![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
diff --git a/doc/announcement.txt b/doc/announcement.txt
index e9c0646fb7d629b0646da4c3d08b4e002de826b0..52881f670aa87e8389a21b4e3de751062df7afe6 100644 (file)
--- a/doc/announcement.txt
+++ b/doc/announcement.txt
-===========================================================
-SC-Track Roundup 0.5 pre-release - an issue tracking system
-===========================================================
-
-Note: This is the final pre-release of the newest version of Roundup. It is
- strongly recommended that you maintain your existing 0.4 installation if
- you have one, and run 0.5 on a copy of the database. If you are
- upgrading from 0.4, you must read doc/upgrading.txt!
-
-Roundup requires python 2.1.1 for correct operation. Support for dumbdbm
-requires python 2.1.2 or 2.2. 2.1.3 and 2.2.1 are recommended.
-
-This release fixes the following specific problems:
-
-- fixes to import/export
-- password edit now has a confirmation field
-- cleanups and fixes to the shipped classic template
-- new backend for sqlite (and it rocks :)
-- many performance improvements in dbm and sql backends
-- cgi.client base URL is now obtained from the config TRACKER_WEB (as a result
- request.url has gone away - there's too much magic in trying to figure
- what it should be)
-- cgi-bin script redirects to https now if the request was https
-- FileClass "content" property wasn't being returned by getprops() in most
- backends
-- we now verify instance attributes on instance open and throw a useful error
- if they're not all there
-- sf bug 611217 ] menu() has problems when labelprop==None
-- verify contents of tracker module when the tracker is opened
-- fixes to value parsing from edit forms
-- mailgw was missing an "import sys" (!)
-- setup now installs scripts with python -O flag, doubling performance in some
- cases (there's a lot of __debug__ use)
-- added getItem to HTMLClass so you can access arbitrary items in templates
-- replaced the content() callback ickiness with Page Template macro usage
-- changed the default CSS style to be less offensive to some ;)
-- better handling of Page Template compilation errors
-- sf bug 614188 ] Exception in mailgw.py
-- sf bug 613310 ] traceback on onexistant items
-- sf bug 613291 ] typos in nosy list
-- handle stupid mailers that QUOTE their Re; 'Re: "[issue1] bla blah"'
-- giving a user a Role that doesn't exist doesn't break stuff any more
-- revamped user guide, customisation guide, added basic maintenance guide
-- merged some bugfixes from the Zope Page Templates trunk
-- added the "minimal" template
-
-A lot has been done since 0.4:
-
-- new backend for metakit (thanks Gordon McMillan)
-- new backend for sqlite
-- new backend for gadfly (it's as done as it's going to get)
-- further split the dbm backends from the core code, allowing easier
- non-dict-like backends (eg metakit, RDB)
-- added Boolean and Number types
-- fixed the journal bloat
-- full-text search may also search certain String properties
-- entire database export and import (incl files)
-- implemented and used the new access control mechanisms (Permissions, Roles)
-- switched templating to use Zope's PageTemplates giving much more flexibility
-- revamped look and feel in web interface including cleaned up CSS usage
-- re-worked cgi interface to abstract out the explicit "issue" interface
-- switched to sessions for web authentication
-- saving of named search queries
-- updated design document for new access controls
-- updated customisation document, including more examples
-- added maintenance guide
-- better mailgw help message (feature request #558562)
-- we handle "not found", access and item page render errors better
-- fixed double-submit by having new-item-submit redirect at end
-- roundup-server may be a daemon now (fork, logfile, pidfile)
-- renamed "instance" to "tracker" everywhere, and "node" to "item" in most
- places
-- many more bug fixes, cleanups and minor improvements
-
+I'm proud to release version 1.4.17 of Roundup which introduces some
+minor features and, as usual, fixes some bugs:
+
+Features:
+
+- Allow declaration of default_values for properties in schema.
+- Add explicit "Search" permissions, see Security Fix below.
+- Add "lookup" method to xmlrpc interface (Ralf Schlatterbeck)
+- Multilinks can be filtered by combining elements with AND, OR and NOT
+ operators now. A javascript gui was added for "keywords", see issue2550648.
+ Developed by Sascha Teichmann; funded by Intevation. (Bernhard Reiter)
+- Factor MailGW message parsing into a separate class, thanks to John
+ Kristensen who did the major work in issue2550576 -- I wouldn't
+ have attempted it without this. Fixes issue2550576. (Ralf)
+- Now if the -C option to roundup-mailgw specifies "issue" this refers
+ to an issue-like class. The real class is determined from the
+ configured default class, or the -c option to the mailgw, or the class
+ resulting from mail subject parsing. We also accept multiple -S
+ options for the same class now. (Ralf)
+- Optimisation: Late evaluation of Multilinks (only in rdbms backends):
+ previously we materialized each multilink in a Node -- this creates an
+ SQL query for each multilink (e.g. 'files' and 'messages' for each
+ line in the issue index display) -- even if the multilinks aren't
+ displayed. Now we compute multilinks only if they're accessed (and
+ keep them cached).
+- Add a filter_iter similar to the existing filter call. This feature is
+ considered experimental. This is currently not used in the
+ web-interface but passes all tests for the filter call except sorting
+ by Multilinks (which isn't supported by SQL and isn't a sane concept
+ anyway). When using filter_iter instead of filter this saves a *lot*
+ of SQL queries: Filter returns only the IDs of Nodes in the database,
+ the additional content of a Node has to be fetched in a separate SQL
+ call. The new filter_iter also returns the IDs of Nodes (one by one,
+ it's an iterator) but pre-seeds the cache with the content of the
+ Node. The information needed for seeding the cache is retrieved in the
+ same SQL query as the ids.
+
+Fixed:
+
+- Security Fix: Add a check for search-permissions: now we allow
+ searching for properties only if the property is readable without a
+ check method or if an explicit search permission (see above unter
+ "Features) is given for the property. This fixes cases where a user
+ doesn't have access to a property but can deduce the content by
+ crafting a clever search, group or sort query.
+ see doc/upgrading.txt for how to fix your trackers! (Ralf Schlatterbeck).
+- Range support in roundup-server so large files can be served,
+ e.g. media files on iOS/iPads; issue2550694. (Bernhard Reiter;
+ Thanks to Jon C. Thomason for the patch.)
+- Fix search for xapian 1.2 issue2550676
+ (Bernhard Reiter; Thanks to Olly Betts for providing the patch.)
+- Some minor typos fixed in doc/customizing.txt (Thanks Ralf Hemmecke).
+- XML-RPC documentation now linked from the docs/index (Bernhard Reiter).
+- Fix setting of sys.path when importing schema.py, fixes issue2550675,
+ thanks to Bryce L Nordgren for reporting. (Ralf Schlatterbeck)
+- clear the cache on commit for rdbms backends: Don't carry over cached
+ values from one transaction to the next (there may be other changes
+ from other transactions) see new ConcurrentDBTest for a
+ read-modify-update cycle that fails with the old caching behavior.
+ (Ralf Schlatterbeck)
+- Fix incorrect setting of template in customizing.txt example action,
+ patch via issue2550682 (thanks John Kristensen)
+- Configuration issue: On some postgresql 8.4 installations (notably on
+ debian squeeze) the default template database used for database
+ creation doesn't match the needed character encoding UTF8 -- a new
+ config option 'template' in the rdbms section now allows specification
+ of the template. You know you need this option if you get the error
+ message:
+ psycopg2.DataError: new encoding (UTF8) is incompatible with the
+ encoding of the template database (SQL_ASCII)
+ HINT: Use the same encoding as in the template database, or use
+ template0 as template.
+ (Ralf Schlatterbeck)
+- Fixed bug in mailgw refactoring, patch issue2550697 (thanks Hubert
+ Touvet)
+- Fix Password handling security issue2550688 (thanks Joseph Myers for
+ reporting and Eli Collins for fixing) -- this fixes all observations
+ by Joseph Myers except for auto-migration of existing passwords.
+- Add new config-option 'migrate_passwords' in section 'web' to
+ auto-migrate passwords at web-login time. Default for the new option
+ is "yes" so if you don't want that passwords are auto-migrated to a
+ more secure password scheme on user login, set this to "no" before
+ running your tracker(s) after the upgrade.
+- Add new config-option 'password_pbkdf2_default_rounds' in 'main'
+ section to configure the default parameter for new password
+ generation. Set this to a higher value on faster systems which want
+ more security. Thanks to Eli Collins for implementing this (see
+ issue2550688).
+- Fix documentation for roundup-server about the 'host' parameter as
+ suggested in issue2550693, fixes the first part of this issue. Make
+ 'localhost' the new default for this parameter, note the upgrading
+ documentation of changed behaviour. We also deprecate the empty host
+ parameter for binding to all interfaces now (still left in for
+ compatibility). Thanks to Toni Mueller for providing the first version
+ of this patch and discussing implementations.
+- Fixed bug in filter_iter refactoring (lazy multilinks), in rare cases
+ this would result in duplicate multilinks to the same node. We're now
+ going the safe route and doing lazy evaluation only for read-only
+ access, whenever updates are done we fetch everything.
+
+If you're upgrading from an older version of Roundup you *must* follow
+the "Software Upgrade" guidelines given in the maintenance documentation.
+
+Roundup requires python 2.4 or later (but not 3+) for correct operation.
+
+To give Roundup a try, just download (see below), unpack and run::
+
+ roundup-demo
+
+Release info and download page:
+ http://cheeseshop.python.org/pypi/roundup
Source and documentation is available at the website:
- http://roundup.sourceforge.net/
-Release Info (via download page):
- http://sourceforge.net/projects/roundup
+ http://roundup-tracker.org/
Mailing lists - the place to ask questions:
http://sourceforge.net/mail/?group_id=31577
About Roundup
=============
-Roundup is a simple-to-use and -install issue-tracking system with
-command-line, web and e-mail interfaces. It is based on the winning design
+Roundup is a simple-to-use and -install issue-tracking system with
+command-line, web and e-mail interfaces. It is based on the winning design
from Ka-Ping Yee in the Software Carpentry "Track" design competition.
-Note: Ping is not responsible for this project. The contact for this project
-is richard@users.sourceforge.net.
+Note: Ping is not responsible for this project. The contact for this
+project is richard@users.sourceforge.net.
-Roundup manages a number of issues (with flexible properties such as
+Roundup manages a number of issues (with flexible properties such as
"description", "priority", and so on) and provides the ability to:
(a) submit new issues,
The system will facilitate communication among the participants by managing
discussions and notifying interested parties when issues are edited. One of
the major design goals for Roundup that it be simple to get going. Roundup
-is therefore usable "out of the box" with any python 2.1+ installation. It
-doesn't even need to be "installed" to be operational, though a
-disutils-based install script is provided.
+is therefore usable "out of the box" with any python 2.4+ (but not 3+)
+installation. It doesn't even need to be "installed" to be operational,
+though an install script is provided.
It comes with two issue tracker templates (a classic bug/feature tracker and
-a minimal skeleton) and six database back-ends (anydbm, bsddb, bsddb3, sqlite,
-metakit and gadfly).
+a minimal skeleton) and four database back-ends (anydbm, sqlite, mysql
+and postgresql).