsen Hein) + (issue 2550589) +- Indexers behaviour made more consistent regarding length of indexed words + and stopwords (thanks Thomas Arendsen Hein, Bernhard Reiter)(issue 2550584) +- fixed typos in the installation instructions (thanks Thomas Arendsen Hein) + (issue 2550573) +- New config option csv_field_size: Pythons csv module (which is used + for export/import) has a new field size limit starting with python2.5. + We now issue a warning during export if the limit is too small and use + the csv_field_size configuration during import to set the limit for + the csv module. (Ralf Schlatterbeck) +- Small fix for CGI-handling of XMLRPC requests for python2.4, this + worked only for 2.5 and beyond due to a change in the xmlrpc interface + in python (Ralf Schlatterbeck) +- Document filter method of xmlrpc interface (Ralf Schlatterbeck) +- Fix interaction of SSL and XMLRPC, now XMLRPC works with SSL + (Ralf Schlatterbeck) + +2009-08-10 1.4.9 (r4346) + +Fixes: +- fixed action taken in response to invalid GET request +- fixed classic tracker template to submit POST requests when appropriate +- fix problems with french and german locale files (issue 2550546) +- Run each message of the mail-gateway in a separate transaction, + see http://thread.gmane.org/gmane.comp.bug-tracking.roundup.user/9500 +- fix problem with bounce-message if incoming mail has insufficient + privilege, e.g., user not existing (issue 2550534) +- fix construction of individual messages to nosy recipents with + attachments (issue 2550568) +- re-order sqlite imports to handle multiple installed versions (issue + 2550570) +- don't show entire history by default + (fixes http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=540629) +- remove use of string exception + + +2009-03-18 1.4.8 (r4209) + +Fixes: +- bug introduced into hyperdb filter (issue 2550505) +- bug introduced into CVS export and view (issue 2550529) +- bugs introduced in the migration to the email package (issue 2550531) +- handle bogus pagination values (issue 2550530) +- fix TLS handling with some SMTP servers (issues 2484879 and 1912923) + + +2009-03-13 1.4.7 (r4202) + +Features: +- Provide a "no selection" option in web interface selection widgets +- Debug logging now uses the logging module rather than print +- Allow CGI frontend to serve XMLRPC requests. +- Added XMLRPC actions, as well as bridging CGI actions to XMLRPC actions. +- Optimized large file serving via mod_python / sendfile(). +- Support resuming downloads for (large) files. + +Fixes: +- a number of security issues were discovered by Daniel Diniz +- EditCSV and ExportCSV altered to include permission checks +- HTTP POST required on actions which alter data +- HTML file uploads served as application/octet-stream +- Handle Unauthorised in file serving correctly +- New item action reject creation of new users +- Item retirement was not being controlled +- Roundup is now compatible with Python 2.6 +- Improved French and German translations +- Improve consistency of item sorting in HTML interface +- Various other small bug fixes, robustification and optimisation + + +2008-09-01 1.4.6 Fixed: -- CSV export was busted (as was any action returning a result) +- Fix bug introduced in 1.4.5 in RDBMS full-text indexing +- Make URL matching code less matchy +- Try to clarify mail_domain config setting + + +2008-08-19 1.4.5 +Feature: +- Add use of username/password stored in ~/.netrc in mailgw (sf patch + #1912105) + +Fixed: +- 'Make a Copy' failed with more than one person in nosy list (sf #1906147) +- xml-rpc security checks and tests across all backends (sf #1907211) +- Send a Precedence header in email so (well-written) autoresponders don't +- Fix mailgw total failure bounce message generation (thanks Bradley Dean) +- Fix for postgres 8.3 compatibility (and bug) (sf patch #2030479 and bug + #1959261) +- Fix for translations (sf patch #2032526) +- Fire reactors after file storage is all done (sf patch #2001243) +- Allow negative ids other than -1 for item generation (sf patch #1982481) +- Better German translation for retiring users (sf #1998701) +- More improvements to German translation (sf #1919446) +- Add filter() to XML-RPC interface (sf patch #1966456) +- Fix IndexError when there are no messages to an issue (sf patch #1894249) +- Prevent broken pipe errors in csv export (sf patch #1911449) +- New session API and cleanup thanks anatoly t. +- Make WSGI handler threadsafe (sf #1968027) +- Improved URL matching RE (sf #2038858) +- Allow binary file content submission via XML-RPC (sf #1995623) +- Don't run old code on newer database (sf #1979556) +- Fix HTML injection into page title +- Fix indexer handling of indexed Link properties (sf #1936876) + + +2008-03-01 1.4.4 +Fixed: +- Security fixes (thanks Roland Meister) + + +2008-02-27 1.4.3 +Fixed: +- MySQL backend bug introduced in 1.4.2 (TEXT columns need a size when + being indexed) + + +2008-02-08 1.4.2 +Feature: +- New config option in mail section: ignore_alternatives allows to + ignore alternatives besides the text/plain part used for the content + of a message in multipart/alternative attachments. +- Admin copy of error email from mailgw includes traceback (thanks Ulrik + Mikaelsson) +- Messages created through the web are now given an in-reply-to header + when email out to nosy (thanks Martin v. Löwis) +- Nosy messages now include more information about issues (all link + properties with a "name" attribute) (thanks Martin v. Löwis) + +Fixed: +- Searching date range by supplying just a date as the filter spec +- Handle no time.tzset under Windows (sf #1825643) +- Fix race condition in file storage transaction commit (sf #1883580) +- Make user utils JS work with firstname/lastname again (sf #1868323) +- Fix ZRoundup to work with Zope 2.8.5 (sf #1806125) +- Fix race condition for key properties in rdbms backends (sf #1876683) +- Handle Reject in mailgw final set/create (sf #1826425) + + +2007-11-09 1.4.1 +Fixed: +- Removed some metakit references + + +2007-11-04 1.4.0 +Feature: +- Roundup has a new xmlrpc frontend that gives access to a tracker using + XMLRPC. +- Dates can now be in the year-range 1-9999 +- The metakit backend has been removed +- Add simple anti-spam recipe to docs +- Allow customisation of regular expressions used in email parsing, thanks + Bruno Damour +- Italian translation by Marco Ghidinelli +- Multilinks take any iterable +- config option: specify port and local hostname for SMTP connections +- Tracker index templating (i.e. when roundup_server is serving multiple + trackers) (sf bug 1058020) +- config option: Limit nosy attachments based on size (Philipp Gortan) +- roundup_server supports SSL via pyopenssl +- templatable 404 not found messages (sf bug 1403287) +- Unauthorized email includes a link to the registration page for + the tracker +- config options: control whether author info/email is included in email + sent by roundup +- support for receiving OpenPGP MIME messages (signed or encrypted) + +Fixed: +- Handling of unset Link search in RDBMS backend +- Journal export of anydbm didn't correctly export previously empty values +- Fix handling of defaults for date fields +- Fix