Menu

[6d5597]: / CHANGES.txt  Maximize  Restore  History

Download this file

5099 lines (4442 with data), 243.5 kB

   1
   2
   3
   4
   5
   6
   7
   8
   9
  10
  11
  12
  13
  14
  15
  16
  17
  18
  19
  20
  21
  22
  23
  24
  25
  26
  27
  28
  29
  30
  31
  32
  33
  34
  35
  36
  37
  38
  39
  40
  41
  42
  43
  44
  45
  46
  47
  48
  49
  50
  51
  52
  53
  54
  55
  56
  57
  58
  59
  60
  61
  62
  63
  64
  65
  66
  67
  68
  69
  70
  71
  72
  73
  74
  75
  76
  77
  78
  79
  80
  81
  82
  83
  84
  85
  86
  87
  88
  89
  90
  91
  92
  93
  94
  95
  96
  97
  98
  99
 100
 101
 102
 103
 104
 105
 106
 107
 108
 109
 110
 111
 112
 113
 114
 115
 116
 117
 118
 119
 120
 121
 122
 123
 124
 125
 126
 127
 128
 129
 130
 131
 132
 133
 134
 135
 136
 137
 138
 139
 140
 141
 142
 143
 144
 145
 146
 147
 148
 149
 150
 151
 152
 153
 154
 155
 156
 157
 158
 159
 160
 161
 162
 163
 164
 165
 166
 167
 168
 169
 170
 171
 172
 173
 174
 175
 176
 177
 178
 179
 180
 181
 182
 183
 184
 185
 186
 187
 188
 189
 190
 191
 192
 193
 194
 195
 196
 197
 198
 199
 200
 201
 202
 203
 204
 205
 206
 207
 208
 209
 210
 211
 212
 213
 214
 215
 216
 217
 218
 219
 220
 221
 222
 223
 224
 225
 226
 227
 228
 229
 230
 231
 232
 233
 234
 235
 236
 237
 238
 239
 240
 241
 242
 243
 244
 245
 246
 247
 248
 249
 250
 251
 252
 253
 254
 255
 256
 257
 258
 259
 260
 261
 262
 263
 264
 265
 266
 267
 268
 269
 270
 271
 272
 273
 274
 275
 276
 277
 278
 279
 280
 281
 282
 283
 284
 285
 286
 287
 288
 289
 290
 291
 292
 293
 294
 295
 296
 297
 298
 299
 300
 301
 302
 303
 304
 305
 306
 307
 308
 309
 310
 311
 312
 313
 314
 315
 316
 317
 318
 319
 320
 321
 322
 323
 324
 325
 326
 327
 328
 329
 330
 331
 332
 333
 334
 335
 336
 337
 338
 339
 340
 341
 342
 343
 344
 345
 346
 347
 348
 349
 350
 351
 352
 353
 354
 355
 356
 357
 358
 359
 360
 361
 362
 363
 364
 365
 366
 367
 368
 369
 370
 371
 372
 373
 374
 375
 376
 377
 378
 379
 380
 381
 382
 383
 384
 385
 386
 387
 388
 389
 390
 391
 392
 393
 394
 395
 396
 397
 398
 399
 400
 401
 402
 403
 404
 405
 406
 407
 408
 409
 410
 411
 412
 413
 414
 415
 416
 417
 418
 419
 420
 421
 422
 423
 424
 425
 426
 427
 428
 429
 430
 431
 432
 433
 434
 435
 436
 437
 438
 439
 440
 441
 442
 443
 444
 445
 446
 447
 448
 449
 450
 451
 452
 453
 454
 455
 456
 457
 458
 459
 460
 461
 462
 463
 464
 465
 466
 467
 468
 469
 470
 471
 472
 473
 474
 475
 476
 477
 478
 479
 480
 481
 482
 483
 484
 485
 486
 487
 488
 489
 490
 491
 492
 493
 494
 495
 496
 497
 498
 499
 500
 501
 502
 503
 504
 505
 506
 507
 508
 509
 510
 511
 512
 513
 514
 515
 516
 517
 518
 519
 520
 521
 522
 523
 524
 525
 526
 527
 528
 529
 530
 531
 532
 533
 534
 535
 536
 537
 538
 539
 540
 541
 542
 543
 544
 545
 546
 547
 548
 549
 550
 551
 552
 553
 554
 555
 556
 557
 558
 559
 560
 561
 562
 563
 564
 565
 566
 567
 568
 569
 570
 571
 572
 573
 574
 575
 576
 577
 578
 579
 580
 581
 582
 583
 584
 585
 586
 587
 588
 589
 590
 591
 592
 593
 594
 595
 596
 597
 598
 599
 600
 601
 602
 603
 604
 605
 606
 607
 608
 609
 610
 611
 612
 613
 614
 615
 616
 617
 618
 619
 620
 621
 622
 623
 624
 625
 626
 627
 628
 629
 630
 631
 632
 633
 634
 635
 636
 637
 638
 639
 640
 641
 642
 643
 644
 645
 646
 647
 648
 649
 650
 651
 652
 653
 654
 655
 656
 657
 658
 659
 660
 661
 662
 663
 664
 665
 666
 667
 668
 669
 670
 671
 672
 673
 674
 675
 676
 677
 678
 679
 680
 681
 682
 683
 684
 685
 686
 687
 688
 689
 690
 691
 692
 693
 694
 695
 696
 697
 698
 699
 700
 701
 702
 703
 704
 705
 706
 707
 708
 709
 710
 711
 712
 713
 714
 715
 716
 717
 718
 719
 720
 721
 722
 723
 724
 725
 726
 727
 728
 729
 730
 731
 732
 733
 734
 735
 736
 737
 738
 739
 740
 741
 742
 743
 744
 745
 746
 747
 748
 749
 750
 751
 752
 753
 754
 755
 756
 757
 758
 759
 760
 761
 762
 763
 764
 765
 766
 767
 768
 769
 770
 771
 772
 773
 774
 775
 776
 777
 778
 779
 780
 781
 782
 783
 784
 785
 786
 787
 788
 789
 790
 791
 792
 793
 794
 795
 796
 797
 798
 799
 800
 801
 802
 803
 804
 805
 806
 807
 808
 809
 810
 811
 812
 813
 814
 815
 816
 817
 818
 819
 820
 821
 822
 823
 824
 825
 826
 827
 828
 829
 830
 831
 832
 833
 834
 835
 836
 837
 838
 839
 840
 841
 842
 843
 844
 845
 846
 847
 848
 849
 850
 851
 852
 853
 854
 855
 856
 857
 858
 859
 860
 861
 862
 863
 864
 865
 866
 867
 868
 869
 870
 871
 872
 873
 874
 875
 876
 877
 878
 879
 880
 881
 882
 883
 884
 885
 886
 887
 888
 889
 890
 891
 892
 893
 894
 895
 896
 897
 898
 899
 900
 901
 902
 903
 904
 905
 906
 907
 908
 909
 910
 911
 912
 913
 914
 915
 916
 917
 918
 919
 920
 921
 922
 923
 924
 925
 926
 927
 928
 929
 930
 931
 932
 933
 934
 935
 936
 937
 938
 939
 940
 941
 942
 943
 944
 945
 946
 947
 948
 949
 950
 951
 952
 953
 954
 955
 956
 957
 958
 959
 960
 961
 962
 963
 964
 965
 966
 967
 968
 969
 970
 971
 972
 973
 974
 975
 976
 977
 978
 979
 980
 981
 982
 983
 984
 985
 986
 987
 988
 989
 990
 991
 992
 993
 994
 995
 996
 997
 998
 999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237
2238
2239
2240
2241
2242
2243
2244
2245
2246
2247
2248
2249
2250
2251
2252
2253
2254
2255
2256
2257
2258
2259
2260
2261
2262
2263
2264
2265
2266
2267
2268
2269
2270
2271
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281
2282
2283
2284
2285
2286
2287
2288
2289
2290
2291
2292
2293
2294
2295
2296
2297
2298
2299
2300
2301
2302
2303
2304
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314
2315
2316
2317
2318
2319
2320
2321
2322
2323
2324
2325
2326
2327
2328
2329
2330
2331
2332
2333
2334
2335
2336
2337
2338
2339
2340
2341
2342
2343
2344
2345
2346
2347
2348
2349
2350
2351
2352
2353
2354
2355
2356
2357
2358
2359
2360
2361
2362
2363
2364
2365
2366
2367
2368
2369
2370
2371
2372
2373
2374
2375
2376
2377
2378
2379
2380
2381
2382
2383
2384
2385
2386
2387
2388
2389
2390
2391
2392
2393
2394
2395
2396
2397
2398
2399
2400
2401
2402
2403
2404
2405
2406
2407
2408
2409
2410
2411
2412
2413
2414
2415
2416
2417
2418
2419
2420
2421
2422
2423
2424
2425
2426
2427
2428
2429
2430
2431
2432
2433
2434
2435
2436
2437
2438
2439
2440
2441
2442
2443
2444
2445
2446
2447
2448
2449
2450
2451
2452
2453
2454
2455
2456
2457
2458
2459
2460
2461
2462
2463
2464
2465
2466
2467
2468
2469
2470
2471
2472
2473
2474
2475
2476
2477
2478
2479
2480
2481
2482
2483
2484
2485
2486
2487
2488
2489
2490
2491
2492
2493
2494
2495
2496
2497
2498
2499
2500
2501
2502
2503
2504
2505
2506
2507
2508
2509
2510
2511
2512
2513
2514
2515
2516
2517
2518
2519
2520
2521
2522
2523
2524
2525
2526
2527
2528
2529
2530
2531
2532
2533
2534
2535
2536
2537
2538
2539
2540
2541
2542
2543
2544
2545
2546
2547
2548
2549
2550
2551
2552
2553
2554
2555
2556
2557
2558
2559
2560
2561
2562
2563
2564
2565
2566
2567
2568
2569
2570
2571
2572
2573
2574
2575
2576
2577
2578
2579
2580
2581
2582
2583
2584
2585
2586
2587
2588
2589
2590
2591
2592
2593
2594
2595
2596
2597
2598
2599
2600
2601
2602
2603
2604
2605
2606
2607
2608
2609
2610
2611
2612
2613
2614
2615
2616
2617
2618
2619
2620
2621
2622
2623
2624
2625
2626
2627
2628
2629
2630
2631
2632
2633
2634
2635
2636
2637
2638
2639
2640
2641
2642
2643
2644
2645
2646
2647
2648
2649
2650
2651
2652
2653
2654
2655
2656
2657
2658
2659
2660
2661
2662
2663
2664
2665
2666
2667
2668
2669
2670
2671
2672
2673
2674
2675
2676
2677
2678
2679
2680
2681
2682
2683
2684
2685
2686
2687
2688
2689
2690
2691
2692
2693
2694
2695
2696
2697
2698
2699
2700
2701
2702
2703
2704
2705
2706
2707
2708
2709
2710
2711
2712
2713
2714
2715
2716
2717
2718
2719
2720
2721
2722
2723
2724
2725
2726
2727
2728
2729
2730
2731
2732
2733
2734
2735
2736
2737
2738
2739
2740
2741
2742
2743
2744
2745
2746
2747
2748
2749
2750
2751
2752
2753
2754
2755
2756
2757
2758
2759
2760
2761
2762
2763
2764
2765
2766
2767
2768
2769
2770
2771
2772
2773
2774
2775
2776
2777
2778
2779
2780
2781
2782
2783
2784
2785
2786
2787
2788
2789
2790
2791
2792
2793
2794
2795
2796
2797
2798
2799
2800
2801
2802
2803
2804
2805
2806
2807
2808
2809
2810
2811
2812
2813
2814
2815
2816
2817
2818
2819
2820
2821
2822
2823
2824
2825
2826
2827
2828
2829
2830
2831
2832
2833
2834
2835
2836
2837
2838
2839
2840
2841
2842
2843
2844
2845
2846
2847
2848
2849
2850
2851
2852
2853
2854
2855
2856
2857
2858
2859
2860
2861
2862
2863
2864
2865
2866
2867
2868
2869
2870
2871
2872
2873
2874
2875
2876
2877
2878
2879
2880
2881
2882
2883
2884
2885
2886
2887
2888
2889
2890
2891
2892
2893
2894
2895
2896
2897
2898
2899
2900
2901
2902
2903
2904
2905
2906
2907
2908
2909
2910
2911
2912
2913
2914
2915
2916
2917
2918
2919
2920
2921
2922
2923
2924
2925
2926
2927
2928
2929
2930
2931
2932
2933
2934
2935
2936
2937
2938
2939
2940
2941
2942
2943
2944
2945
2946
2947
2948
2949
2950
2951
2952
2953
2954
2955
2956
2957
2958
2959
2960
2961
2962
2963
2964
2965
2966
2967
2968
2969
2970
2971
2972
2973
2974
2975
2976
2977
2978
2979
2980
2981
2982
2983
2984
2985
2986
2987
2988
2989
2990
2991
2992
2993
2994
2995
2996
2997
2998
2999
3000
3001
3002
3003
3004
3005
3006
3007
3008
3009
3010
3011
3012
3013
3014
3015
3016
3017
3018
3019
3020
3021
3022
3023
3024
3025
3026
3027
3028
3029
3030
3031
3032
3033
3034
3035
3036
3037
3038
3039
3040
3041
3042
3043
3044
3045
3046
3047
3048
3049
3050
3051
3052
3053
3054
3055
3056
3057
3058
3059
3060
3061
3062
3063
3064
3065
3066
3067
3068
3069
3070
3071
3072
3073
3074
3075
3076
3077
3078
3079
3080
3081
3082
3083
3084
3085
3086
3087
3088
3089
3090
3091
3092
3093
3094
3095
3096
3097
3098
3099
3100
3101
3102
3103
3104
3105
3106
3107
3108
3109
3110
3111
3112
3113
3114
3115
3116
3117
3118
3119
3120
3121
3122
3123
3124
3125
3126
3127
3128
3129
3130
3131
3132
3133
3134
3135
3136
3137
3138
3139
3140
3141
3142
3143
3144
3145
3146
3147
3148
3149
3150
3151
3152
3153
3154
3155
3156
3157
3158
3159
3160
3161
3162
3163
3164
3165
3166
3167
3168
3169
3170
3171
3172
3173
3174
3175
3176
3177
3178
3179
3180
3181
3182
3183
3184
3185
3186
3187
3188
3189
3190
3191
3192
3193
3194
3195
3196
3197
3198
3199
3200
3201
3202
3203
3204
3205
3206
3207
3208
3209
3210
3211
3212
3213
3214
3215
3216
3217
3218
3219
3220
3221
3222
3223
3224
3225
3226
3227
3228
3229
3230
3231
3232
3233
3234
3235
3236
3237
3238
3239
3240
3241
3242
3243
3244
3245
3246
3247
3248
3249
3250
3251
3252
3253
3254
3255
3256
3257
3258
3259
3260
3261
3262
3263
3264
3265
3266
3267
3268
3269
3270
3271
3272
3273
3274
3275
3276
3277
3278
3279
3280
3281
3282
3283
3284
3285
3286
3287
3288
3289
3290
3291
3292
3293
3294
3295
3296
3297
3298
3299
3300
3301
3302
3303
3304
3305
3306
3307
3308
3309
3310
3311
3312
3313
3314
3315
3316
3317
3318
3319
3320
3321
3322
3323
3324
3325
3326
3327
3328
3329
3330
3331
3332
3333
3334
3335
3336
3337
3338
3339
3340
3341
3342
3343
3344
3345
3346
3347
3348
3349
3350
3351
3352
3353
3354
3355
3356
3357
3358
3359
3360
3361
3362
3363
3364
3365
3366
3367
3368
3369
3370
3371
3372
3373
3374
3375
3376
3377
3378
3379
3380
3381
3382
3383
3384
3385
3386
3387
3388
3389
3390
3391
3392
3393
3394
3395
3396
3397
3398
3399
3400
3401
3402
3403
3404
3405
3406
3407
3408
3409
3410
3411
3412
3413
3414
3415
3416
3417
3418
3419
3420
3421
3422
3423
3424
3425
3426
3427
3428
3429
3430
3431
3432
3433
3434
3435
3436
3437
3438
3439
3440
3441
3442
3443
3444
3445
3446
3447
3448
3449
3450
3451
3452
3453
3454
3455
3456
3457
3458
3459
3460
3461
3462
3463
3464
3465
3466
3467
3468
3469
3470
3471
3472
3473
3474
3475
3476
3477
3478
3479
3480
3481
3482
3483
3484
3485
3486
3487
3488
3489
3490
3491
3492
3493
3494
3495
3496
3497
3498
3499
3500
3501
3502
3503
3504
3505
3506
3507
3508
3509
3510
3511
3512
3513
3514
3515
3516
3517
3518
3519
3520
3521
3522
3523
3524
3525
3526
3527
3528
3529
3530
3531
3532
3533
3534
3535
3536
3537
3538
3539
3540
3541
3542
3543
3544
3545
3546
3547
3548
3549
3550
3551
3552
3553
3554
3555
3556
3557
3558
3559
3560
3561
3562
3563
3564
3565
3566
3567
3568
3569
3570
3571
3572
3573
3574
3575
3576
3577
3578
3579
3580
3581
3582
3583
3584
3585
3586
3587
3588
3589
3590
3591
3592
3593
3594
3595
3596
3597
3598
3599
3600
3601
3602
3603
3604
3605
3606
3607
3608
3609
3610
3611
3612
3613
3614
3615
3616
3617
3618
3619
3620
3621
3622
3623
3624
3625
3626
3627
3628
3629
3630
3631
3632
3633
3634
3635
3636
3637
3638
3639
3640
3641
3642
3643
3644
3645
3646
3647
3648
3649
3650
3651
3652
3653
3654
3655
3656
3657
3658
3659
3660
3661
3662
3663
3664
3665
3666
3667
3668
3669
3670
3671
3672
3673
3674
3675
3676
3677
3678
3679
3680
3681
3682
3683
3684
3685
3686
3687
3688
3689
3690
3691
3692
3693
3694
3695
3696
3697
3698
3699
3700
3701
3702
3703
3704
3705
3706
3707
3708
3709
3710
3711
3712
3713
3714
3715
3716
3717
3718
3719
3720
3721
3722
3723
3724
3725
3726
3727
3728
3729
3730
3731
3732
3733
3734
3735
3736
3737
3738
3739
3740
3741
3742
3743
3744
3745
3746
3747
3748
3749
3750
3751
3752
3753
3754
3755
3756
3757
3758
3759
3760
3761
3762
3763
3764
3765
3766
3767
3768
3769
3770
3771
3772
3773
3774
3775
3776
3777
3778
3779
3780
3781
3782
3783
3784
3785
3786
3787
3788
3789
3790
3791
3792
3793
3794
3795
3796
3797
3798
3799
3800
3801
3802
3803
3804
3805
3806
3807
3808
3809
3810
3811
3812
3813
3814
3815
3816
3817
3818
3819
3820
3821
3822
3823
3824
3825
3826
3827
3828
3829
3830
3831
3832
3833
3834
3835
3836
3837
3838
3839
3840
3841
3842
3843
3844
3845
3846
3847
3848
3849
3850
3851
3852
3853
3854
3855
3856
3857
3858
3859
3860
3861
3862
3863
3864
3865
3866
3867
3868
3869
3870
3871
3872
3873
3874
3875
3876
3877
3878
3879
3880
3881
3882
3883
3884
3885
3886
3887
3888
3889
3890
3891
3892
3893
3894
3895
3896
3897
3898
3899
3900
3901
3902
3903
3904
3905
3906
3907
3908
3909
3910
3911
3912
3913
3914
3915
3916
3917
3918
3919
3920
3921
3922
3923
3924
3925
3926
3927
3928
3929
3930
3931
3932
3933
3934
3935
3936
3937
3938
3939
3940
3941
3942
3943
3944
3945
3946
3947
3948
3949
3950
3951
3952
3953
3954
3955
3956
3957
3958
3959
3960
3961
3962
3963
3964
3965
3966
3967
3968
3969
3970
3971
3972
3973
3974
3975
3976
3977
3978
3979
3980
3981
3982
3983
3984
3985
3986
3987
3988
3989
3990
3991
3992
3993
3994
3995
3996
3997
3998
3999
4000
4001
4002
4003
4004
4005
4006
4007
4008
4009
4010
4011
4012
4013
4014
4015
4016
4017
4018
4019
4020
4021
4022
4023
4024
4025
4026
4027
4028
4029
4030
4031
4032
4033
4034
4035
4036
4037
4038
4039
4040
4041
4042
4043
4044
4045
4046
4047
4048
4049
4050
4051
4052
4053
4054
4055
4056
4057
4058
4059
4060
4061
4062
4063
4064
4065
4066
4067
4068
4069
4070
4071
4072
4073
4074
4075
4076
4077
4078
4079
4080
4081
4082
4083
4084
4085
4086
4087
4088
4089
4090
4091
4092
4093
4094
4095
4096
4097
4098
4099
4100
4101
4102
4103
4104
4105
4106
4107
4108
4109
4110
4111
4112
4113
4114
4115
4116
4117
4118
4119
4120
4121
4122
4123
4124
4125
4126
4127
4128
4129
4130
4131
4132
4133
4134
4135
4136
4137
4138
4139
4140
4141
4142
4143
4144
4145
4146
4147
4148
4149
4150
4151
4152
4153
4154
4155
4156
4157
4158
4159
4160
4161
4162
4163
4164
4165
4166
4167
4168
4169
4170
4171
4172
4173
4174
4175
4176
4177
4178
4179
4180
4181
4182
4183
4184
4185
4186
4187
4188
4189
4190
4191
4192
4193
4194
4195
4196
4197
4198
4199
4200
4201
4202
4203
4204
4205
4206
4207
4208
4209
4210
4211
4212
4213
4214
4215
4216
4217
4218
4219
4220
4221
4222
4223
4224
4225
4226
4227
4228
4229
4230
4231
4232
4233
4234
4235
4236
4237
4238
4239
4240
4241
4242
4243
4244
4245
4246
4247
4248
4249
4250
4251
4252
4253
4254
4255
4256
4257
4258
4259
4260
4261
4262
4263
4264
4265
4266
4267
4268
4269
4270
4271
4272
4273
4274
4275
4276
4277
4278
4279
4280
4281
4282
4283
4284
4285
4286
4287
4288
4289
4290
4291
4292
4293
4294
4295
4296
4297
4298
4299
4300
4301
4302
4303
4304
4305
4306
4307
4308
4309
4310
4311
4312
4313
4314
4315
4316
4317
4318
4319
4320
4321
4322
4323
4324
4325
4326
4327
4328
4329
4330
4331
4332
4333
4334
4335
4336
4337
4338
4339
4340
4341
4342
4343
4344
4345
4346
4347
4348
4349
4350
4351
4352
4353
4354
4355
4356
4357
4358
4359
4360
4361
4362
4363
4364
4365
4366
4367
4368
4369
4370
4371
4372
4373
4374
4375
4376
4377
4378
4379
4380
4381
4382
4383
4384
4385
4386
4387
4388
4389
4390
4391
4392
4393
4394
4395
4396
4397
4398
4399
4400
4401
4402
4403
4404
4405
4406
4407
4408
4409
4410
4411
4412
4413
4414
4415
4416
4417
4418
4419
4420
4421
4422
4423
4424
4425
4426
4427
4428
4429
4430
4431
4432
4433
4434
4435
4436
4437
4438
4439
4440
4441
4442
4443
4444
4445
4446
4447
4448
4449
4450
4451
4452
4453
4454
4455
4456
4457
4458
4459
4460
4461
4462
4463
4464
4465
4466
4467
4468
4469
4470
4471
4472
4473
4474
4475
4476
4477
4478
4479
4480
4481
4482
4483
4484
4485
4486
4487
4488
4489
4490
4491
4492
4493
4494
4495
4496
4497
4498
4499
4500
4501
4502
4503
4504
4505
4506
4507
4508
4509
4510
4511
4512
4513
4514
4515
4516
4517
4518
4519
4520
4521
4522
4523
4524
4525
4526
4527
4528
4529
4530
4531
4532
4533
4534
4535
4536
4537
4538
4539
4540
4541
4542
4543
4544
4545
4546
4547
4548
4549
4550
4551
4552
4553
4554
4555
4556
4557
4558
4559
4560
4561
4562
4563
4564
4565
4566
4567
4568
4569
4570
4571
4572
4573
4574
4575
4576
4577
4578
4579
4580
4581
4582
4583
4584
4585
4586
4587
4588
4589
4590
4591
4592
4593
4594
4595
4596
4597
4598
4599
4600
4601
4602
4603
4604
4605
4606
4607
4608
4609
4610
4611
4612
4613
4614
4615
4616
4617
4618
4619
4620
4621
4622
4623
4624
4625
4626
4627
4628
4629
4630
4631
4632
4633
4634
4635
4636
4637
4638
4639
4640
4641
4642
4643
4644
4645
4646
4647
4648
4649
4650
4651
4652
4653
4654
4655
4656
4657
4658
4659
4660
4661
4662
4663
4664
4665
4666
4667
4668
4669
4670
4671
4672
4673
4674
4675
4676
4677
4678
4679
4680
4681
4682
4683
4684
4685
4686
4687
4688
4689
4690
4691
4692
4693
4694
4695
4696
4697
4698
4699
4700
4701
4702
4703
4704
4705
4706
4707
4708
4709
4710
4711
4712
4713
4714
4715
4716
4717
4718
4719
4720
4721
4722
4723
4724
4725
4726
4727
4728
4729
4730
4731
4732
4733
4734
4735
4736
4737
4738
4739
4740
4741
4742
4743
4744
4745
4746
4747
4748
4749
4750
4751
4752
4753
4754
4755
4756
4757
4758
4759
4760
4761
4762
4763
4764
4765
4766
4767
4768
4769
4770
4771
4772
4773
4774
4775
4776
4777
4778
4779
4780
4781
4782
4783
4784
4785
4786
4787
4788
4789
4790
4791
4792
4793
4794
4795
4796
4797
4798
4799
4800
4801
4802
4803
4804
4805
4806
4807
4808
4809
4810
4811
4812
4813
4814
4815
4816
4817
4818
4819
4820
4821
4822
4823
4824
4825
4826
4827
4828
4829
4830
4831
4832
4833
4834
4835
4836
4837
4838
4839
4840
4841
4842
4843
4844
4845
4846
4847
4848
4849
4850
4851
4852
4853
4854
4855
4856
4857
4858
4859
4860
4861
4862
4863
4864
4865
4866
4867
4868
4869
4870
4871
4872
4873
4874
4875
4876
4877
4878
4879
4880
4881
4882
4883
4884
4885
4886
4887
4888
4889
4890
4891
4892
4893
4894
4895
4896
4897
4898
4899
4900
4901
4902
4903
4904
4905
4906
4907
4908
4909
4910
4911
4912
4913
4914
4915
4916
4917
4918
4919
4920
4921
4922
4923
4924
4925
4926
4927
4928
4929
4930
4931
4932
4933
4934
4935
4936
4937
4938
4939
4940
4941
4942
4943
4944
4945
4946
4947
4948
4949
4950
4951
4952
4953
4954
4955
4956
4957
4958
4959
4960
4961
4962
4963
4964
4965
4966
4967
4968
4969
4970
4971
4972
4973
4974
4975
4976
4977
4978
4979
4980
4981
4982
4983
4984
4985
4986
4987
4988
4989
4990
4991
4992
4993
4994
4995
4996
4997
4998
4999
5000
5001
5002
5003
5004
5005
5006
5007
5008
5009
5010
5011
5012
5013
5014
5015
5016
5017
5018
5019
5020
5021
5022
5023
5024
5025
5026
5027
5028
5029
5030
5031
5032
5033
5034
5035
5036
5037
5038
5039
5040
5041
5042
5043
5044
5045
5046
5047
5048
5049
5050
5051
5052
5053
5054
5055
5056
5057
5058
5059
5060
5061
5062
5063
5064
5065
5066
5067
5068
5069
5070
5071
5072
5073
5074
5075
5076
5077
5078
5079
5080
5081
5082
5083
5084
5085
5086
5087
5088
5089
5090
5091
5092
5093
5094
5095
Please read ``doc/upgrading.txt`` to see how to bring you Roundup version
up to date with changes listed in this file. This may require schema
and template changes not listed here.
Each entry has the developer who committed the change in brackets.
Many entries without name were done by Richard Jones.
**IMPORTANT** The v1.5.x releases of Roundup were the last to support
Python v2.5 and v2.6. Starting with the v1.6 releases of Roundup
v2.7.2 or later are required to run newer releases of Roundup.
Roundup 2.0 supports Python 3.4 and later. Roundup 2.1.0 supports
python 3.6 or newer (3.4/3.5 might work, but they are not tested).
Roundup 2.4.0 is the last release to support Python 2.
2025-XX-XX 2.5.0
Fixed:
- issue2551343 - Remove support for PySQLite. It is unmaintained
and sqlite3 is used which is the default for a Python
distribution. (John Rouillard)
- replace use of os.listdir with os.scandir. Performance
improvement. Using with Python 2 requires 'pip install
scandir'. (John Rouillard)
- issue2551131 - Return accept-patch if patch body not accepted
(415 code). Accept-Patch returned with acceptable values. (John
Rouillard)
- issue2551074 - In "responsive" template: click on hide comment leads
to a red error msg. (Report by Ludwig Reiter; fix John Rouillard)
- issue2550698 - added documentation on filtering using RPN property
expressions. (John Rouillard)
- issue2551372 - Better document necessary headers for REST and fix
logging to log missing Origin header (Ralf Schlatterbeck with
suggestions on documentation by John Rouillard)
- issue2551289 - Invalid REST Accept header with post/put performs
change before returning 406. Error before making any changes to the
db if we can't respond with requested format. (John Rouillard)
- issue2551356 - Add etag header when If-Modified-Since GET request
returns not-modified (304). Breaking change to function signature
for client.py-Client::_serve_file(). (John Rouillard)
- issue2551381 - roundup-server parses URI's with multiple '?"
incorrectly. (John Rouillard)
- issue2551382 - invalid @verbose, @page_* values in rest uri's
generate 409 not 400 error. (John Rouillard)
- fix issues with rest doc and use of PUT on a property item. Response
is similar to use of PUT on the item, not a GET on the
item. Discovered while fuzz testing. (John Rouillard)
- issue2551383 - Setting same address via REST PUT command results in
an error. Now the userauditor does not trigger an error if a user
sets the primary address to the existing value. (John Rouillard)
- issue2551253 - Modify password PBKDF2 method to use SHA512. The
default password hashing algorithm has been upgraded to
PBKDF2-SHA512 from PBKDF2-SHA1. The default pbkdf2 rounds in the
config file has been changed to 250000. The admin should change it
manually if it is at 2 million. PBKDF2-SHA512 (PBKDF2S5) has been
available since release 2.3, but it required a manual step to make
it the default. (John Rouillard)
- fixed a crash with roundup-admin perftest password when rounds not set
on command line. (John Rouillard)
- issue2551374 - Add error handling for filter expressions. Filter
expression errors are now reported. (John Rouillard)
- issue2551384: Modify flow in client.py's REST handler to verify
authorization earlier. The validation order for REST requests
has been changed. Checking user authorization to use the REST
interface is done before validating the Origin header. As a
result, incorrectly formatted CORS preflight requests
(e.g. missing Origin header) can now return HTTP status 403 as
well as status 400. (John Rouillard)
- issue2551387 - TypeError: not indexable. Fix crash due to
uninitialized list element on a (Mini)FieldStorage when unexpected
input is posted via wsgi. (Reported and debugged by Christof
Meerwald; fix John Rouillard)
- close http socket and send a 408 status when a timeout exception
is handed in roundup-server. This prevents another exception
caused by using a timed out socket. (John Rouillard)
- issue2551391, partial fix for issue1513369. input fields were
not getting id's assigned. Fixed automatic id assignment to
input fields. Thinko in the code. (John Rouillard)
- issue2551390 - Replace text input/calendar popup with native
date input. Also add double-click and exit keyboard handlers to
allow copy/paste/editing the text version of the date. Configurable
via the use_browser_date_input setting in the [web] section of
config.ini. By default browser native dates are turned off.
(John Rouillard, Ralf Schlatterbeck)
- issue1895197 - translated help texts in admin.py not displayed
correctly. (Initial patch tobias-herp, John Rouillard)
- issue2551238 - roundup-server should exit with error if -d
<pidfile> is used without -l <logfile>. Added code to report
the issue. Added issue with relative paths for log file whn
using -L and -d with roundup-server. (John Rouillard)
- Allow the specification of a "form" parameter for Date fields to make
the popup calendar work when the enclosing form has a name different
from "itemSynopsis". (Ralf Schlatterbeck)
- issue2551376: Fix tracebacks in item templates (Ralf Schlatterbeck)
Features:
- issue2551287 - Enhance roundup_gettext.py to extract strings from
detectors/extensions. If the polib module is available,
roundup-gettext will extract translatable strings from the tracker's
Python code. If polib is missing, it will print a warning. (Patch
Marcus Priesch, cleanup to remove python 2 issues, John Rouillard.)
- issue2551315 - Document use of
RestfulInstance.max_response_row_size to limit data returned
from rest request.
- issue2551330 - Add an optional 'filter' function to the Permission
objects and the addPermission method. This is used to optimize search
performance by not checking items returned from a database query
one-by-one (using the check function) but instead offload the
permission checks to the database. For SQL backends this performs the
filtering in the database. (Ralf Schlatterbeck)
- issue2551370 - mark roundup session cookie with __Secure-
prefix. (John Rouillard)
- add -P flag to roundup-server to log client address from
X-Forwarded-For reverse proxy header rather than connecting
address. This logs the actual client address when
roundup-server is run behind a reverse proxy. It also appends a
+ sign to the logged address/name. (John Rouillard)
- issue2551068 - Provide way to retrieve file/msg data via rest
endpoint. Raw file/msg data can be retrieved using the
/binary_content attribute and an Accept header to select the mime
type for the data (e.g. image/png for a png file). The existing html
interface method still works and is supported, but is legacy. (John
Rouillard)
- added fuzz testing for some code. Found issue2551382 and
others. (John Rouillard)
- issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
Added support for defusedxml to better secure the xmlrpc
endpoint. (John Rouillard)
- Added new instance.registerUtilMethod() method to make using complex
templating easier as it provides a default Client instance to the
templating method. (John Rouillard)
- Added new templating utils.set_http_response(integer) method to
allow reporting an error to the user from a template. (John
Rouillard)
- Use native number type input for Number() and Integer()
properties. Integer() uses step=1 as well. Configurable via the
use_browser_number_input setting in the [web] section of config.ini
(John Rouillard, Ralf Schlatterbeck)
- issue2551231 - template.py-HTMLClass::classhelp doesn't merge
user defined classes. It now merges them in. (John Rouillard)
2024-07-13 2.4.0
Fixed:
- CVE-2024-39124 - The classhelpers (_generic.help.html) are
vulnerable to an XSS attack. A specially crafted URL that used
that endpoint would result in running a script embedded in the
URL. (Found/reported by Alec Romano (4rdr), fix/tests John
Rouillard)
- CVE-2024-39125 - If the Referer header is set to a script tag,
it will be executed when the error in the Referer header is
reported. (Found/reported by Alec Romano (4rdr), fix/tests John
Rouillard)
- CVE-2024-39126 - PDF, XML and SVG files attached to an issue can contain
embedded JavaScript. This JavaScript was executed when the file was
accessed. PDF files are now downloaded and not displayed in the
browser. A content security policy is added for all download files
which prevents code execution in SVG files. (Found/reported by Alec
Romano (4rdr), fix/tests John Rouillard)
- issue2551282 - MySQL utf8mb4 issues and
issue2551115 - Use utf8mb4 as a default for MySQL instead of utf8
The default database type and collations have been set to:
utf8mb4, utf8mb4_unicode_ci and utf8mb4_0900_bin. They are (sadly)
configurable from config.ini. Require directions on upgrading the
MySQL db have been documented in upgrading.txt.
- issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
Failed API login rate limiting with expiring lockout added. (John
Rouillard)
- issue2551184 - improve i18n handling. Patch to test to make sure it
uses the test tracker's locale files and not other locale
files. (Marcus Priesch)
- issue2551283 - fail if version 2.4.9 of markdown2 is used, it broke
[issue1](issue1) style links. Support markdown2 2.4.8 and earlier
and 2.4.10 with its new schema filtering method. (John Rouillard)
- multiple flake8 fixes (John Rouillard)
- rename loop variable in 'for sendto in sendto:' (John Rouillard)
- issue2551193 - Fix roundup for removal of cgi and cgitb standard
python modules (and FieldStorage/MiniFieldStorage). Replaced imports
from cgi to use roundup.anypy.cgi_ which will load the system cgi
unless it is missing. Then it will load roundup.anypy.vendored.cgi
and make *FieldStorage symbols available. Roundup uses its own
cgitb.py and not the system cgitb.py. It looks like it's the
precursor to the system cgitb.py. (John Rouillard)
- issue2551278 - datetime.datetime.utcnow deprecation. Replace
calls with equivalent that produces timezone aware dates rather than
naive dates. (John Rouillard)
- when using "roundup-admin display" indent the listing only if
headers or protected fields are requested. This makes the output
look like it did previously to 2.3.0 if the new features aren't
used. Roundup-admin output was never meant to be machine parsed, but
don't break it unless required. (John Rouillard)
- issue2551290 - pip install roundup Hangs on Windows 10
The install under windows goes into an infinite loop using pip or
source install. (John Rouillard)
- Document use of pyreadline3 to allow roundup-admin to have CLI editing
on windows. (John Rouillard)
- issue2551293 - remove schema_hook from Tracker instance. Looks like
it was an obsolete hook used for testing. Never documented and not
accessible from schema.py.
- Fix roundup-admin security command. Lowercase its optional
argument. Roles are indexed by lower case role name. So 'security
User' and 'security user' should generate the same output. (John
Rouillard from issue on mailing list by Chuck Cunningham)
- make roundup-server exit more quickly on ^C. This seems to be
limited to windows. (John Rouillard)
- Fix error handling so failure during import of a non-user item
doesn't cause a second traceback. (Found by Norbert Schlemmer, fix
John Rouillard)
- Handle out of memory error when importing large trackers in
PostgreSQL. (Found by Norbert Schlemmer, extensive testing by
Norbert, fix John Rouillard)
- use unittest.mock rather than mock for
test/test_hyperdbvals.py. (found by Ralf Schlatterbeck. Fix John
Rouillard)
- disable proxy with wget in roundup_healthcheck. (Norbert SCHLEMMER
Noschvie on github.com)
- support dicttoxml2.py for Roundup running on 3.7 and
newer. dicttoxml uses a type alias: collection.Iterator that is
dropped in Python 3.10. (found by Norbert Schlemmer, fix John
Rouillard)
- fix duplicate html id 'password' in user.item.html in all templates except
jinja2. (John Rouillard)
- fix unclosed file when saving index in indexer_dbm.py. (John Rouillard)
- fix task index in devel tracker so it doesn't cause a crash if all
fields are selected. (John Rouillard)
- fix windows install. When using pip share directory is installed in
a directory tree under the lib directory. Fix it so that Lib/share
is used to install the share tree. The lets Roundup find tracker
templates and translation files. (Found by Simon Eigeldinger, fix
John Rouillard)
- fix roundup-demo, interactive mode would nuke an existing tracker.
(Found Tonu Mikk, fix John Rouillard)
- fix detection/reporting when using a SQLite3 library without FTS5
support. Install docs updated to state that FTS5 support is required
when using SQLite for back end. (Found Tonu Mikk, fix John
Rouillard)
- issue2551320: user.help-search.html doesn't respect
properties. Setting url parameter properties when using the
classhelp for users now shows the requested properties. (Found by
Patel Malav and Nikunj Thakkar of the UMass-Boston CS682 Spring
2024 class; fix John Rouillard)
- use ast.eval_literal() rather than eval() to turn CSV exported
string values into Python object/values.
- use template's guess at Content-Type in headers only if Content-Type
is not already set. This allows a template to set its own content
type. For example: _generic.translate can set content type (via
request.client.additional_headers) to application/json and return
json from the template. This json could access the 1i18n functions
for a javascript helper. (John Rouillard)
- when template processing raises an exception the line number is
sometimes missing. This causes cgitb to raise a second exception
which clobbers the info about the template issue. As a stop-gap set
the line number to -1 so the original traceback can be seen. This
could be a bug in ZopeTAL. (John Rouillard)
- issue2551328 - REST results show next link if number of results is a
multiple of page size. There should be no next link. (Found by Patel
Malav and Bharath Kanama of the UMass-Boston CS682 Spring 2024
class; fix John Rouillard)
- issue2551264 - REST X-Total-Count header and @total_size count
incorrect when paginated - correct values are now returned.
(John Rouillard)
- issue2551331 - Fix repeat first/last methods. (John Rouillard)
- Fix import/export on windows. Use unix line terminating characters.
(John Rouillard)
- Fix anydbm session/otks clear() method on windows when backed by
dumbdbm. Also make anydbm detect the initialized database when
using dumbdbm. (John Rouillard)
- Use of '-' directory in static_files config option under windows
Python fixed. (John Rouillard)
- issue2551334 - number of test bugs that prevented test suite from
running under Windows Python are fixed. WIP. (John Rouillard)
- issue2551302 - Remove support for sqlite version 1 from
back_sqlite.py. We have been using sqlite3 for over a decade. (John
Rouillard)
- issue2551285 - Remove StructuredText support. reStructuredText is
still supported. (John Rouillard)
- Use roundup-demo -p option to set listening port. Was ignored
before. (John Rouillard)
- issue2551346 - Classic tracker's statusauditor raises error if
detectors/config.ini missing
STATUSAUDITOR_CHATTING_REQUIRES_TWO_USERS. The statusauditor.py for
jinja2 and classic templates has been changed to assume that this
option is off when the setting is missing from
detectors/config.ini. Other templates do not implement this option.
(John Rouillard)
- issue2551350 - Python changes for 3.12 with roundup 2.3.0. Fixes for
cgitb.py crash due to pydoc.html.header() signature change. (Patch
by Andrew (kragacles), applied John Rouillard)
- issue2551350 - Python changes for 3.12 with roundup 2.3.0. Fixes for
mailer.py crash due to change in starttls signature change. (Patch
by Andrew (kragacles), modified and applied John Rouillard)
- make classhelper link open in a new window by setting
target="_blank". This prevents overwriting of current page with the
classhelper if javascript is disabled. (John Rouillard)
- issue2551341 - if @columns missing from an index url, the
group headers colspan property = 0. Add "or 100" in
stanza's so headers span all rows (up to 100).
- fix roundup-server response requiring a 301 redirect. Did
not set content length leading to hang/error. (John
Rouillard)
- report basename of filename when template file is invalid
rather than reporting a TypeError. (John Rouillard)
- Make Last-Modified header use GMT not -0000 timezone. Fix error
reported by redbot testing. (John Rouillard)
- Send Vary: Accept-Encoding on any file that could be compressed
even if the file is not encoded/compressed. Found by Redbot
testing. (John Rouillard)
- make If-None-Match work for static file (@@file) case. Found by
Redbot testing (John Rouillard)
- Send vary: accept-encoding for if-modified-since conditional
requests where the file is not modified. (John Rouillard)
- Update JWT example in rest.py to use replacement for
datetime.datetime.utcnow(). (John Rouillard)
- issue2551219 - document requirements of PEM file when using
roundup-server in SSL/TLS mode. Report better error messages
when PEM file is missing certificate or private key. (John
Rouillard)
- Cleanup tracker index generation by roundup-server. Send
correct Content-Length headers so HTTP/1.1 connections don't
hang. (John Rouillard)
- Fix delay when using csv export actions. The CSV file is written
incrementally, so we can't determine the Content-Length. When using
HTTP/1.1, this causes a delay while the browser waits for a timeout.
Forcing the connection to close after the CSV file is written
removes the delay. (John Rouillard)
Features:
- issue2551323 - Remove XHTML support. Disabled option to set
html_version to xhtml. Running roundup commands with html_version
set to xhtml will result in an "Invalid value for HTML_VERSION:
'xhtml'" error. (John Rouillard)
- issue2551103 - add pragma 'display_protected' to roundup-admin. If
true, print protected attributes like id, activity, actor...
when using display or specification subcommands. (John Rouillard)
- add -P pragma=value command line option to roundup-admin. Allows
setting pragmas when using non-interactive mode. (John Rouillard)
- issue685275 - add pragma show_retired to control display of retired
items when using list/table. Add pragma display_header to print
headers for display command. Header displays designator and
retired/active status. (John Rouillard)
- issue2551299 - support config.ini rdbms option 'service'. Allow use
of a PostgreSQL connection service file (pg_service.conf) for
configuring database on a per-tracker basis. Also replaces use of
PGSERVICE env variable for single instance trackers. (From ML
question by ivanov. John Rouillard)
- issue2550852 - support for specifying a PostgreSQL schema to use for
the Roundup database. (Patch by Stuart McGraw; slight modifications,
tests, docs: John Rouillard).
- issue2551274: add configurable logging for REST API when something
fails, we now log status code and error message.
(Ralf Schlatterbeck)
- issue2551317 - add some Jinja2 examples to customizing.txt
document. (John Rouillard)
- multiple scripts/... updates - Python3, linting, enhancements:
weekly-report,schema-dump.py, roundup-reminder, copy-user.py,
dump_dbm_sessions_db.py, contributors.py (John Rouillard)
- roundup/msgfile.py can now be called as 'python msgfmt.py de.po de.mo'
or 'python msgfmt.py -o de.mo de.po' to compile a translation file if
GNU msgfmt is missing. (John Rouillard)
- save roundup-admin history between sessions. Load
~/.roundup_admin_rlrc file to set history-size persistently. Add
pragma history_length to override for a session. (John Rouillard)
- the roundup-admin history command now dumps the journal entries
in a more human readable format. Use the raw option to get the older
machine parsible output. (John Rouillard)
- Multiple JWT secrets are supported to allow key rotation. See
an updated config.ini for details. (John Rouillard)
- issue2551212 - wsgi performance improvement feature added in 2.2.0
is active by default. Can be turned off if needed. See upgrading.txt
for info. (John Rouillard)
- issue2551270 - Better templating support for JavaScript. Add
utils.readfile(file, optional=False) and utils.expandfile(file,
token_dict=None, optional=False). Allows reading an external file
(e.g. JavaScript) and inserting it using tal:contents or equivalent
jinja function. expandfile allows setting a dictionary and tokens in
the file of the form "%(token_name)s" will be replaced in the file
with the values from the dict. (John Rouillard)
- add @group to rest interface collection queries. Useful when using
optgroup in select elements. (John Rouillard)
- roundup-demo can set the hostname in the URL using the -H
parameter. So you can start a demo tracker that is available from
your network using 'roundup-demo ... -B hostname -H hostname'. (John
Rouillard)
- issue2551347 - make _generic.help.html work without property
settings. This applies to classic or minimal trackers. It allows use
of classhelp without the property seting for informtion only
(e.g. description of what a priority or status means) without being
able to select the property in the classhelper. Good for adding help
for Link properties. (John Rouilllard)
- issue1525113 - notation to filter by logged-in user. Use
@current_user with properties that are a Link to the 'user' class to
match the currently logged in user. Allows sharing of queries like
"Issues I created" or "Issues I am assigned to" by removing the
hard coded user id number and replacing it with the current user's
id. Tracker templates updated to use it. (John Rouillard from a
patch by Jon C. Thomason)
- Add a /rest/data/user/roles REST endpoint. (John Rouillard)
- issue2551353 - Add roundup-classhelper for 2.4.0
release. Integrate new classhelper web component to wrap
existing classhelper link. This fixes a number of
outstanding bugs against the current classhelper using
current web features. (Patel Malav, Nikunj Thakkar,
Bharath Kanama with integration by John Rouillard)
- disable spellcheck on all password fields to try to prevent
browser from exposing passwords to external servers. (John
Rouillard)
2023-07-13 2.3.0
Fixed:
- Updated directions for verifying Roundup distribution using pgp.
- Dockerfile healthcheck fixed so it works when trackers are
specified on command line. Also cleanup of unneeded
packages. (John Rouillard)
- issue2551224 - Replace dbm db for sessions and otks when using
sqlite. New databases are created for session data (db-session)
and one time key data (db-otk). The data is ephemeral so no
need to migrate. (John Rouillard)
- issue2551223 - Timestamps are truncated in mysql and postgresql
for session and otk database tables. Modify db schema to use a
numeric type that preserves more significant figures. See
upgrading.txt for required steps. (John Rouillard)
- added more testing of BasicDatabase to support use of SQLite
for that purpose. Had to fix memory, rdbms and dbm edge cases
due to new tests. (John Rouillard)
- issue2551138 - roundup-server with ssl under python2 throws
traceback on socket close. Not sure how this got fixed,
but after fixing issue2551137 it was not an issue anymore.
- issue2551137 - roundup-server won't run with ssl under python3
Fixed by using SocketIO and manually adding buffering io and
catching SSL.ZeroReturnError indicating SSL has been shut down.
- add caching header for text/javascript in addition to depricated
application/javascript. (John Rouillard)
- Enable postgres-fts: fix indexer-common::get_indexer so it returns a
postgresql-fts Test code paths in get_indexer. (John Rouillard)
- Fix Postgres native-fts, implement a two phase initialization of the
indexer. The native-fts one gets assigned after the database
connection is open. (John Rouillard)
- fix crash if postgresql native-fts backend is asked to index content
with null bytes. (John Rouillard)
- issue2551232 - modify in-reply-to threading when multiple matches
Change how in-reply-to threading works in the mailgw. If there is
more than one issue with a matching parent message, fall back to
subject matching. See upgrading.txt for details. (John Rouillard)
- issue2551195 - port scripts from optparse to argparse (Ralf Schlatterbeck)
- issue2551246 - mitigation, document how -u doesn't work for
roundup-admin. (John Rouillard)
- Document better that files in the template or static_files
directories accessed via @@file are available to any user with the
url. (John Rouillard)
- Fix final exception handler in roundup-server to send proper
Content-Length header to the client. (John Rouillard)
- Fix traceback if Origin header is missing. (John Rouillard)
- issue2551250: Fix sorting of detectors even if there are two with the
same name and priority (can happen if they are created in two
different files). (Ralf Schlatterbeck)
- Fix Traceback when a numeric order attribute is empty (Ralf
Schlatterbeck)
- Update some template schema files to assign Register permissions for the
Anonymous user. Replaces the old Create permission. (John Rouillard)
- Allow '*' and explicit origins in allowed_api_origins. Only return
'Access-Control-Allow-Credentials' when not matching '*'. Fixes
security issue with rest when using '*'. (John Rouillard)
- issue2551263: In REST response expose rate limiting, sunset, allow
HTTP headers to calling JavaScript. (John Rouillard)
- issue2551257: When downloading an attached (user supplied file),
make sure that an 'X-Content-Type-Options: nosniff' header is sent.
(John Rouillard)
- issue2551252 - default number of rounds for PKDF2 password increased
to 2,000,000. (John Rouillard)
- issue2551251 - migrate/re-encrypt PBKDF2 password if stored
password used a smaller number of rounds than set in
password_pbkdf2_default_rounds. (John Rouillard)
- upgrade from jquery-3.5.1 to jquery-3.6.3. Update user.help.html
to new version. (John Rouillard)
- Dockerfile scanned with hadolint. Fixed multiple issues. (John Rouillard)
- fix crash due to invalid initialization/reset of configuration.py
option_validators. Crashed roundup-admin on second command if an
option_validator was added by a detector or extension. (John Rouillard)
- Dockerfile uses dumb-init to properly wait for child/zombie
processes. Defense against child process starting from detector
and becoming a zombie when its roundup-server instance exits.
(John Rouillard)
- Move installed frontend/Zope back to frontend/ZRoundup
directory. This better identifies the directory when copied into
the Zope framework. It also matches existing
documentation. (John Rouilard)
- Multiple fixes/updates for installation documentation.
Including docker shell/admin/demo mdoes. (John Rouillard)
- Invalid item identifiers passed to REST endpoint return a 404
rather than a 400 error. E.G. /rest/data/issue/issue4 (rather
than .../issue/4). (John Rouillard)
- issue2551280 - sorted() method of MultilinkHTMLProperty is broken?
(Gabor Nagy report and fix; commit John Rouillard)
- issue2551352 - classic classhelper overwrites current
window if javascript is disabled. It now opens in a new
window (target=_blank). Without javascript it is in read
only mode but... (John Rouillard)
Features:
- Add warning about limited Python 2 support lifetime to install and
upgrading docs. (John Rouillard)
- Dockerfile supports demo mode for instant gratification
8-). Also supports shell and admin mode (John Rouillard)
- Dockerfile build allows adding additional python packages via
pip, setting UID tracker is run under. (John Rouillard)
- issue2551140 - Added redis as a session and otk database for use
with anydbm and sqlite primary databases. (John Rouillard)
- issue2550559 - Pretty printing / formatting for Number types.
Added pretty(format='%0.3f') method to NumberHTMLProperty to
print numeric values. If value is None, return empty string
otherwise str() of value. (John Rouillard)
- sqlite native-fts backend now uses the stopwords list in config.ini
to filter words from queries. (Stopwords are still indexed so that
phrase/proximity searches still work.) (John Rouillard)
- sqlite databases use WAL mode when *created* to improve read
concurrency. Existing sqlite database still use rollback journal
mode. See upgrading.txt for details. (John Rouillard)
- issue2551233 - create new roundup-admin command "templates" list all
template names, location and descriptions. Should help find where
/usr/share/roundup/templates is buried during some install
mechanisms. Does not need a tracker home to run. (John Rouillard)
- Add OAuth authentication to the mailgw script. Now IMAPS can be used
with OAuth as required by several large cloud providers. Move command
line processing of the mailgw script to ``argparse``. Note that the
command line options of the mailgw have changed, see upgrading.txt for
details. (Ralf Schlatterbeck)
- issue2551243: schema-dump.py enhanced with anti-CSRF headers. Flake8
cleanup and python2 support. (John Rouillard)
- issue2551253 - new password hash PBDKF2-SHA512 added. Not
available by default. Follow directions in upgrading document
to use. (John Rouillard)
- roundup-admin migrate command reports the schema version.
- issue2551262 - the mail gateway subject prefix now allows spaces
before/after prefix. Also allow spaces between classname and id
number in prefix designator. So "[ issue 23 ] subject" is parsed
like "[issue23] subject". (John Rouillard)
- [doc]: add section on implementing CSP for Roundup to admin
doc. (John Rouillard)
- issue2551265 - deprecate SSHA password hash method. Users using SSHA
passwords will have their passwords transprently upgraded to PBKDF2
derived hash on next login. (John Rouillard)
- issue2551253 - Modify password PBKDF2 method to use SHA512. New
hash function using PBKDF2-SHA512 available. Will be default in
future. Directions for upgrading security by using it now is
included in upgrading.txt. (John Rouillard)
- issue2551275 - Allow configuring max_children in roundup-server.
When using roundup-server in fork mode, allow raising number of
forked children above the default of 40. (Original patch by Joseph
Myers, config settings and docs by John Rouillard.)
- roundup-admin genconfig does not need a tracker home to run. (John
Rouillard)
- issue2551190 - Allow roundup-admin reindex to work in
batches. Running roundup-admin -i ... reindex issue:1-1000 will
reindex the first 1000 issues while reporting any missing issues
in the range. Also completion progress is reported when indexing a
specific class.
- doc updates: add explanation for SQL code in 1.3.3->1.4.0 upgrade.
document schema table in rdbms backends and how to dump/extract
version from them. (John Rouillard)
2022-07-13 2.2.0
Fixed:
- issue2551161 - Fix ResourceWarnings when running with -W default.
Cleaned up leaking file descriptors from zopetal pre-compile, python
module compile and loading localization file. (John Rouillard)
- When using roundup-server with native SSL, only accept TLS v1.2.
Previously it used to accept only TLS v1.1. 1.1 is deprecated by
chrome. I don't expect this to be a major problem since a front
end server (apache, Nginx...) is usually customer facing and
terminates SSL. (John Rouillard)
- Fix hang when valid user without authorization for REST tries to use
the rest interface. (John Rouillard)
- Remove Content-Type and make sure no content is returned by OPTIONS
request in REST interface. (John Rouillard)
- In write_html set the Content-Length when response is not
encoded/compressed. (John Rouillard)
- In REST interface do not raise UsageError for invalid api version.
Return json error with proper message. Fixes crash. (John Rouillard)
- In REST interface, allow extensions on URI less than 6 characters in
length. All other paths with a . in then will be passed through
without change. This allows items like a JWT to be passed as a path
element. (John Rouillard)
- issue2550995 - KeyError classic during roundup-admin install. Add
paths to search for locale and template files.
- issue2551167 - pip install in containerized environments puts
template and locale files under site-packages where roundup can't find
them. Change code to find them under site-packages.
- REST replace hard coded list of child endpoints for /rest/ with list
pulled from registered endpoints. So newly added endpoints are
shown. (John Rouillard)
- issue2551107 - Handle representation of long int in history params
for python3. Causes SyntaxError crash when showing history due to
long int e.g. 2345L. This is not a problem for roundup trackers
created using 1.2.0 or newer. The fix may have predated the 1.2.0
release but where the fix actually landed (representing id as a
string and not as an int) is unknown.
- issue2551175 - Make ETag content-encoding aware. HTTP ETag headers
now include a suffix indicating the content-encoding used to send
the data per rfc7232. Properly validate any form of ETag suffixed or
non-suffixed for If-Match.
- issue2551178 - fix Traceback in Apache WSGI - during file upload
- issue2551179 - make roundup-demo initialize templates using
config_ini.ini overrides. Needed for jinja to set template lang etc.
Recognize minimal template when presented with a full
path. (John Kristensen (jerrykan) and John Rouillard)
- handle configparser.InterpolationSyntaxError raised if value
has a single %. Seems to afect python 3 only. Reported by
nomicon on IRC. (John Rouillard)
- add random delay to session database retry code between 0 and .125
seconds. This seems to help reduce stalled connections when a
number of connections are made at the same time. Log remaining
retries once 5 of them have been used. (John Rouillard)
- issue2551169 - setup.py enters endless loop on gentoo linux python2
installation. Fixed.
- issue2551185 - must set PYTHONPATH=... python2 setup.py install
--prefix=/tmp/r2. Force insert --old-and-unmangable to get it
to use a classic installer and not an easy install. This only
affects python2.
- issue2551186 - Python versions >= 3.3 no longer use socket.sslerror.
Andrew (kragacles) patched uses of socket.sslerror in mailgy.py.
Patch adapted to allow trapping sslerror under both python2 and 3.
(John Rouillard)
- issue2551142 - postgresql reworked to use savepoint/"rollback to"
rather than commit()/rollback(). Using savepoint should be faster.
- issue2551196 - Unset labelprop of a Multilink can lead to Python
error when using context/history. (reported and initial patch: Nagy
Gabor, John Rouillard)
- Fix roundup-server to pass If-Range http header so Ranges work
better. (John Rouillard)
- issue2551183 - Replace references to distutils in
roundup/dist/command (John Rouillard)
- Fix hang if Range request was not able to be satified or a HEAD
request was done.
- Mark strings involved with password reset and registration for
translation. (reported: Thomas Arendsen Hein, John Rouillard)
- issue2551159 - cl.filter fails if filterspec is None (also
group and sort). Passing a sort, group or filterprop param
set to None to any filter() call should not cause a
traceback. It will pretend as though no filter, sort or
group was specified. (John Rouillard)
- issue2551205 - Add support for specifying valid origins
for api: xmlrpc/rest. Allows CORS to work with roundup
backend. (John Rouillard)
- new option added to config.ini: login_empty_passwords set to
no by default. Setting this to yes allows a user with an
empty password to login.
- issue2551207 - Fix sorting by order attribute if order attributes can
be None. Add a test.
- issue2551203 fix CORS requests by providing proper headers and allowing
unauthenticted CORS preflight requests. (Marcus Priesch and John
Rouillard)
- issue2551206 - removed some windows installer references that were missed.
- document use of jinja2 templating as optional in config.ini
file. Report if available or not. (John Rouillard)
- make setup.py install the Zope and wsgi.py frontends under
share/frontends. This matches the install of the cgi-bin/roundup.cgi
frontend. (John Rouillard)
- prevent submit button from showing up when using _generic.item.html
if the user doesn't have edit permissions. (John Rouillard)
- issue2551216 - create new mysql databases using COLLATE
utf8_general_ci to prevent crashes in test suite. (John Rouillard)
- issue2551146 - fix issues with strings that have multiple %s
substutions that were not labeled making i18n difficult/impossible.
(John Rouillard)
Features:
- issue2551147 - Enable compression of http responses in roundup.
Allow roundup to return gzip, (br or zstd with added modules)
Content-Encoded replies. Compression could be done in upstream
proxies/wsgi server but this allows it to occur natively. (John
Rouillard)
- Change tracker templates adding required to login forms. Invokes
browser error reporting if user forgets to fill in a field.
(John Rouillard)
- issue1596345 - filtering user list (need
user.search.hml). Incorporate user search features from
issues.roundup-tracker.org into classic template. Devel and
responsive templates already have this feature.
- issue2550917 - Add a: "Welcome user, you have logged in" ok_message
on login. (Ashley Burke)
- enable HTTP/1.1 for roundup-server. This enables keep-alive for
faster response/loading. Also eliminates stalls when the front end web
server uses http 1.1 but the roundup-server uses 1.0. New option
"-V HTTP/1.0" can turn it off. (John Rouillard)
- issue2551163 - add scripts/Docker/Dockerfile to provide basic support for
containerization. See installation.txt for details. (John Rouillard)
- issue2551163 - add scripts/Docker/docker-compose.yml to get a
mysql/roundup deployment. (Norbert Schlemmer, modified by John
Rouilard)
- REST add openapi_doc decorator to add openapi_doc to
endpoints. Decorate a couple of examples. (John Rouillard)
- REST when incorrect method is used, report allowed methods in error
message as well as in an Allow header. (John Rouillard)
- REST change response to invalid attribute specified in path. Return
400 code not 405 code for this case and improve error. (John
Rouillard)
- REST correct values for some Access-Control-Allow-Methods and
Access-Control-Allow-Headers headers. (John Rouillard)
- issue2550991 - define default cache control settings for javascript
and css assets. (John Rouillard)
- issue2551181 - fragments can be appended to designators. So
issue23#msg24 could jump to the element with id msg24 in issue 23.
Before this patch you would have two links issue23 and msg24
separated by # (John Rouillard).
- added small utility script to dump dbm based tracker databases
(e.g. db/sessions). (John Rouillard)
- issue2551182 - Enhance configuration module to allow loading values
from an external file. Secrets (passwords, secrets) can specify
file using file:// or file:///. The first line of the file is used
as the secret. This allows committing config.ini to a VCS. (John
Rouillard)
- Added xapian indexer to Docker container. (John Rouillard)
- Add support for indexer type native-fts to use FTS5 for sqlite
databases. (John Rouillard)
- Add support for indexer type native-fts to use PostreSQL's full text
search. (John Rouillard)
- Add better error display to the user. Needed to expose errors in fts5
search syntax to the user while also displaying the template page
structure. (John Rouillard)
- issue2551189 - increase size of words in full text index.
Many terms (like exception names or symbolic constants) are larger
than 25. Also German words are long. Since there is little chance of
fixing German to shorten their words, change indexer maxlength to 50.
(Thomas Arendsen Hein provided patch; patch reworked John Rouillard)
- issue2551184 - add an i18n object to the roundupdb. This makes it
possible to translate error messages in detectors (or actions). The
i18n object is now also correctly set for the mail interface:
previously the 'language' setting in the [mailgw] section seems to
have been ignored. Thanks to Marcus Priesch for the patch.
- issue2551212 - speed up wsgi interface by caching the tracker
instance. Hidden behind a feature flag. See upgrading.txt for
details. (Marcus Priesch with feature flag by John Rouillard)
2021-07-13 2.1.0
Fixed:
- issue2551122 - fixing order by a link/multilink broke other props
should be final change for that ticket. (John Rouillard)
- when isset() is used in templates on a StringHTMLProperty, it
returns True. 2.1.0 made default_value work properly. Hyperdb's
String(_Type) class sets the default value to the empty string and
not None. Change __init__ so default_value is None and not "".
roundup-user mailing list thread:
https://sourceforge.net/p/roundup/mailman/roundup-users/thread/20210801020640.73ac1729%40Dell/#msg37328813
(reported by Nagy Gabor. fix: John Rouillard)
Features:
- add image/svg-xml as valid mime type to serve. Was being served as
octet-stream. (John Rouillard)
- improve customizing.txt documentation on use of Special Form
Variables. Added example html inputs to illustrate the doc.
Fix position of designator in doc example. It occurs before
@link@ or other edit command. (John Rouillard)
2021-06-19 2.1.0b1
Fixed:
- Reverse multilink to *the same class* would trigger a traceback about
a modified dictionary on iteration (Ralf Schlatterbeck)
- issue2551086 - Valid class names not documented. Should follow
``[A-z][A-z0-9_]+[A-z_]``. This was never documented or enforced, but
we get obscure errors if the rules are not followed. (Tom
Ekberg tests by John Rouilard)
- issue2550564 - Roundup sets "Precedence: bulk" on all outgoing mail,
which seems wrong. Handle Auto-Submitted header on *inbound* email
like we do precedence bulk. This is part of this issue.
- roundup-admin filter calls find() not filter when using -s -c -S
(John Rouillard)
- When requesting transitive properties via ``@fields`` in the REST-API,
an empty link in the transitive property (e.g. author.username when
requesting message properties) would result in a 404 error. Now we're
returning a JSON 'null' value. for an empty link (e.g. empty author in
the example). (John Rouillard)
- sphinxcontrib.cheeseshop is unmaintained and using old http
url. Attempts to override cheeseshop_url failed. Replace call to
cheeseshop in docs with raw html and remove references to
cheeseshop. (John Rouillard)
- issue2551093 - return plain text if markdown formatter throws exception
(reported by Cedric Krier, fix by John Rouillard)
- issue2551094 - make simplemde handle line breaks the same as the
backend markdown formatters. (report: Cedric Krier, patch: Christof
Meerwald)
- issue2551092 - fix crash bug by aligning
``roundup.anypy.email_.decode_header`` with stdlib ``email.header`` and
convert string to bytes for python 3. (Cedric Krier)
- issue2551097 - fix underlying bug in use of fenced codeblocks with
markdown2. Fix for issue2551093 to prevent exception trigger.
(patch: Cedric Krier)
- issue2551099 - disable processing of data url's in markdown. Display
as plain text. (John Rouillard)
- issue2551100 - old jquery has security issues, upgrade it and fix
user.help.html (John Rouillard)
- replace deprecated base64.decodestring with base64.b64decode in
roundup_server.py and roundup_xlmrpc_server.py (reported by
lmsteffan in irc)
- removed run_tests.py. Newer pytest doesn't support generating
stand alone testing bundles. Python 3.9 generates errors running
the current run_tests.py. (reported by lmsteffan in irc)
- issue2551104 - fix issue with markdown autolink next to punctuation (ced)
- removed support for old style trackers that use dbinit.py and
config.py. Also remove all uses of deprecated imp module. (John Rouillard)
- removed support for setting database type using
<database>/backend_name. (John Rouillard)
- fixed some issues when generating translations. Use mappings and
named format parameters so translators can move substituted tokens
in translations. (John Rouillard)
- in rest interface, fix uncaught exceptions when parsing invalid
Content-Type and Accept headers. Document response formats more
fully in doc/rest.txt. (John Rouillard)
- in filter, filter_iter and _materialize_multilinks, use named cursor
with postgresql. This turns of client-side cursor handling and avoids
*large* roundup process (or wsgi process) in case of large results.
Fixes issue2551114. (Ralf Schlatterbeck)
- issue2551108 - fix handling of designator links when formatted
as markdown links. (Reported by Cedric Krier; John Rouillard)
- Fix filename created from mail attachments, fixes issue2551118
- Call verifyPassword even if user does not exist. Address timing
attack to discover valid account names. Useful where anonymous user
is not allowed access. (John Rouillard)
- issue2551126 - AttributeError: 'str' object has no attribute
'local'. Fix traceback caused by DateHTMLProperty.pretty() called
on a string value due to error in some other field. (Reported by
reda, fix: John Rouillard)
- issue2550899 - Migrate setup.py to setuptools; fixes:
issue2550866 'pip install --editable .' fails; et al.
this now requires that setuptools be installed. (Patch by John
Kristensen (jerrykan); additional doc changes (upgrade.txt,
RELEASE.txt) John Rouillard)
- issue2551128 - Impossible to validate a user with unknown timezone
Raise KeyError when an unrecognized timezones is passed to
pytz. (patch Cedric Krier, test John Rouillard)
- issue2551129 - Template not found return 500
Handle traceback caused when requested @template is not found.
Return 400 error in this condition. (patch Cedric Krier,
additional change and test John Rouillard)
- issue2551062: roundup-admin security now exits status 1 when
it finds an invalid property. It no longer tries to print the rest
of the security properties. (John Rouillard)
- issue2551078 - Fix traceback caused when putting two id's into a
Link html field. A ValueError is raised. Handle exception and return
value. hyperdb.py now reports 'you may only enter ID values for
property ...' to the user. (John Rouillard)
- issue2551120 - The sorted method of MultilinkHTMLProperty crashes,
if the given property is unset for an element of the list. Crash
fixed. New feature NoneFirst added to method to make unset values
sort at start or end of sorted list. (John Rouillard)
- issue2550648 - keyword boolean search. Issue has multiple problems.
Fix issue where saving the keyword boolean search would remove the
link to open the editor. (John Rouillard)
- issue2551136 - timezone extention crash on Python 3.8. cgi.escape
is used in some template to provide a select box of timezones. It
uses cgi.escape that is deprecated and removed from 3.8 and newer.
Use html.escape with fallback to cgi.escape. (Cedric Krier)
- roundup-server can act as an SSL server. Usually SSL is provided by
a front-end server like nginx, hiawatha, apache. The SSL parameters
have been upgraded to TLS 1.1. Cert is RSA 2048 bytes with SHA512
signature. Without these upgrades, ssl mode won't start. Note this
exposes other issue with roundup-server operating as an SSL
endpoint. See issue2551138 and issue2551137. (John Rouillard)
- issue2551122 - sorted method of MultilinkHTMLProperty does a string
sort even if the property is an integer. Fixed so that the orderprop
for the linked class is used. (John Rouillard, reported by Nagy Gabor)
- issue2550964 - History can (temporarily) show incorrect value when a
change is rejected. Fix history function to always use the database
values and ignore the current setting in the form. (John Rouillard)
- Fix find() with anydbm. Using protected properties raised KeyError.
Add shortcut fast return. Both changes come from rdbms_common.py's
find(). (John Rouillard)
- Fix traceback caused by calling history() with arguments in a
non-item context. (John Rouillard)
- issue2551141 - roundup-admin returns no such class when restoring
item with duplicate key. Fix incorrect error message when using
roundup-admin to restore a user when the username is already in use.
(John Rouillard)
- issue2551142 - Import of retired node with username after active
node is imported raises unique constraint failure. (Reported by Ganesh
Sittampalam/Heffalump on irc. John Rouillard)
- *** Must run roundup-admin migrate ***
Increment rdbms version from 5 to 6. Mysql rdbms classes were
missing unique key constraint. Found during fix for issue2551142.
See upgrading.txt. (John Rouillard)
- ignore blank lines in CSV class editing. (John Rouillard)
Features:
- issue2550522 - Add 'filter' command to command-line
interface. Filter command was actually added in 2.0.0, but this
issue requested transitive searching. So that::
roundup-admin -i . filter issue assignedto.username=Admin
will work. This also fixes a bug. If assignedto.username had no
matches, all issues would be returned. This is also fixed.
(John Rouillard)
- issue2550716 - Email address displayed after password reset request.
This fix actually made it into 1.6 release. However this release
documents how password reset works in user_guide.txt. (John Rouillard)
- issue2551094 - add new markdown config.ini setting to allow embedded
newlines to cause a linebreak same as GitHub Flavored Markdown.
(Patch: Cedric Krier; Doc change/checkin John Rouillard)
- issue2551096 - enable markdown autolink for email and bare url's.
Modify raw markdown adding appropriate link markers on the fly.
(Cedric Krier)
- issue2551098 - add rel="nofollow" for links generated by markdown2
backend and rel="nofollow noopener" for mistune and markdown
backends. Prevents link spam. noopener prevents security issue when
available. (John Rouillard)
- Added explanation for modifying Fileclass content files to
customizing.txt. Result of mailing list question. (John Rouillard)
- issue2551109 - Improve keyword editing in jinja2 template. (Cedric Krier)
- issue2551117 - Add example systemd config
- Allow admin to configure language used for stemming in xapian
indexer. (John Rouillard request by Nagy Gabor)
- Move memorydb from test to roundup/test to allow regression-testing in
tracker instances without copying code. Also move the test-detectors in
tx_Source_detector.py to roundup/test for two reasons: It's used in the
memorydb convenience functions and it may be useful in other tests. Make
the prefix a parameter of the convenience functions to be usable in other
tests. (Ralf Schlatterbeck)
- pytest suite now starts the server under wsgi and loads the home
page. This test is skipped if the requests module is not installed.
- extract translatable strings from devel and responsive templates. Merge
translations from https://sourceforge.net/p/roundup/code/merge-requests/3/
(John Rouillard. DE translations by Tobias Herp.)
- send_message now allows setting authid to set source of email.
(John Rouillard)
- issue2550837 - New option for web auth (also http header passing).
Allow admin to configure authentication header replacing the default
REMOTE_USER. Also allow arbitrary headers to be passed to the
tracker when using roundup-server behind a proxy. This code is
experimental see upgrading.txt admin_guide.txt. (John Rouillard)
2020-07-13 2.0.0
Fixed:
- encoding for SSHA encoded passwords with Python 3 (Christof
Meerwald)
- exception in logout action when there is no session (Christof
Meerwald)
- quote all non-numeric data in csv export functions. Report that a
title like '=a2+b3' could be interpreted as a function in Excel and
executed. csv.writer now includes quoting=csv.QUOTE_NONNUMERIC to
generate quoted values for all fields. This makes the string
starting with = be interpreted as a string and not a formula. (John
Rouillard as reported in the decomissioned bpo meta tracker IIRC.)
- issue2551084 - Fix inefficiency in roundup-admin. Streamline code and
bring in line with 2.7 and newer python functionality. (Patch by Tom
Ekberg (tekberg); John Rouillard)
- provide fallback for import gdbm under python3. If gdbm import
fails, try import of dbm.gnu. (John Rouillard)
Features:
- When defining Link or Multilink properties in the schema, it's now
possible to add a parameter rev_multilink that accepts a property name
to be inserted into the linked-to class. So this creates a reverse
Multilink property in the linked-to class. This Multilink is read-only
(cannot be updated) but can be used in filter -- and thus in normal
index templates as well as in the REST and XMLRPC APIs. (Ralf
Schlatterbeck)
- Add a 'is_restore_ok' method similar to 'is_retire_ok' for use in
templates.
- Allow to configure the mysql charset when opening a connection to the
database. The parameter was conditional on python version > 2 but
seems to work fine with python2.7. According to the MySQLdb API docs,
the charset argument is supported with MySQL 4.1 which was released in
2004. There are some legacy reasons why one would want to not pass a
charset argument or pass an argument different from the default of
'utf8'. (Ralf Schlatterbeck)
- Index created for documentation. Links created for website docs and
released docs. Needs more refinement, but it exists at least.
(John Rouillard)
- New filter command defined in roundup-admin. (Partial fix for
issue724648.) (John Rouillard)
- New parameter @stats for REST interface that provides the same
performance stats as the web interface's CGI_SHOW_TIMING env
variable. (John Rouillard)
- New roundup-admin command importtables allows importing just the
database dump created by exporttables. (John Rouillard)
- New config-option 'cookie_takes_precedence' in the [web] section. This
allows sub-logins (e.g. without a password given a specific role) even
when a non-cookie login mechanism (like Kerberos) is in use. With that
mechanism e.g., a Kerberos ticket will not take precedence over an
existing cookie. This might become the default in the future and the
new option might go away.
- Add data attributes to classhelp templating code. This provides
a method to allow classhelp to work if there is a
Content-Security-Policy implemented by the roundup admin that uses
the client_nonce. See:
https://wiki.roundup-tracker.org/AddingContentSecurityPolicy for details.
2020-04-05 2.0.0 beta 0
Features:
- Allow to pass additional headers to nosymessage, nice if a message
needs to be marked as urgent or similar, e.g., Outlook uses an
"Importance" header, when set to "high" it highlights the message.
(Ralf Schlatterbeck)
- issue2550926 - Original author adding a second message shouldn't set
status to 'chatting'. See upgrading.txt for details. (John Rouillard)
- issue2550919 - Anti-bot signup using 4 second delay. New config.ini
param [web] registration_delay must be set to 0 if template
user.register.html is not modified. See upgrading.txt for details.
- Reimplement -u <login>[:<password>]. This opens the database as the
user and applies expected permissions. It also creates history
entries for the user. Note that the password is unused, no mention
of it is in the spec that I can find, so not sure what it was
supposed to be used for as the CLI has full access to the files so a
password check is not useful. An edge case is when the login has a :
in it. In this case it may not work as expected. So don't do that.
- Implement Cache-Control headers for static files. Allows tracker
admin to control caching for css, js and other static files. See
customizing.html. The use is documented in the section describing
how to use interfaces.py.
- issue2551071 Update jinja template to bootstrap 4. Updated to 4.4.1.
The pull request has been around for a while. (Patch: Paul Spooren;
templates merged and additional changes by Christof Meerwald; other
merged by John Rouillard)
- Add config option 'http_auth_convert_realm_to_lowercase'
If usernames consist of a name and a domain/realm part of the form
user@realm and we're using REMOTE_USER for authentication (e.g. via
Kerberos), convert the realm part of the incoming REMOTE_USER to
lowercase before matching against the roundup username. This allows
roundup usernames to be lowercase (including the realm) and still
follow the Kerberos convention of using an uppercase realm. In
addition this is compatible with Active Directory which stores the
username with realm as UserPrincipalName in lowercase.
- Cleaned up the WSGI interface implementation by separating the
request handler from the request displatcher. Also allow
customisation of tracker instance creation via an overridable
"get_tracker" context manager.
- Allow transitive properties in @fields in REST API. These transitive
properties may not cross Multilinks, e.g., when querying 'issue' the
property 'messages.author' is not allowed (because 'messages' is a
multilink). A multilink at the end (e.g. messages in the example) is
fine.
- Added markdown rendering using markdown, markdown2 or mistune; use
SimpleMDE markdown editor in jinja2 template (Christof Meerwald)
- Allow filtering by multiple date ranges or empty date. Date ranges are
separated by comma, an empty date is represented by '-'
- issue2551083 - Replace BaseException and Exception as base classes
with new RoundupException (inheriting from Exception) for most
roundup exceptions. (John Rouillard and Ralf Schlatterbeck on
request from Robert Klonner.)
Fixed:
- issue2550996 - Give better error message when running with -c
(install as windows service) and pywin32 is not importable. Could use
better testing on a windows box. (John Rouillard)
- issue2550921 - Can create login name with , in it. Confuses nosy
list editing. Also can embed html tags. Updated userauditor.py
to prevent this. See updating.txt. (John Rouillard)
- issue1344046 - Search for "All text" can't find some Unicode words
(John Rouillard, Ezio Melotti)
- issue1195739 - search in russian does not work (John Rouillard, Ezio
Melotti)
- issue2550920 - Registration with confirmation detects duplcate name
when using validation. Added option to allow detection of duplicate
username when the user tries to register. Previously user was
rejected when confirming registration. (John Rouillard)
- French translation gave errors with Python 3 because of ISO-8859-1
character in .mo file header. (Joseph Myers)
- Fix representation of boolean html attributes to be 'required'
rather than the xhtml form of 'required="required"'. Specify
(reverted attribute value same as attribute name or) attribute
value of None, to output attribute as boolean. (John Rouillard)
Reverted (part of) this change. It breaks rendering of non-boolean
attributes (like name="name"). So only value of None renders
attribute properly as boolean. (Ralf Schlatterbeck)
- issue2551076 - in responsive template, default searches for bugs and
tasks sets status=new default should be "don't care". (Report:
Ludwig Reiter; Fix: John Rouillard)
- issue2551077 - In "jinja2" template: cannot login if German language
is used. Fixed three places where the value of a hidden @action
input field was translated. (Reported by Ludwig Reiter. John
Rouillard)
- Document security issues in xmlrpc interface in doc/xmlrpc.txt.
- Enable autoescape in the jinja2 template and use the i18n extension
for translations. (Report: John Rouillard; Fix: Christof Meerwald)
- Cleanup code by linting using flake8. (John Rouillard)
- Cleanup code by security linting using bandit. (John Rouillard)
- issue2550912 - fixed missing query string in __came_from for jinja2
template. (Christof Meerwald)
- issue2551019 - handle character set conversions for CSV export
action in Python 3. (Christof Meerwald)
- issue2551051: Return a 403 on non-existing or non-searchable
transitive properties when queried via REST-API (same behavior for
sorting and searching).
- Fixed ReStructuredText encoding with Python 3.
2019-10-23 2.0.0 alpha 0
Features:
- issue2550901: add search page to jinja2 template (Christof Meerwald)
- issue2550982: use PBKDF2 in Python's hashlib, if available (Python
2.7.8+), to improve performance over bundled pure Python
version. Note that acceleration via m2crypto is no longer supported
(Christof Meerwald)
- issue2550989: PGP encryption is now done using the gpg module
instead of pyme. (Christof Meerwald)
- issue2550987: Use updated MySQL client module that supports Python
3. (Christof Meerwald)
- issue2550967: the jinja2 loader has been extended to look for .xml
files as well as .html files similar to the TAL loader. (Christof
Meerwald)
- Support for Python 3 (3.4 and later). See doc/upgrading.txt for
details of what is required to move an existing tracker from Python
2 to Python 3 (Joseph Myers, Christof Meerwald)
- Merge the Google Summer of Code Project of 2015, the implementation of
a REST-API for Roundup. This was implemented by Chau Nguyen under the
supervision of Ezio Melotti. Some additions were made, most notably we
never destroy an object in the database but retire them with the
DELETE method. We also don't allow to DELETE a whole class. Python3
support was also fixed and we have cherry-picked two patches from the
bugs.python.org branch in the files affected by the REST-API changes.
- Patch to client.py and roundup-server needed by REST-API
code. Support OPTIONS verb and prevent hangs when processing a verb
other than GET that doesn't have a payload. E.G. DELETE, PATCH or
OPTIONS. Verbs like PUT and POST usually have payloads, so this
patch doesn't touch processing of these methods. (John Rouillard)
- Patches to new rest code:
- Generated links in responses should use the base url specified
in config.ini.
- allow user (e.g. in browser) to override response type/Accept
header using extension in url. E.G. .../issues.json. This fixes
the existing code so it works.
- fix SECURITY issue. Retrieving the item of a class
(e.g. /rest/data/user/2) would display properties the user wasn't
allowed to access. Note that unlike the web interface, passwords
and roles for users are still retreivable if the user has access
rights to the properties.
- ETags are sent by GET operations and required for DELETE, PUT and
PATCH operations. ETag can be supplied by HTTP header or in the
payload by adding the field @etag to the form with the value of
the etag.
- If dict2xml.py is installed, the rest interface can produce an XML
format response if the accept header is set to text/xml.
(See: https://pypi.org/project/dict2xml/)
- When retrieving collection move list of collection elements to
collection property. Add @links property with self, next and prev
links (where needed). Add @total_size with size of entire
collection (unpaginated). Pagination index starts at 1 not 0.
- accept content-type application/json payload for PUT, PATCH, POST
requests in addition to application/x-www-form-urlencoded.
(John Rouillard)
- issue2550833: the export_csv web action now returns labels/names
rather than id's. Replace calls to export_csv with the export_csv_id
action to return the same data as the old export_csv action. (Tom
Ekberg (tekberg), Andreas (anrounham14) edited/applied and tests
created by John Rouillard)
- issue2551018: Add new note_filter parameter to nosymessage. The
function supplied by this parameter can rewrite the body of the
nosymessage before it gets sent. See issue:
https://issues.roundup-tracker.org/issue2551018 for example
nosyreaction and generated email. (Tom Ekberg (tekberg))
- issue2550949: Rate limit password guesses/login attempts. Rate
limit mechanism added for web page logins. Default is 3 login
attempts/minute for a user. After which one login attempt every 20
seconds can be done. (John Rouillard)
- issue2551043: Add X-Roundup-issue-id email header. Add a new header
to make it easier to filter notification emails without having to
parse the subject line. (John Rouillard)
- The database filter method now can also do an exact string search.
- The database filter method now has limit and offset parameters that
map to the corresponding parameters of SQL.
- issue2551061: Add rudimentary experimental support for JSON Web
Tokens (jwt) to allow delegation of limited access rights to third
parties. See doc/rest.txt for details and intent. (John Rouillard)
- issue2551058: Add new permissions: 'Rest Access' and 'Xmlrpc Access'
to allow per-user access control to rest and xmlrpc interfaces using
roles. (John Rouillard)
- issue2551059: added new values for tx_Source to indicate when /rest
or /xmlrpc endpoint is being used rather than the normal web
endpoints. (John Rouillard)
- issue2551062: roundup-admin security now validates all properties in
permissions. It reports invalid properties. (John Rouillard)
- issue2551065: Reorder html entities generated by submit button so that
styles can be applied. Thanks to Garth Jensen for the patch against
release 1.6 that was ported to upcoming 2.0 release (Ralf
Schlatterbeck).
Fixed:
- issue2550811: work around Unicode encoding issues in jinja2 template
by explicitly converting data to Unicode; also fixed pagination and
selecting columns to display in the issues list (Christof Meerwald)
- issue2550988: fixed fallback to pseudo random number generator in
case SystemRandom isn't available, prefer use of secrets module if
available (Python 3.6+) (Christof Meerwald)
- issue2550993: fixed edit CSV action to update restored items to the
new value instead of restoring with the previous value (Christof
Meerwald)
- issue2550994: avoid breakage caused by use of backports of Python 3
configparser module to Python 2. (Joseph Myers)
- Make non-existent items in history not cause a traceback (Ralf
Schlatterbeck)
- issue2550722: avoid errors from selecting "no selection" on
multilink. (Joseph Myers)
- issue2550992: avoid errors from invalid Authorization
headers. (Joseph Myers)
- issue2551022: support non-ASCII prefixes in instance config for
finding static files. (C\E9dric Krier)
- issue2551023: Fix CSRF headers for use with wsgi and cgi. The
env variable array used - separators rather than _. Compare:
HTTP_X-REQUESTED-WITH to HTTP_X_REQUESTED_WITH. The last is
correct. Also fix roundup-server to produce the latter form. (Patch
by C\E9dric Krier, reviewed/applied John Rouillard.)
- issue2551035 - fix XSS issue in wsgi and cgi when handing url not
found/404. Reported by hannob at
https://github.com/python/bugs.python.org/issues/34, issue opened by
JulienPalard.
- issue2551026: template variable not defined even though it is.
Fix issue where variables defined in TAL expression are not
available in the scope of the definition. (Tom Ekberg (tekberg))
- Make all links created with rel=nofollow include noopener. Deals
with possible hijack of original page due to malicious link target.
https://mathiasbynens.github.io/rel-noopener/ (John Rouillard)
- Fix bug where some protected properties were not identified as such
when using the anydbm backend (John Rouillard)
- issue2551041 - change permission check from "Create User" to "Register
User" in page.html for the responsive and devel templates. (reporter
C\E9dric Krier, John Rouillard)
- issue2550144 - fix use of undefined icing macro in devel
template. Replace with frame macro. (C\E9dric Krier)
- handle UnicodeDecodeError in file class when file contents are
not text (e.g. jpg). (John Rouillard)
- issue2551033: prevent reverse engineering hidden data by using etags
as an oracle to identify when the right data has been
guessed. (Joseph Myers, John Rouillard)
- issue2551029: Jinja2 template install error. Update configuration
code to make sure valid backend database is set. Remove config.ini
from templates to make sure that roundup-admin install writes a new
default config.ini based on configuration.py.
- issue2551040: New release of psycopg2 drops support for psycopg1 -
need to rewrite. Now uses psycopg2 throughout. (John Rouillard)
- issue2551009: Flint not supported error during reindex. Upgrading
doc updates to discuss this when reindexing. (Reported by Gabi,
Change by John Rouillard)
- issue2551030: Roundup fails to start if pytz to access Olson
timezone database not installed. (John Rouillard)
- issue2551029: Jinja2 template install error. Handle issue with
template's config.ini not getting updated. Provide an alternate
file: config_ini.ini for required config settings that are merged
into the default values producing an up to date config.ini on
install.
- issue2551008: fix incorrect encoding handling in mailgw.py
(Ezio Melotti, John Rouillard)
- issue2551053: the routing dictionary in rest.py used compiled regular
expressions as dictionary keys. This worked most of the time because
the regex lib uses a cache but resulted in duplicate keys in the
dictionary in some cases where a single key should have been used.
Thanks to Robert Klonner for discovering the problem, debugging the
root cause and providing a first proposed fix.
- Make searching with a multiselect work for Link/Multilink properties
that may contain numeric *key* values. For these a menu would render
options with IDs and later look up the IDs as *key* of the
Link/Multilink. Now numeric IDs take precedence -- like they already
do in the menu method of Link and Multilink.
- issue2551013: Reversed sorting in hyperdb property wrapper object's
sorted() method. Patch by David Sowder, application and doc change
by John Rouillard.
- issue2550821 - patches for depricated mod_python apache.py interface
(John Rouillard)
- issue2551005 - deprecation of mod_python (John Rouillard)
- issue2551066: IMAP mail handling wasn't working and produced a
traceback.
- issue2550925 if deployed as CGI and client sends an http PROXY
header, the tainted HTTP_PROXY environment variable is created. It
can affect calls using requests package or curl. A roundup admin
would have to write detectors/extensions that use these mechanisms.
Not exploitable in default config. (John Rouillard)
- Add config option to keep/delete previous logging config. Needed to
make gunicorn --access-logfile work as it uses python logfile module
too.
2019-07-13 1.6.1
Features:
- doc updates. Link rot fixed and some grammar changes.
'Provisional User' config example fixed. Issue tracker is
now https. (John Rouillard)
Fixed:
- issue2550994: avoid breakage caused by use of backports of Python 3
configparser module to Python 2. (Joseph Myers)
- issue2551023: Fix CSRF headers for use with wsgi and cgi. The
env variable array used - separators rather than _. Compare:
HTTP_X-REQUESTED-WITH to HTTP_X_REQUESTED_WITH. The last is
correct. Also fix roundup-server to produce the latter form. (Patch
by C<E9>dric Krier, reviewed/applied John Rouillard.)
- issue2551035 - fix XSS issue in wsgi and cgi when handing url not
found/404. Reported by hannob at
https://github.com/python/bugs.python.org/issues/34, issue opened
by JulienPalard.
- issue2551029: Jinja2 template install error. Remove config.ini
from templates to make sure that roundup-admin install writes a new
default config.ini based on configuration.py.
- issue2551029: Jinja2 template install error. Handle issue with
template's config.ini not getting updated. Provide an alternate
file: config_ini.ini for required config settings that are merged
into the default values producing an up to date config.ini on
install.
2018-07-13 1.6.0
Features:
- issue2550894: migrate test suite and run_test.py to py.test (John Kristensen)
- issue2550880: Ability to choose password store scheme and SSHA
support. Discussion on devel list is tending in favor of this patch.
Embedded test works, my manual test with a SSHA password
assigned to a user allowed the user to log in. Ran the test suite
and the tests that were not skipped passed. (applied by John Rouillard)
- New Link/Multilink property attribute 'msg_header_property', can be
used to configure additional headers in outgoing emails. See
documentation in ``doc/customizing.txt``. (Ralf Schlatterbeck)
- Allow multiple file uploads: If the html template specifies
multiple="multiple" for a file upload the user can attach multiple
files and the form parser now handles this. (Ralf Schlatterbeck)
- issue2550886: Add support for an integer type to join the existing
number type. This can be used for properties used for ordering,
counts etc. where a decimal point isn't needed. Developed by
Anthony (antmail). Doc updates written by John Rouillard. (applied
by John Rouillard)
- Updated html/_generic.404.html to use the page template. So 404
errors now include the left hand menu, a proper page title and
body content. Note added to doc/upgrading.txt on how to add it to
deployed trackers. (John Rouillard)
- issue2109308 - Allow subject of nosy messages be changed from reactor
Adds a subject parameter to nosymessage function. Patch initally
generated by Frank Niessink. Tests, adaptation by John Rouillard.
- issue2550683 Allow indexargs_form filter variable exclusion.
Patch generated by Bruce Tulloch (bruce). Applied and docstring for
indexargs_form updated by John Rouillard. Patch description is:
This is required to allow indexargs_form to be used in conjunction with
other form variables which *replace* some filterspec parameters.
One must exclude all variables from the indexargs_form call which are to
be replaced with values that are derived from other form input elements,
otherwise they will clash with the "hidden" input elements generated by
indexargs_form itself.
For example::
<tal:block replace="structure python:request.indexargs_form(
sort=0,group=0,filter=0,columns=0,
exclude=['type','status','assignedto'])"/>
where the variables type, status and assignedto are supplied via other
form input elements. Without the new exclude argument to indexargs_form,
all hidden input elements otherwise generated by this call would need to
be manually added to the template code. Further, given that the template
may not know what other variables may be defined, it may not even be
possible to code this without some python helpers.
[ rouilj I think this is an example usecase. Possible assignedto
users need to have a specific role. Create TAL that
filters the users to the select few. Defines a select list for
assignedto. Use exclude=['assignedto'] to prevent the
indexargs_form from generating a confliciting assignedto field
which lists all users regardless of the role.]
- allow user to recover account password using an entry in the
Alternate E-mail addresses list. See:
http://psf.upfronthosting.co.za/roundup/meta/issue564
for description. Merge request at:
https://sourceforge.net/p/roundup/code/merge-requests/1/
Patch supplied by kinggreedy. Applied/tested by John Rouillard
- issue2550636, issue2550909: Added support for Whoosh indexer.
Also adds new config.ini setting called indexer to select
indexer. See ``doc/upgrading.txt`` for details. Initial patch
done by David Wolever. Patch modified, docs added and committed
by John Rouillard.
- issue2550803: Replying to NOSY mail goes to the tracker through
reply-to, not original message author.
Created new [tracker] replyto_address config.ini option to allow:
1) setting reply-to header to the tracker
2) setting reply-to header to the address of the author
of the change
3) setting it to a fixed address (like noreply@some.place)
Done by John Rouillard from proposal by Peter Funk (pefu)
in discussion with Tom Ekberg (tekberg). See doc/upgrading.txt.
- issue1714899: Feature Request: Optional Change Note. Added a new
quiet=True/False option for all property types. When quiet=True
changes to the property will not be displayed in the::
- confirmation banner (shown in green) when a change is made
- property change section of change note (nosy emails)
- web history display for an item.
Note that this may confuse users if used on a property that is
meant to be changed by a user. It is most useful on administrative
properties that are changed by an auditor as part of a user
generated change. Original patch by Daniel Diniz (ajaksu2)
discussed also at:
http://psf.upfronthosting.co.za/roundup/meta/issue249
Support for setting quiet when calling the class specifiers:
E.G. prop=String(quiet=True) rather than::
prop=String()
prop.quiet=True
support for anydb backend, added tests, doc updates, support for
ignoring quiet setting using showall=True in call to history()
function in templates by (John Rouillard). (Note implementation
changed while implementing fix for issue2550864. Filtering of
quiet properties pushed down to the hyperdb.py::Class::history
function. This fixes a small bug in the implementation that caused
a limiting the templating history call to display fewer than the
the requested number of items if some were quiet.)
- issue2550767: Add newitemcopy.py detector to notify users of new
items. Added to detectors directory and a README.txt generated to
describe the purpose of the directory. It also says the detectors
are provided on an as-is basis and may not work. Detector by W.
Trevor King (wking), rest by John Rouillard.
- issue934009: Have New Issues Submitted By Email *Not* Change Body!
The mailgw config options: keep_quoted_text and leave_body_unchanged
can now have a new values: new. If set to new, keep_quoted_text acts
like yes if the message is starting a new issue. Otherise it strips
quoted text. This allows somebody to start a new issue by forwarding
a threaded email (with multiple quoted parts) into roundup and
keeping all the quoted parts. If leave_body_unchanged is set to
new, even the signature on the email that starts a new issue will be
preserved.
- New cgi action restore (RestoreAction) which reverses the effects of
the retire action. Created while implementing fix for
issue2550831. Requires restore permission in the schema. See
upgrading.txt for migrating to 1.6.0 for details. (John Rouillard)
- issue2550751: Email Header Issue. Noel Garces requested the ability
to suppress email headers like "x-roundup-issue-files". With Ralf's
addition of the Link/Multilink property attribute
'msg_header_property' we can do this easily. Setting the
'msg_header_property' to the empty string '' (not to None) will
suppress the header for that property. (John Rouillard)
- issue2550891: Allow subdir in template value. Anthony (antmail)
requested the ability to put templates into subdirectories. So
the issue class can accept @template=issues/item to get the
html/issues/issue.item.html template. See ``doc/upgrading.txt``.
- issue1842687: Keywords: After creating, stay in "Create New" mode.
Change to classic tracker template to provide a check box (checked
by default) that keeps the user on the "Add new keyword" page after
submitting a new keyword. Usually after submission, you will see the
the page for the new keyword to allow you to change the name of the
keyword. (John Rouillard)
- issue2550757 - internal restructuring to allow admin.py to be tested
more easily. W. Trevor King (wking)/ John Rouillard.
- When storing user-defined queries we now store the template with the
query if the template name is different from 'index'. This allows
stored queries for templates different from the default 'index'
template. (Ralf Schlatterbeck)
- Number properties now have an optional attribute use_double to request
double precision float as the storage type for this property. (Ralf
Schlatterbeck)
- issue2550796: Calendar and Classhelp selection tools don't cause
onchange event to be triggered.
Using the helper popups for modifying lists of users, lists of
issues, dates etc.. now trigger the change event on the form's
field. This allows onchange javascript to trigger to highlight
changes, recalculate other form values etc. See ``upgrading.txt``
for details on applying these changes to your tracker. (John Rouillard)
- menu template function has a new parameter "showdef". When set to a
string, the string is appended to the displayed option value. This
allows the user to reset the value for the menu (select) to the
original value. (John Rouillard)
- @template html url parameter can be set to "oktmpl|errortmpl". When
a form is submitted, if the form passes validation the oktmpl is
used for the resulting page. If the form fails submission the
errortmpl page is used to display the form. The errortmpl will
usually be the same template used to edit the form. See the section
on "Implementing Modal Editing Using @template" in
``customizing.txt``. (John Rouillard)
- New form of check function is permitted in permission definitions.
If the check function is defined as::
check(db, userid, itemid, **ctx)
the ctx variable will have::
ctx['property']: the name of the property being checked or None
ctx['classname']: the class that is being checked or None
ctx['permission']: the name of the permission (e.g. View, Edit)
At some future date the older 3 argument style check command will
be deprecated. See ``upgrading.txt`` for details.
- New property for permissions added to simplify the model. See
``reference.txt`` and search for props_only and
set_props_only_default in the section 'Adding a new Permission'.
(John Rouillard)
- issue2550690 - Inadequate CSRF protection. Improvements in
Cross Site Request Forgery protection to check HTTP headers
and nonces. If the header/nonce is present, they are
validated. But if headers or nonces are missing access is
granted. The enforcement policy can be set in config.ini.
Requiring enforcement will need some changes to
templates. Support for protecting xmlrpc endpoint not well
tested. See ``upgrading.txt``. (John Rouillard)
- Added support for using the SameSite cookie option on the
session cookie. Default is lax, but there is a settable
option in config.ini file to change to strict or
suppress it entirely. See ``upgrading.txt``. (John Rouillard)
- Added a new roundup-admin command: updateconfig. Similar to
genconfig but it uses values from an existing config.ini
rather than default values. Use to update an existing
config.ini with new options and help text. (John Rouillard)
- issue2550864: Potential information leakage via journal/history
Hyperdb history function now only returns properties that the user
can View or Edit and links to objects the user can see. Can be
overridden by setting a parameter when calling the method.
Also restructured code that implemented issue1714899 moving it
from the templating class to the hyperdb. (John Rouillard)
- Improves diagnostics for mail processing: When using logging level = DEBUG,
bounces and bounce problems are logged. (Bernhard Reiter)
- In roundup-server, pass X-Forwarded-For and X-Forwarded-Proto
headers as the environment variables: HTTP_X-FORWARDED-FOR and
HTTP_X_FORWARDED_PROTO. If the user is running roundup server behind
a proxy, these headers allow the user to write extensions that can
figure out the original client ip and protocol. None of the core
roundup code uses these headers/env vars. These headers can be
spoofed by bad proxies etc. so you have been warned.
- issue2550799: provide basic support for handling html only emails
Emails missing text/plain parts but with text/html parts can be
converted into text. If this is done the email will no longer be
bounced back to the sender with an error. Enable by configuring the
convert_htmltotext option in your upgraded config.ini. (Initial
patch by Igor Ippolitov merged with changes by John Rouillard.)
- Add a 'retired' parameter to Class.filter to allow searching for
retired, non-retired or all (retired and non-retired) items similar
to the argument of the same name to Class.getnodeids. This is 'False'
by default (finding only non-retired items for backwards
compatibility) and can be set to None (for finding retired and
non-retired items) or True (for finding only retired items).
- Requires Python 2.7 now, indicated in version_check.py
and doc/installation.txt. (Bernhard Reiter)
- New -L flag to roundup-server to send http/https request logs
through the python logger module (using roundup.http). This allows
automatic log rotation. Without it, log file rotation requires restarting
the server. (John Rouillard)
- Part of issue2550960. Applied patch 0038 to upgrade documentation
code examples to support both python 2 and 3. (Joseph Myers)
- Release no longer includes binary windows installer. Pypi no longer
accepts it for upload.
Fixed:
- issue1615201: Optionally restore the original (version 0.6) mailgw
behaviour of ignoring a Resent-From:-header and using the real
From-header instead: new configuration option EMAIL_KEEP_REAL_FROM
(Peter Funk aka Pefu).
- issue2550717: Changed a couple of residual email references into
E-Mail in German translation (John Rouillard)
- issue2550669: Adding documentation for csv_field_size to the
customizing tracker section of doc/customizing.txt (John Rouillard)
- issue2550601: gsoc-2009 "bug" class doesn't have "patches" property
Added multilink to patches to the bug schema in the devel template.
(applied by John Rouillard)
- issue2550748: Crash when creating new issues with non-existing
multilink values (in classic template). Applied patch so it
now errors the same way as an update does. (applied by John Rouillard)
- issue2550757: one bug raised by issue fixed. Patch created by
W. Trevor King (wking) for documentation of mailgw applied by
John Rouillard.
- Fix processing of additional arguments to cgi method 'menu': This
would not work if more than one additional argument is used.
(Ralf Schlatterbeck)
- Update documentation of some existing property attributes (like
'do_journal' for Link/Multilink properties), this also adds missing
documentation for issue1444214. (Ralf Schlatterbeck)
- issue2550763 Strip whitespace from Multilink values after + or -.
(W. Trevor King) Test heavily modified by John Rouillard. (applied
by John Rouillard)
- issue2550907 Fix errors when creating documentation. Work done by
Peter Funk (pefu). (Applied by John Rouillard with small change
omitting obsolete security.txt.)
- issue2550826 Capture some exceptions from auditors/reactors and
raise a DetectorError instead. This allows failures like IOErrors
from the detectors (e.g. unable to access files) to be handled.
Previously an IOError just resulted in no output (premature end of
headers under apache). Problem diagnosed and initial patch created by
Tom Ekberg (tekberg). Further testing and patch change done by
John Rouillard.
- issue2550851 in installation doc removed directions for
installing additional codecs for Asian languages. They
they appear to be part of the standard python since at least 2.6.
Also the quoted url is obsolete. See ticket if you think you need
the codecs.
- issue2550823 improve mailgw logging for node creation errors.
Patch by r.david.murray (applied by John Rouillard).
- issue2550549 Postgres error on message templating
Exception gets thrown and not captured if nodeid is too large
on postgres. Added a check in rdbms_common layer that max nodeid
is < 2^31 -1. Large nodeid now return no such id error upstream.
Patch idea from: martin.v.loewis. (John Rouillard)
- issue2550723 Fix propagation of @pagesize
When @pagesize=0 is specified (indicating show all), the value of
pagesize is not propigated to the prev link. This patch fixes that.
Patch provided by John Kristensen. (Applied, light testing by John
Rouillard.)
- issue2550850 ``anypy/email_.py`` uses BSPACE which is not defined \
in python 2.7. Supplied a definition for BSPACE since it seems to
not be defined anywhere. Reported by Dennis Boone. (John Rouillard)
- Validate properties specified for sorting and grouping in index
views. Original patch from martin.v.loewis via:
https://hg.python.org/tracker/roundup/rev/439bd3060df2
Applied by John Rouillard with some modification to properly
identify if the bad property is a sort or grouping property. Tests
added.
- Validate Integer and Numeric type filter parameters rather than
passing output down to db level. Initial patch at:
http://hg.python.org/tracker/roundup/rev/98508a47c126 by
Martin.V.Loewis. Numeric test patch applied, Integer code and tests
developed by John Rouillard.
- issue1926124: fix crash in roundup_admin migrate option.
Patch submitted by Henry (henryl), modified value to False
since this produces the correct "No migration action required"
output from the migrate command.
- issue2161722: oudated docs (sic)
Fix old entry in FAQ, update roundup-server config docs and
example file from current roundup-server output. Update
some typos in .py files. John Rouillard.
- issue2550572: setting nosy=+foo on multiple issues gives them all
the same exact nosy list. Fixed a missing reinitialization that has
to occur every time though the loop in do_set. Manual tests work.
(John Rouillard)
- issue2550653: xapian search, stemming is not working
This is a partial fix for the issue. It does make stemming work
(so searching for silent will also return docs with silently in
them). However to do this we need to lowercase the text so the
porter stemmer will work. This means capitalization is not
preserved. Fix done by David Wolever (wolever). Committed and doc
updates John Rouillard.
- issue2550855: "show unassigned" link shows all open issues if not
logged in. This adds permission for the anonymous user to search
the users class. Without this the unassigned search can't see if
there is a user assigned to an issue, so it acts like all open
issues. Patch supplied by Stuart McGraw (smcgraw). For caveats
see ``upgrading.txt`` and the comments in the default templates.
(Docs created and applcation by John Rouillard)
- issue2550854: including new field in All text* search.
Fixed documentation in customizing.txt. The default for indexme on
String fileds is 'no' not 'yes'. So to get a new string field into
the full text/all text index you need to use String(indexme='yes').
Reported by Michael Belleville. (John Rouillard)
- issue2550853 - better error handling and cleanup on some postgres
tests by Stuart McGraw.
- issue2086536 - back_postgresql: fixing pg_command and prefering
psycopg2. Patch done by Philipp Gortan (mephinet). His patch
also improves handling of retryable errors. Applied and
edited by John Rouillard. Edits included removing support for
psycopg1. See:
https://sourceforge.net/p/roundup/mailman/message/32855027/
for rational for dropping it.
- issue2550831: Make the classic template query.edit page work.
Many fixes and improvements. See ``upgrading.txt`` for details.
Diagnosis and fix with patch by R David Murray. Support for
restoring retired but active queries, html layout changes and doc
by John Rouillard.
- issue2550785: Using login from search (or logout) fails. When
logging in from a search page or after a logout it fails with an
error. These failures have been fixed. The fix also keeps the user
on the same page they started from before the login. There are two
parts to this: 1) changes to the templates to properly define the
__came_from form element. See ``upgrading.txt``. 2) code changes
to the LoginAction code in roundup/cgi/actions.py. (John Rouillard)
- issue2550648 - partial fix for problem in this issue. Ezio Melotti
reported that the expression editor allowed the user to generate an
expression using retired values. To align the expression editor with
the simple dropdown search item, retired values are now removed from
the expression editor. (We have an open question as to whether this
is desirable.)
- issue2550743 - Reindex with MySQL Server failed. It looks like
indexing large documents may require increasing mysql's
max_allowed_packet setting. Documented the issue in doc/mysql.txt.
Possible solutions include: increasing value of MySQL parameter,
changing the full text search engine to whoosh or xapian. Problem
report by telsch. Analysis/doc by John Rouillard.
- issue2550882. Reported by Karl-Philipp Richter. Fixed
installation.txt documentation to include better directions on
starting roundup-server on different ports/ip addresses. Also
updated man page to include default use of localhost for -n and use
of -n 0.0.0.0 to bind to all addresses on the host. (John Rouillard)
- issue2550827, issue2550718. Doc additions so people know that a
python 32 bit installation may be required for windows. Additional
documentation on the requirement of pywin32 for running roundup as a
windows service. Also the windows installer must be run as
administrator and strong encouragement for installing the pytz
module added to ``doc/installation.txt``.
- issue2550776: imapServer.py problem. Fixed a missing initialization of the
logging level if no logging level option is supplied. (John Rouillard)
- issue2550839: Xapian, DatabaseLockError: Unable to get write lock on
db/text-index: already locked. Put in a retry loop that will attempt
to get the lock. Total delay approx 4.5 seconds. (John Rouillard)
- issue2550727: db.newid is broken with sqlite. Added proper transaction
lock around the sql code to get a new id. The the locking
that pysqlite attempts had to be defeated because it is broken.
Had to explicitly manage transactions with BEGIN IMMEDIATE and call
sql_commit. Note that this reduces performance in return for accuracy.
Problem reported by Matt Mackall (mpm) (John Rouillard).
- issue2550701: Path traversal from template names. This affects the
tal based template engines (zopetal, chameleon). If a directory
with a specific name is created in the html subdirectory, the
template name in the url can be used to get access to files outside
of the tracker html directory. This has been fixed by normalizing
the path and comparing to the normalized path for the html
directory. See ``doc/upgrading.txt``. (John Rouillard)
- Fix subject parsing in mail gateway. The previous parsing routine
would not ensure that arguments are at the end of the subject and when
subject_suffix_parsing was configured to be 'loose' it would truncate
the subject when encountering a double prefix, e.g.
Subject: [frobulated] [frobulatedagain] this part would be lost
(Ralf Schlatterbeck)
- issue2550795: @dispname query args in page.html search links
not valid html. Some queries with names that include spaces are not
properly url encoded/quoted. I.E. a space should be replaced with
%20. Fixes to allow a url_query method to be applied to
HTMLStringProperty to properly quote string values passed as part of
a url.
- issue2550755: exceptions.NotFound(msg) msg is not reported to user
in cgi. When an invalid column is specified return error code 400
rather than 404. Make error code 400 also return an error message to
the user. Reported by: Bernhard Reiter, analysis, fix by John Rouillard.
- issue1408570: Finally fix that form values are lost on edit
exceptions. This occured for example if editing an issue with the
classic template and setting 'superseder' to a non-existing issue
number. All changes to the form where the original field was non-empty
were lost. (Ralf Schlatterbeck)
- Fix submit_once Javascript function: This needs to return a boolean
value (not and integer like 0 or 1). And the work-around for an
ancient version of Internet Explorer would make it break for a recent
Firefox. The old version would show the popup but after clicking away
the alert it would load the page. The new version (tested with
Chromium and Firefox) doesn't load the page. (Ralf Schlatterbeck)
- Fix Traceback in backends/portalocker.py on windows due to missing
windll import, thanks to Heiko Stegmann for suggesting a first fix.
(Ralf Schlatterbeck)
- issue2550933 - Fix Traceback in cgi/templating.py when a string is
passed to PasswordHTMLProperty::plain. (John Rouillard)
- issue2550934 - templating.py-indexargs_form() returns id's as
space separated list not comma separated. This fixes the format of
the id url parameter when generated by indexargs_form. (John
Rouillard)
- issue2550932 - html_calendar produces templating errors for bad date
strings. Fixed to ignore bad date and highlight todays date in the
calendar popup.
- Query handling requires that query names for a user are unique.
Different users are allowed to use the same query name. Under some
circumstances a user could generate a second query with the same
name. The SearchAction function has been corrected to report this
error. Also the index.search.html template in the classic tracker
and corresponding templates in the other example trackers
has been modified to include:
<input type="hidden" name="@template" value="index|search"/>
so an error from SearchAction will display an error message and keep
the user on the search page so they can correct the error. See
``doc/upgrading.txt``. (John Rouillard)
- When a new named search is created, the index page that is displayed
doesn't show the name. This has been fixed by setting the @dispname
to the query's name. (John Rouillard)
- Passing args into indexargs_url(..,{'@queryname': request/dispname
or None, 'Title': 'some' }) where the value of the arg is None
will not add the arg to the url. In the example above @queryname
will only be in the url if dispname is set in the request.
(John Rouillard)
- The HTMLClass::properties() method produced a list of properties
that the user could not search. As a result these properties can not
be used for sorting or grouping index pages. This patch eliminates
the confusion that results from this mismatch by verifying that all
properties returned are searchable. (John Rouillard)
- Mutilinks can be displayed with their labelprop using the plain()
method, but they can not be looped over using tal:repeat if the user
doesn't have view access to the class the multilink represents. The
permissions check was changed to require that the user have View
access to the labelprop for the class rather than View access to the
class. (John Rouillard)
- issue2550937: fix crash by verifying that sendto is not null before
calling mailer.smtp_send. Discovered and patched by Trent Gamblin.
Applied by John Rouillard.
- removed old code from roundup-admin that implemented the obsolete
config (do_config) command. (John Rouillard)
- Modified configuration option static_files to be a space separated
list of directories to search for static files in the web interface.
If one of the elements is -, the search stops and the TEMPLATES
directory is not searched. See:
https://sourceforge.net/p/roundup/mailman/message/35773357/
subject is "showing template sources to all".
- issue2550945: OpenPGP: Extends newissuecopy.py to encrypt if configured.
(Bernhard Reiter)
- CSRF protection broke the retire function for query edit. Fix
javascript and make sure csrf tokens are provided in the right
places. (John Rouillard)
- query.item.html was missing checks to verify that a query should
be visible to the user. This is fixed and users can only view
queries that they own or that are not private. (John Rouillard)
- issue2550953: Patch: fix for context.is_view_ok check in jinja2 template
Form controls are displayed when anonymous views indexes but is
denied access. (patch by Anton Schur applied by John Rouillard)
- issue2550957: Duplicate emails (with patch).
Bcc and cc users passed to nosymessage are not properly recorded.
This results in duplicate emails. (patch by Trent Gamblin (trentgg)
applied by John Rouillard).
- issue2550954: History display breaks on removed properties
Now changes to removed properties, and link/unlink events from
non-existing properties or classes no longer trigger a traceback.
Concerning the visibility: We have a new config-item
obsolete_history_roles in the main section that defines which roles
may see removed properties. By default only role Admin is allowed to
see these.
- Fix issue2550955: Roundup commits although a Reject exception is raised
Fix the problem that changes are committed to the database (due to
commits to otk handling) even when a Reject exception occurs. The fix
implements separate database connections for otk/session handling and
normal database operation.
- Allow empty content property for file and message via xmlrpc
interface. This used to raise a traceback in the (sql) backend.
- Work around a limitation in python2.7 implementation of poplib (for
the pop3 protocol for fetching emails): It seems poplib applies a
line-length limit not just to the lines involving the pop3 protocol
but to any email content, too. This sometimes leads to tracebacks
whenever an email exceeding this limit is encountered. We "fix" this
by monkey-patching poplib with a larger line-limit. Thanks to Heiko
Stegmann for discovering this.
- Fix issue2550963: After refactoring one-time keys from the main
database we need to commit the password change in the password reset
mechanism separately. This used to be committed by the otk commit.
2016-01-11: 1.5.1
Pay attention:
If you have installed an intermediate version from our version control
system and have modified your tracker instance to escape OK and
error-messages in the HTML templates you need to revert this change.
If you're upgrading from a previous roundup release version
you should look into ``doc/upgrading.txt``. (Ralf Schlatterbeck)
Also note the default user permissions, see ``doc/upgrading.txt``.
Features:
- The example local_replace.py has been updated to show how to link to
modern revision systems using hex revision identifiers.
This extension is used to expand shortcuts in msgs. (Bernhard Reiter)
- Drop comment in user settings about numeric hour offsets instead of using
pytz timezone names. Due to DST these are wrong half of the year, it is
much better to use timezone names. (Thomas Arendsen Hein)
- issue2550793: Wrap messages with very long lines in the web interface.
(Thomas Arendsen Hein)
- New Link / Multilink option "try_id_parsing": Sometimes the key of a
class can be numeric -- in that case roundup will try to parse the
value as an ID when evaluating form values -- not as a key. Specifying
try_id_parsing='no' for these Link/Multilink will skip the ID step,
default is 'yes'. (Ralf Schlatterbeck)
- New configuration option 'isolation_level' in rdbms section. Currently
supported for Postgres and mysql, sets the transaction isolation level.
Wrong history entries for concurrent database updates observed in
issue2550806 can be prevented by setting this to 'repeatable read' if
you want to pay the performance penalty. We test this behaviour in the
regression tests for Postgres but not currently for mysql.
See http://www.postgresql.org/docs/9.1/static/transaction-iso.html
(Ralf Schlatterbeck)
- /xmlrpc endpoint now shows link to XML-RPC documentation if accessed
through browser, without text/xml Content-Type (anatoly techtonik)
- docs: New dedicated chapter for extensions in ``doc/customizing.txt``
(anatoly techtonik)
- Increase default height of classhelp windows from 400 to 600.
(Thomas Arendsen Hein)
- Date properties now can specify (on input) an explicit timezone suffix
(similar to RFC 2822), e.g. +0200 for CEST or -0500 for EST. This also
works in the XMLRPC interface. For examples see roundup.date.Date.
(Ralf Schlatterbeck)
- Add RejectRaw exception to allow unescaped HTML error messages to be
displayed to the user (thanks Ezio Melotti for the initial patch)
(John Kristensen)
- Add rel=nofollow to http and https url's in the body of messages.
This should reduce the value of a public roundup tracker to spammers.
References like issue20 or msg10 will hyperlink without
rel=nofollow so that robots can index them. Similar work was done
for the history display in roundup 1.5.0. (John Rouillard)
Fixed:
- issue2550869 Duplicate mail headers (Reply-To, Message-ID, In-Reply-To)
when sending out email. Reported with first fix by Mathias Behrle.
(Bernhard Reiter)
- issue2550830 An empty LinkHTMLProperty cannot be compared successfully.
Improves the query editing page. Reported and fixed by R David Murray
(Bernhard Reiter).
- Fix Release-date of 1.5.0 in this file (thanks to Bernhard for
discovery) (Ralf Schlatterbeck)
- Pythons cgi form code can return a TypeError, we now guard for this
condition. (Ralf Schlatterbeck)
- Small bug-fix in SQL backends: A query (e.g. in a html menu) with a
where-clause that always evaluates to false now will not raise a
traceback. (Ralf Schlatterbeck)
- Remove Python 2.3 compatibility code for i18n (anatoly techtonik)
- If documentation 'sphinx-build' tool is not found in system PATH,
'setup.py build_doc' command now tries to detect it from PYTHONPATH
(anatoly techtonik)
- Read version and release for generated documentation from
roundup/__init__.py. (Thomas Arendsen Hein)
- Do not throw an internal error if a .mo file can not be read
(Thomas Arendsen Hein)
- issue2550673 Make the "Make a copy" link work by fixing copy_url to properly
handle multilink properties. (John Rouillard)
- issue2550583, issue2550635 Do not limit results with Xapian indexer
(Thomas Arendsen Hein)
- Allow using plain() on unsaved dates in HTML forms
(Thomas Arendsen Hein)
- setup.py now installs static files of the HTML documentation (stylesheets,
images, etc.) (Thomas Arendsen Hein)
- executable .py scripts need "#!/usr/bin/env python", add this to demo.py,
remove exec bits from website/wiki/wiki/data/plugin/theme/roundup.py
(Thomas Arendsen Hein)
- issue2550822: Fix showing more than one additional property in class menu.
Report and fix by James Mack (Thomas Arendsen Hein)
- Fix String search with special SQL wildcard characters in LIKE/ILIKE
clause and add testcase (Ralf Schlatterbeck)
- Fix subtle bug when sorting by a Link that contains a Multilink from
which we also search for an attribute. In that case the LEFT OUTER
JOIN clause was missing in generated SQL. (Ralf Schlatterbeck)
- Fix another XSS issue2550817. Note that the code that triggers that
particular bug is no longer in roundup core. But the change to the
templates we suggest is a *lot* safer as it by default escapes the
error and ok messages now. Thanks to Thibault Fevry for the original
bug-report. (Ralf Schlatterbeck)
- issue2117897: Fixed two more places in date.py where seconds can be
rounded to 60.0 and causing exceptions. Change them to 59.999 as was
done in the fix for issue2550802. (Thomas Arendsen Hein)
- Fix batch.propchanged for transitive id properties (would result in a
backtrace when trying to group by property.id) (Ralf Schlatterbeck)
- Fix issue2550835, the test checks for date-range queries with an
interval that depends on the local time. Put the queried date a little
later to avoid a race condition where the queried interval doesn't
match the date because the clock has advanced. (Ralf Schlatterbeck)
- Apply german translation fixes from Debian team in issue2550761,
thanks to Kai Storbeck for taking the time to report these.
(Ralf Schlatterbeck)
- Fix issue2550843 Pass text of Unauthorised and Login exceptions instead
of the exception instance to avoid traceback with string operations.
(Thomas Arendsen Hein)
- Fix issue2550841 roundup-demo templates not found in virtualenv (John
Kristensen)
- Security: Default user permissions should not include all user
attributes. We now limit this to the username, realname and some
further attributes depending on the schema. Note that we no longer
include the email addresses, depending on your installation you may
want to further restrict this or add some attributes like ``address``
and ``alternate_addresses``. (Ralf Schlatterbeck)
- Correctly recreate the database directory when re-initialising a tracker
instance. (John Kristensen)
- In case of an error, date fields would lose the calendar help, fixed.
(Ralf Schlatterbeck)
- demo.py usage message improved: explains "nuke" now. (Bernhard Reiter)
- Fix issue2550735 Missing doc for xmlrpc schema. Thanks to Cedric Krier
for the patch. (anatoly techtonik)
- Fix two line-break accidents in devel and responsive milestone.item.html
(Thomas Arendsen Hein)
- Fix broken images in legacy spec.html and original_overview.html, and
restore web presence for "Roundup's Design Document" (anatoly techtonik)
- Template jinja2: Updated URL to point to http://www.roundup-tracker.org/,
fixed a typo. (Bernhard Reiter)
- Security: Add mime-type whitelist for attachmens that can be safely
rendered from Roundup without trigerring security bugs in browser
plugins, XSS issues and spam. The option ``allow_html_file`` didn't
provide protection for invalid content-type, in which case browser
tried to guess the best one. Thanks to Kay Hayen for reporting and
helping debug this. issue2550848 (Ralf Schlatterbeck, anatoly techtonik)
- Documentation: configuration messages_to_author value "nosy" now documented
in chapter "customizing". (Bernhard Reiter)
- issue2550877 Failures in test_mailgw.py because of duplicated headers
and more precise comparision. Writing headers with the email module will use
continuation_ws = ' ' now for python 2.5 and 2.6. (Bernhard Reiter)
- issue2550870 migrate use of 'rfc822' module to the 'email' module
(Bernhard Reiter/John Kristensen)
- Doctests for roundup.date.Date are now really executable and don't
fail. Bug-Fixes in range properties, open intervals with 'to' didn't
always work. (Ralf Schlatterbeck)
- issue2550881 demo.py: Add pointer how to access demo from remote host.
Suggested by Karl-Philipp Richter. (Bernhard Reiter)
- issue2550884 roundup-mailgw --help text improved to explain the allowed
parameters better. Suggested by by Karl-Philipp Richter. (Bernhard Reiter)
- Fix form-parsing: If multiple new items are added to a multilink
property, the old version would create the new items but only link
one. (Ralf Schlatterbeck)
- issue2550892 (translation error of priority in locale de) Thanks
Martin Thomas Swaton for reporting. (Bernhard Reiter)
- Help-Window now gets focus, this prevents the case that help doesn't
work because an old help-window is below the main window.
(Ralf Schlatterbeck)
- issue2550811 20% fix: jinja2 template engine now has an example
how to use non-ascii unicode contents with a custom filter ('| u').
See updates on http://www.roundup-tracker.org/cgi-bin/moin.cgi/Jinja2
(Bernhard Reiter)
2013-07-06: 1.5.0
Features:
- issue2550775 Added rel=nofollow to links in the journal linking to
attachments to allow the admin to delete attachment spam and prevent
search engines from increasing the rankings. (John Rouillard)
- issue2550808 Enhanced the boolean field template function. Now by
default the labels generated can be clicked on and select the
corresponding radio button. Also can create a trivalued radiobutton
(yes/no/unknown) as well as customize the labels for the
yes/no/unknown radio buttons. (John Rouillard)
- issue2550807 enhance classhelp method with ability to set html
properties on the generated link. (John Rouillard)
- Support for tx_Source property on database handle. Can be used by
detectors to find out the source of a change in an auditor to block
changes arriving by unauthenticated mechanisms (e.g. plain email
where headers can be faked). The property db.tx_Source has the
following values:
* None - Default value set to None. May be valid if it's a script
that is created by the user. Otherwise it's an error and indicates
that some code path is not properly setting the tx_Source property.
* "cli" - this string value is set when using roundup-admin and
supplied scripts.
* "web" - this string value is set when using any web based
technique: html interface, xmlrpc ....
* "email" - this string value is set when using an unauthenticated
email based technique.
* "email-sig-openpgp" - this string value is set when email with a
valid pgp signature is used. (*NOTE* the testing for this mode
is incomplete. If you have a pgp infrastructure you should test
and verify that this is properly set.) (John Rouillard)
- Introducing Template Loader API (anatoly techtonik)
- Experimental support for Jinja2, try 'jinja2' for template_engine
in config (anatoly techtonik)
- A new jinja2 template based on Classic schema and using Twitter
bootstrap for responsive behaviour. Run as -
python demo.py -t jinja2 nuke (Pradip P Caulagi)
- roundup_admin.py and other scripts can now be run directly from the
sources dir as roundup\scripts\roundup_admin.py (anatoly techtonik)
- Renamed old Templates classes to Loader classes to clarify sources
for alternative templating engines, updated docs (anatoly techtonik)
- Template selection code is moved from Loader classes into cgi.client
limiting the responsibility of Loaders to compilation and rendering.
Internally, templating.find_template is replaced with
client.selectTemplate (anatoly techtonik)
- Increased generated password length to 12 symbols to slow down GPGPU
attacks (anatoly techtonik)
- Implement XMLRPC MultiCall (including test), see
http://docs.python.org/2/library/xmlrpclib.html#xmlrpclib.MultiCall
(Ralf Schlatterbeck)
Fixed:
- issue2550789: add documentation on how to initialise a tracker
without exposing the admin password.
- issue2550805: Postgres should search title attribute case insensitive
like sqlite. Reported and fixed by Tom Ekberg. (Bernhard Reiter)
- Removed some old left over "rlog" references in documentation and code.
Makes the debugging.txt advise for the database unit tests work again.
(Bernhard Reiter)
- Fixed OpenPGP support for modern versions of libgpgme. (Bernhard Reiter)
- Restored compatibility with old style trackers (anatoly techtonik)
- Make roundup play nice with setup tools (for using with virtualenv)
(Pradip Caulagi)
- [minor] Template responsive: make demo.py work out of the box with it,
by setting the static_files config.ini setting to "static".
Footer: link fixed and hardcoded last modified date removed. (Bernhard Reiter)
- demo.py print location of tracker home and fully erase its directory
when nuking (anatoly techtonik)
- demo.py changing hostname in config.ini actually changes the address
where demo.py listens. (John Rouillard)
- issue2550802: Fixed date so second fraction can't cause rounding to
60.000 when serialising. Report and fix by Erik Hanspers. (Bernhard Reiter)
- issue2550595: Allow migrating from roundup 0.x to 1.4 (Thomas Arendsen Hein)
- issue2550634: New German orthography corrections (Thomas Arendsen Hein)
2012-12-21: 1.4.21
Features:
- issue2550782: Added a new irker detector to send notifications on IRC
when an issue is created or messages are added. (Ezio Melotti)
- Beta version of responsive templates using devel schema
and Twitter Bootstrap for styling (Pradip Caulagi)
- pywin32 is no longer required to run on Windows (anatoly techtonik)
- Rewritten portalocker.py logic in ctypes for Windows (anatoly techtonik)
- Add an interface to register clearCache callbacks in roundupdb.
Sometimes complicated computations may require an application cache.
This application can now register a callback to clear the application
cache, because roundup knows better when to clear it (usually when a
transaction ends, either with rollback or with commit). The interface
for this is currently considered experimental. The current interface
is registerClearCacheCallback(self, method, param) where method is
called with param as the only parameter. (Ralf Schlatterbeck)
- Add a script to remove file-spam from a tracker, see
scripts/spam-remover. (Ralf Schlatterbeck)
Fixed:
- issue2550765: Don't show links in calendar that will fail.
Found and fixed by C\E9dric Krier. (Bernhard)
- issue2550765: use ``<meta name="robots" content="noindex,
nofollow">`` in the _generic.calendar.html to prevent robots to
follow all the links in the calendar. (Ezio Melotti)
- "BaseException.with_traceback" is not available on Python 2, so use
"raise E, V, T" instead of "raise E(V).with_traceback(T)". This change was
originally introduced in 74476eaac38a. (Ezio Melotti)
- issue2550759: Trailing punctuation is no longer included when URLs are
converted to links. (Ezio Melotti)
- issue2550574: Restore sample detectors removed in roundup 1.4.9
(Thomas Arendsen Hein)
- Prevent AttributeError when removing all roles of a user
(Thomas Arendsen Hein)
- issue2550762 Minor Documentation fix in doc/developers.txt, thanks
to W. Trevor King. (Bernhard Reiter)
- issue2550766: Minor formatting issues in the docs for date properties,
thanks John Kristensen. (Bernhard Reiter)
- issue2550738: Fixes for various documentation typoes,
thanks Nathan Russell. (John Kristensen)
- issue2550756: Fix 'oder' typo in mailer.Mailer.bounce_message docstring,
thanks W. Trevor King (John Kristensen)
- Fix basic authentication: instatiating the login action would fail if
the user is not set. We now first set the user to anonymous and then
try basic authentication if enabled. (Ralf Schlatterbeck)
- Fix xmlrpc permissions for lookup method: Allow if the key attribute
is either searchable or viewable, don't check id attribute (Ralf
Schlatterbeck)
- Fix installation documentation (section Prerequisites) to require at
least python 2.5, thanks to John P. Rouillard for discovering this.
(committed by Ralf Schlatterbeck)
- Fix version_check.py to require at least python 2.5 (anatoly techtonik)
- Fixing the download button re-activating the cheeseshop plugin in the
sphinx config. Thanks to Richard for the hint. (Bernhard Reiter)
- issue2550783 devel template's schema.py permissions referenced the
organization property for the user, but the property is called
organisation. Thanks to Pradip Caulagi. (committed by John Rouillard)
- issue2550749 - the xmlrpc interface is invoked on content type
and not url path. Sending any text/xml data to roundup results in
invoking the xml-rpc interface, but a REST or other interface could
also consume xml data and do something different. So require the use
of 'http(s)://.../xmlrpc' uri to trigger the xmlrpc interface.
(John Rouillard)
- issue2550774: Remove generating documentation with rst2html, and update the
README.txt with how to create the html docs using sphinx, thanks Kai Storbeck
(John Kristensen)
- issue2550774: Include doc/conf.py in the release tarball, so people can build
their own documentation in html, thanks Kai Storbeck (John Kristensen)
- issue2550774: Update website/www/Makefile to symlink COPYING.txt so "make"
works again, thanks Kai Storbeck (John Kristensen)
- issue2550760: Several improvements to the manpages
thanks Kai Storbeck & Bastian Kleineidam (John Kristensen)
2012-05-15: 1.4.20
Features:
- Experimental support for the new Chameleon templating engine.
We now have two configurable templating engines, the old Zope TAL
templates (called zopetal in the config) and the new Chameleon (called
chameleon in the config). A new config-option "template_engine" under
[main] can take these config-options, the default is zopetal.
Thanks to Cheer Xiao for the idea of making this configurable *and*
for the actual implementation! (Ralf)
WARNING: Chameleon support is highly experimental and *not* recommended for
production use. It has known performance issues and i18n is not yet
functioning. It's still under active development. Only use this feature if
you want to experiment with Chameleon and/or help with Roundup
developement. If you found a bug in Chameleon support, please report after
testing against latest Roundup source from the Mercurial repository.
- issue2550678: Allow pagesize=-1 which returns all results.
Suggested and implemented by John Kristensen.
Tested by Satchidanand Haridas. (Bernhard)
- Allow to turn off translation of generated html options in menu method
of LinkHTMLProperty and MultilinkHTMLProperty -- default is
translation as it used to be (Ralf)
- Sending of OpenPGP encrypted mail to all users or selected users (via
roles) is now working. (Ralf)
- Add config-option "nosy" to messages_to_author setting in [nosy]
section of config: This will send a message to the author only
in the case where the author is on the nosy-list (either added
earlier or via the add_author setting). Current config-options
for this setting will send / not send to author without considering
the nosy list. (Ralf)
Fixed:
- issue2550730: FAQ has broken link to Zope book. Reported and fixed by
John Rouillard.(Bernhard)
- issue2550728: remove buggy parentheses in TAL/DummyEngine.py.
Reported and fixed by Ralf Hemmecke. (Bernhard)
- issue2550715: IndexError when requesting non-existing file via http.
Reported and fixed by C\E9dric Krier. (Bernhard)
- issue2550712: exportcsvaction errors poorly when given invalid columns.
Reported by Will Kahn-Greene, fixed by C\E9dric Krier. (Bernhard)
- issue2550695: 'No sort or group' settings not retained when editing queries.
Reported and fixed by John Kristensen. Tested by Satchidanand Haridas.
(Bernhard)
- Fix matching of incoming email addresses to the alternate_addresses
field of a user -- this would match substrings, e.g. if the user has
discuss-support@example.com as an alternate email and an incoming mail
is addressed to support@example.com this would (wrongly) match. (Ralf)
- issue2550729: Fix password history display for anydbm backend, thanks
to Ralf Hemmecke for reporting. (Ralf)
- OpenPGP support is again working (pyme API has changed significantly) and
we now have a regression test. We now take care that bounce-messages
for incoming encrypted mails or mails where the policy dictates that
outgoing traffic should be encrypted is actually OpenPGP encrypted. (Ralf)
- Ignore confirm set() fields by themselves in the absence of non-"confirm"
values; otherwise a bare confirm field can be used to change the a
password. Reported by Cam Blackwood. (Ralf)
- Updated version of simplified Chinese message file by Cheer Xiao:
Corrected some mistakes, added a few more items and did some
formating. (Ralf)
- Fix xmlrpc URL parsing so that passwords may contain a ':' character
(Ralf)
- Be more tolerant when parsing RFC2047 encoded mail headers. Use
backported version of my proposed changes to
email.header.decode_header in http://bugs.python.org/issue1079
(Ralf)
- issue2550684 Fix XSS vulnerability when username contains HTML code,
thanks to Thomas Arendsen Hein for reporting and patch. (Ralf)
- issue2550711 Fix XSS vulnerability in @action parameter,
thanks to "om" for reporting. (Ralf)
- issue2550535 In some cases even when keep_quoted_text=yes is
configured we would strip quoted sections. This hit the python
bug-tracker especially for python interpreter examples with leading
'>>>' strings. The fix is slightly different compared to the proposal
as this broke keep_quoted_text=no in certain cases. We also fix a bug
where keep_quoted_text=no would drop the last line of a non-quoted
section if there wasn't an empty line between the next quotes. (Ralf)
- issue2431638 wrong registration link in bounce mail for non-registered
users reported *years* ago by anonymous (Ralf)
- Fix doc/upgrading.txt which produces errors with latest docutils about
wrong block structure. Fix .gitignore in doc directory. Thanks to
Cheer Xiao for the patches. (Ralf)
- Fix wrong execute permissions on some files, thanks to Cheer Xiao for
the patch. (Ralf)
- Fix override of TemplatingUtils in instance.py, thanks to Cheer Xiao
for the patch. (Ralf)
- Fix another XSS with the "otk" parameter, thanks to Jesse Ruderman for
reporting. (Ralf)
- Mark cookies HttpOnly and -- if https is used -- secure. Fixes
issue2550689, but is untested if this really works in browsers.
Thanks to Joseph Myers for reporting. (Ralf)
- Fix another XSS with the ok- and error message, see issue2550724. We
now escape messages when added to the list so we can decide whether to
escape a message individually for each message. The default is to
escape. Thanks to David Benjamin for the bug-report and to Ezio
Melotti for several proposed fixes. (Ralf)
2011-07-15: 1.4.19
Features:
- Xapian indexing improved: Slightly faster and slightly smaller database.
Closes issue2550687. Thanks to Olly Betts for the patch. (Bernhard Reiter)
- PostgreSQL backend minor improvement: database creation less likely to fail
for PostgreSQL versions >= 8.1 as the table "postgres" is used by default.
Closes issue2550543. Thanks to Kai Storbeck for the patch. (Bernhard Reiter)
- Allow HTMLRequest.batch to filter on other permissions than "View"
(e.g. on the new "Search" permission") by adding a "permission"
parameter. Thanks to Eli Collins for the patch. Closes issue2550699. (Ralf)
Fixed:
- Installation: Fixed an issue that prevented to use EasyInstall
and a Python egg. Thanks to Satchidanand Haridas for the patch and
John Kristensen for testing it. (Bernhard Reiter)
- The PostgreSQL backend quotes database names now for CREATE and DROP,
enabling more exotic tracker names. Closes issue2550497.
Thanks to Sebastian Harl for providing the patch. (Bernhard Reiter)
- Updated the url to point to www.roundup-tracker.org in two places in the
docs. (Bernhard Reiter)
- Do not depend on a CPython implementation detail anymore to make Roundup
more compatible with other Python implementations like PyPy.
Closes issue2550707. Thanks to Christof Meerwald. (Bernhard Reiter, Richard)
- Yet another fix to the mail gateway, messages got *all* files of
an issue, not just the new ones. Thanks to Rafal Bisingier for
reporting and proposing a fix. The regression test was updated.
(Ralf)
- Fix version numbers in upgrade documentation, the file-unlink defect
was in 1.4.17 not 1.4.16. Thanks to Rafal Bisingier. (Ralf)
- Fix encoded email header parsing if multiple encoded and non-encoded
parts are present. RFC2047 specifies that spacing is removed only
between encoded parts, we always removed the space. Note that this bug
was present before mail gateway refactoring :-) Thanks for thorough
testing of mail gateway code by Rafal Bisingier. (Ralf)
- The "Retire" permission was not being registered. (Richard)
- Fix StringIO issue2550713: io.StringIO in newer versions of python
returns unicode strings and expects a unicode string in the
constructor. Unfortunately csv doesn't handle unicode (yet). So we
need to use a BytesIO which gets the utf-8 string from the
web-interface. Compatibility for old versions by using
StringIO.StringIO for emulating a io.BytesIO also works.
Thanks to C\E9dric Krier for reporting. Closes issue2550713.
Added a regression test for EditCSVAction (Ralf)
- Fix issue2550691 where a Unix From-Header was sometimes inserted in
outgoing emails, thanks to Joseph Myers for the patch. (Ralf)
2011-05-29: 1.4.18
Features:
- Norwegian Bokmal translation by Christian Aastorp (Ralf)
- Allow to specify additional cc and bcc emails (not roundup users) for
nosymessage used by the nosyreaction reactor. (Ralf)
Fixed:
- File-unlink defect in mailgw fixed! If an email was received
that contained no attachments, all previous files of the issue were unlinked.
This defect was introduced with the 1.4.17 release as an unwanted result
of the mail gate code refactoring. Thanks to Rafal Bisingier for reporting
and proposing a fix. There is now a regression test in place. (Ralf)
2011-05-13: 1.4.17
Features:
- Allow declaration of default_values for properties in schema.
- Add explicit "Search" permissions, see Security Fix below.
- Add "lookup" method to xmlrpc interface (Ralf Schlatterbeck)
- Multilinks can be filtered by combining elements with AND, OR and NOT
operators now. A javascript gui was added for "keywords", see issue2550648.
Developed by Sascha Teichmann; funded by Intevation. (Bernhard Reiter)
- Factor MailGW message parsing into a separate class, thanks to John
Kristensen who did the major work in issue2550576 -- I wouldn't
have attempted it without this. Fixes issue2550576. (Ralf)
- Now if the -C option to roundup-mailgw specifies "issue" this refers
to an issue-like class. The real class is determined from the
configured default class, or the -c option to the mailgw, or the class
resulting from mail subject parsing. We also accept multiple -S
options for the same class now. (Ralf)
- Optimisation: Late evaluation of Multilinks (only in rdbms backends):
previously we materialized each multilink in a Node -- this creates an
SQL query for each multilink (e.g. 'files' and 'messages' for each
line in the issue index display) -- even if the multilinks aren't
displayed. Now we compute multilinks only if they're accessed (and
keep them cached).
- Add a filter_iter similar to the existing filter call. This feature is
considered experimental. This is currently not used in the
web-interface but passes all tests for the filter call except sorting
by Multilinks (which isn't supported by SQL and isn't a sane concept
anyway). When using filter_iter instead of filter this saves a *lot*
of SQL queries: Filter returns only the IDs of Nodes in the database,
the additional content of a Node has to be fetched in a separate SQL
call. The new filter_iter also returns the IDs of Nodes (one by one,
it's an iterator) but pre-seeds the cache with the content of the
Node. The information needed for seeding the cache is retrieved in the
same SQL query as the ids.
Fixed:
- Security Fix: Add a check for search-permissions: now we allow
searching for properties only if the property is readable without a
check method or if an explicit search permission (see above unter
"Features) is given for the property. This fixes cases where a user
doesn't have access to a property but can deduce the content by
crafting a clever search, group or sort query.
see doc/upgrading.txt for how to fix your trackers! (Ralf Schlatterbeck).
- Range support in roundup-server so large files can be served,
e.g. media files on iOS/iPads; issue2550694. (Bernhard Reiter;
Thanks to Jon C. Thomason for the patch.)
- Fix search for xapian 1.2 issue2550676
(Bernhard Reiter; Thanks to Olly Betts for providing the patch.)
- Some minor typos fixed in doc/customizing.txt (Thanks Ralf Hemmecke).
- XML-RPC documentation now linked from the docs/index (Bernhard Reiter).
- Fix setting of sys.path when importing schema.py, fixes issue2550675,
thanks to Bryce L Nordgren for reporting. (Ralf Schlatterbeck)
- clear the cache on commit for rdbms backends: Don't carry over cached
values from one transaction to the next (there may be other changes
from other transactions) see new ConcurrentDBTest for a
read-modify-update cycle that fails with the old caching behavior.
(Ralf Schlatterbeck)
- Fix incorrect setting of template in customizing.txt example action,
patch via issue2550682 (thanks John Kristensen)
- Configuration issue: On some postgresql 8.4 installations (notably on
debian squeeze) the default template database used for database
creation doesn't match the needed character encoding UTF8 -- a new
config option 'template' in the rdbms section now allows specification
of the template. You know you need this option if you get the error
message:
psycopg2.DataError: new encoding (UTF8) is incompatible with the
encoding of the template database (SQL_ASCII)
HINT: Use the same encoding as in the template database, or use
template0 as template.
(Ralf Schlatterbeck)
- Fixed bug in mailgw refactoring, patch issue2550697 (thanks Hubert
Touvet)
- Fix Password handling security issue2550688 (thanks Joseph Myers for
reporting and Eli Collins for fixing) -- this fixes all observations
by Joseph Myers except for auto-migration of existing passwords.
- Add new config-option 'migrate_passwords' in section 'web' to
auto-migrate passwords at web-login time. Default for the new option
is "yes" so if you don't want that passwords are auto-migrated to a
more secure password scheme on user login, set this to "no" before
running your tracker(s) after the upgrade.
- Add new config-option 'password_pbkdf2_default_rounds' in 'main'
section to configure the default parameter for new password
generation. Set this to a higher value on faster systems which want
more security. Thanks to Eli Collins for implementing this (see
issue2550688).
- Fix documentation for roundup-server about the 'host' parameter as
suggested in issue2550693, fixes the first part of this issue. Make
'localhost' the new default for this parameter, note the upgrading
documentation of changed behaviour. We also deprecate the empty host
parameter for binding to all interfaces now (still left in for
compatibility). Thanks to Toni Mueller for providing the first version
of this patch and discussing implementations.
- Fixed bug in filter_iter refactoring (lazy multilinks), in rare cases
this would result in duplicate multilinks to the same node. We're now
going the safe route and doing lazy evaluation only for read-only
access, whenever updates are done we fetch everything.
2010-10-08: 1.4.16
Features:
- allow trackers to override the classes used to render properties in
templating per issue2550659 (thanks Ezio Melotti)
- new mailgw configuration item "subject_updates_title": If set to "no"
a changed subject in a reply to an issue will not update the issue
title with the changed subject. Thanks to Arkadiusz Kita and Peter
Funk for requesting the feature and discussing the implementation.
http://thread.gmane.org/gmane.comp.bug-tracking.roundup.user/10169
- new rdbms config item sqlite_timeout makes the previously hard-coded
timeout of 30 seconds configurable. This is the time a client waits
for the locked database to become free before giving up. Used only for
SQLite backend.
- new mailgw config item unpack_rfc822 that unpacks message attachments
of type message/rfc822 and attaches the individual parts instead of
attaching the whole message/rfc822 attachment to the roundup issue.
Fixed:
- fixed reporting of source missing warnings
- relevant tests made locale independent, issue2550660 (thanks
Benni B\E4rmann for reporting).
- fix for incorrect except: syntax, issue2550661 (thanks Jakub Wilk)
- No longer use the root logger, use a logger with prefix "roundup",
see http://thread.gmane.org/gmane.comp.bug-tracking.roundup.devel/5356
- improve handling of '&gt;' when URLs are converted to links, issue2550664
(thanks Ezio Melotti)
- fixed registration, issue2550665 (thanks Timo Paulssen)
- make sorting of multilinks in the web interface more robust, issue2550663
- Fix charset of first text-part of outgoing multipart messages, thanks Dirk
Geschke for reporting, see
http://thread.gmane.org/gmane.comp.bug-tracking.roundup.user/10223
- Fix handling of incoming message/rfc822 attachments. These resulted in
a weird mail usage error because the email module threw a TypeError
which roundup interprets as a Reject exception. Fixes issue2550667.
Added regression tests for message/rfc822 attachments with and without
configured unpacking (mailgw unpack_rfc822, see Features above)
Thanks to Benni B\E4rmann for reporting.
- Allow search_popup macro to work with all db classes, issue2550567
(thanks John Kristensen)
- lower memory footprint for (journal-) import
2010-07-12: 1.4.15
Fixed:
- A bunch of regressions were introduced in the last release making Roundup
no longer work in Python releases prior to 2.6
- make URL detection a little smarter about brackets per issue2550657
(thanks Ezio Melotti)
2010-07-01: 1.4.14
Features:
- Preparations for getting 2to3 work, not completed yet. (Richard Jones)
Fixed:
- User input not escaped when a bad template name is supplied (thanks
Benjamin Pollack)
- The email for the first message on an issue was having its In-Reply-To
set to itself (thanks Eric Kow)
- Handle multiple @action values from broken trackers.
- Accept single-character subject lines
- xmlrpc handling of unicode characters and binary values, see
http://thread.gmane.org/gmane.comp.bug-tracking.roundup.user/10040
thanks to Hauke Duden for reporting these.
- frontends/roundup.cgi got out of sync with the roundup.cgi.Client API
- Default to "text/plain" if no Content-Type header is present in email
(thanks Hauke Duden)
- Small documentation update regarding debugging aids (Bernhard Reiter)
- Indexer Xapian, made Xapian 1.2 compatible. Needs at least Xapian 1.0.0 now.
(Bernhard Reiter; Thanks to Olly Betts for providing the patch Issue2550647.)
2010-02-19: 1.4.13
Fixed:
- Multilink edit fields lose their values (thanks Will Maier)
2010-02-09: 1.4.12
Features:
- Support IMAP CRAM-MD5, thanks Jochen Maes
Fixes:
- Proper handling of 'Create' permissions in both mail gateway (earlier
commit r4405 by Richard), web interface, and xmlrpc. This used to
check 'Edit' permission previously. See
http://thread.gmane.org/gmane.comp.bug-tracking.roundup.devel/5133
Add regression tests for proper handling of 'Create' and 'Edit'
permissions.
- Fix handling of non-ascii in realname in the nosy mailer, this used to
mangle the email address making it unusable when replying. Thanks to
intevation for funding the fix.
- Fix documentation on user required to run the tests, fixes
issue2550618, thanks to Chris aka 'radioking'
- Add simple doc about translating customised tracker content
- Add "flup" setup documentation, thanks Christian Glass
- Fix "Web Access" permission check to allow serving of static files to
Anonymous again
- Add check for "Web Access" permission in all web templating permission
checks
- Improvements in upgrading documentation, thanks Christian Glass
- Display 'today' in the account user's timezone, thanks David Wolever
- Fix file handle leak in some web interfaces with logging turned on,
fixes issue1675845
- Attempt to generate more human-readable addresses in email, fixes
issue2550632
- Allow value to be specified to multilink form element templating, fixes
issue2550613, thanks David Wolever
- Fix thread safety with stdin in roundup-server, fixes issue2550596
(thanks Werner Hunger)
2009-12-21: 1.4.11
Features:
- Generic class editor may now restore retired items (thanks Ralf Hemmecke)
Fixes:
- Fix security hole allowing user permission escalation (thanks Ralf
Schlatterbeck)
- More SSL fixes. SSL wants the underlying socket non-blocking. So we
don't call socket.setdefaulttimeout in case of SSL. This apparently
never raises a WantReadError from SSL.
This also fixes a case where a WantReadError is raised and apparently
the bytes already read are dropped (seems the WantReadError is really
an error, not just an indication to retry).
- Correct initial- and end-handshakes for SSL
- Update FAQ to mention infinite redirects with pathological settings of
the tracker->web variable. Closes issue2537286, thanks to "stuidge"
for reporting.
- Fix some format errors in italian translation file
- Some bugs issue classifiers were causing database lookup errors
- Fix security-problem: If user hasn't permission on a message (notably
files and content properties) and is on the nosy list, the content was
sent via email. We now check that user has permission on the message
content and files properties. Thanks to Intevation for funding this
fix.
- Fix traceback on .../msgN/ url, this requests the file content and for
apache mod_wsgi produced a traceback because the mime type is None for
messages, fixes issue2550586, thanks to Thomas Arendsen Hein for
reporting and to Intevation for funding the fix.
- Handle OPTIONS http request method in wsgi handler, fixes issue2550587.
Thanks to Thomas Arendsen Hein for reporting and to Intevation for
funding the fix.
- Add documentation for migrating to the Register permission and
fix mailgw to use Register permission, fixes issue2550599
- Fix styling of calendar to make it more usable, fixes issue2550608
- Fix typo in email section of user guide, fixes issue2550607
- Fix WSGI response code (thanks Peter P\F6ml)
- Fix linking of an existing item to a newly created item, e.g.
edit action in web template is name="issue-1@link@msg" value="msg1"
would trigger a traceback about an unbound variable.
Add new regression test for this case. May be related to (now closed)
issue1177477. Thanks to Intevation for funding the fix.
- Clean up all the places where role processing occurs. This is now in a
central place in hyperdb.Class and is used consistently throughout.
This also means now a template can override the way role processing
occurs (e.g. for elaborate permission schemes). Thanks to intevation
for funding the change.
- Fix issue2550606 (german translation bug) "an hour" is only used in
the context "in an hour" or "an hour ago" which translates to german
"in einer Stunde" or "vor einer Stunde". So "an hour" is translated
"einer Stunde" (which sounds wrong at first). Also note that date.py
already has a comment saying "XXX this is internationally broken" --
but at least there's a workaround for german :-) Thanks to Chris
(radioking) for reporting.
2009-10-09: 1.4.10
Fixes:
- Minor update of doc/developers.txt to point to the new resources
on www.roundup-tracker.org (Bernhard Reiter)
- Small CSS improvements regaring the search box (thanks Thomas Arendsen Hein)
(issue 2550589)
- Indexers behaviour made more consistent regarding length of indexed words
and stopwords (thanks Thomas Arendsen Hein, Bernhard Reiter)(issue 2550584)
- fixed typos in the installation instructions (thanks Thomas Arendsen Hein)
(issue 2550573)
- New config option csv_field_size: Pythons csv module (which is used
for export/import) has a new field size limit starting with python2.5.
We now issue a warning during export if the limit is too small and use
the csv_field_size configuration during import to set the limit for
the csv module. (Ralf Schlatterbeck)
- Small fix for CGI-handling of XMLRPC requests for python2.4, this
worked only for 2.5 and beyond due to a change in the xmlrpc interface
in python (Ralf Schlatterbeck)
- Document filter method of xmlrpc interface (Ralf Schlatterbeck)
- Fix interaction of SSL and XMLRPC, now XMLRPC works with SSL
(Ralf Schlatterbeck)
2009-08-10: 1.4.9
Fixes:
- fixed action taken in response to invalid GET request
- fixed classic tracker template to submit POST requests when appropriate
- fix problems with french and german locale files (issue 2550546)
- Run each message of the mail-gateway in a separate transaction,
see http://thread.gmane.org/gmane.comp.bug-tracking.roundup.user/9500
- fix problem with bounce-message if incoming mail has insufficient
privilege, e.g., user not existing (issue 2550534)
- fix construction of individual messages to nosy recipents with
attachments (issue 2550568)
- re-order sqlite imports to handle multiple installed versions (issue
2550570)
- don't show entire history by default
(fixes http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=540629)
- remove use of string exception
2009-03-18: 1.4.8
Fixes:
- bug introduced into hyperdb filter (issue 2550505)
- bug introduced into CVS export and view (issue 2550529)
- bugs introduced in the migration to the email package (issue 2550531)
- handle bogus pagination values (issue 2550530)
- fix TLS handling with some SMTP servers (issues 2484879 and 1912923)
2009-03-13: 1.4.7
Features:
- Provide a "no selection" option in web interface selection widgets
- Debug logging now uses the logging module rather than print
- Allow CGI frontend to serve XMLRPC requests.
- Added XMLRPC actions, as well as bridging CGI actions to XMLRPC actions.
- Optimized large file serving via mod_python / sendfile().
- Support resuming downloads for (large) files.
Fixes:
- a number of security issues were discovered by Daniel Diniz
- EditCSV and ExportCSV altered to include permission checks
- HTTP POST required on actions which alter data
- HTML file uploads served as application/octet-stream
- Handle Unauthorised in file serving correctly
- New item action reject creation of new users
- Item retirement was not being controlled
- Roundup is now compatible with Python 2.6
- Improved French and German translations
- Improve consistency of item sorting in HTML interface
- Various other small bug fixes, robustification and optimisation
2008-09-01: 1.4.6
Fixed:
- Fix bug introduced in 1.4.5 in RDBMS full-text indexing
- Make URL matching code less matchy
- Try to clarify mail_domain config setting
2008-08-19: 1.4.5
Feature:
- Add use of username/password stored in ~/.netrc in mailgw (sf patch
#1912105)
Fixed:
- 'Make a Copy' failed with more than one person in nosy list (sf #1906147)
- xml-rpc security checks and tests across all backends (sf #1907211)
- Send a Precedence header in email so (well-written) autoresponders don't
- Fix mailgw total failure bounce message generation (thanks Bradley Dean)
- Fix for postgres 8.3 compatibility (and bug) (sf patch #2030479 and bug
#1959261)
- Fix for translations (sf patch #2032526)
- Fire reactors after file storage is all done (sf patch #2001243)
- Allow negative ids other than -1 for item generation (sf patch #1982481)
- Better German translation for retiring users (sf #1998701)
- More improvements to German translation (sf #1919446)
- Add filter() to XML-RPC interface (sf patch #1966456)
- Fix IndexError when there are no messages to an issue (sf patch #1894249)
- Prevent broken pipe errors in csv export (sf patch #1911449)
- New session API and cleanup (anatoly techtonik)
- Make WSGI handler threadsafe (sf #1968027)
- Improved URL matching RE (sf #2038858)
- Allow binary file content submission via XML-RPC (sf #1995623)
- Don't run old code on newer database (sf #1979556)
- Fix HTML injection into page title
- Fix indexer handling of indexed Link properties (sf #1936876)
2008-03-01: 1.4.4
Fixed:
- Security fixes (thanks Roland Meister)
2008-02-27: 1.4.3
Fixed:
- MySQL backend bug introduced in 1.4.2 (TEXT columns need a size when
being indexed)
2008-02-08: 1.4.2
Feature:
- New config option in mail section: ignore_alternatives allows to
ignore alternatives besides the text/plain part used for the content
of a message in multipart/alternative attachments.
- Admin copy of error email from mailgw includes traceback (thanks Ulrik
Mikaelsson)
- Messages created through the web are now given an in-reply-to header
when email out to nosy (thanks Martin v. L\F6wis)
- Nosy messages now include more information about issues (all link
properties with a "name" attribute) (thanks Martin v. L\F6wis)
Fixed:
- Searching date range by supplying just a date as the filter spec
- Handle no time.tzset under Windows (sf #1825643)
- Fix race condition in file storage transaction commit (sf #1883580)
- Make user utils JS work with firstname/lastname again (sf #1868323)
- Fix ZRoundup to work with Zope 2.8.5 (sf #1806125)
- Fix race condition for key properties in rdbms backends (sf #1876683)
- Handle Reject in mailgw final set/create (sf #1826425)
2007-11-09: 1.4.1
Fixed:
- Removed some metakit references
2007-11-04: 1.4.0
Feature:
- Roundup has a new xmlrpc frontend that gives access to a tracker using
XMLRPC.
- Dates can now be in the year-range 1-9999
- The metakit backend has been removed
- Add simple anti-spam recipe to docs
- Allow customisation of regular expressions used in email parsing, thanks
Bruno Damour
- Italian translation by Marco Ghidinelli
- Multilinks take any iterable
- config option: specify port and local hostname for SMTP connections
- Tracker index templating (i.e. when roundup_server is serving multiple
trackers) (sf bug 1058020)
- config option: Limit nosy attachments based on size (Philipp Gortan)
- roundup_server supports SSL via pyopenssl
- templatable 404 not found messages (sf bug 1403287)
- Unauthorized email includes a link to the registration page for
the tracker
- config options: control whether author info/email is included in email
sent by roundup
- support for receiving OpenPGP MIME messages (signed or encrypted)
Fixed:
- Handling of unset Link search in RDBMS backend
- Journal export of anydbm didn't correctly export previously empty values
- Fix handling of defaults for date fields
- Fix <form> name in user editing to allow multilink popups to work
- Fix form handling of editing existing hyperdb items from a new item page.
- Added new rdbms-indexes for full-text index which will speed up
reindexing.
- Turning off indexing for content properties of FileClass instance
(e.g., "file" and "msg") now works for SQL backends.
- Enabled over-riding of content-type in web interface (thanks
John Mitchell)
- Validate user timezones to filter bad entries (sf bug 1738470)
- Classic template allows searching for issues with no topic set
(sf bug 1610787)
- xapian_indexer uses current API for stemming (Rick Benavidez)
(sf bug 1771414)
- Ensure email addresses are unique (sf bug 1611787)
- roundup_admin tracks uncommitted changes in interactive mode
for all backends (sf bug 1297014)
- add template search path for easy_install (Marek Kubica)
- don't spam the roundup admin on client shutdowns (Ulrik Mikaelsson)
- respect umask on filestorage backends (Ulrik Mikaelsson) (sf bug 1744328)
- cope with spam robots posting multiple instances of the same form
- include the author of property-only changes in generated messages
- fuller email validation in templates (sf feature 1216291)
- cope with bad cookies from other apps on same domain (sf bug 1691708)
- updated Spanish translation from Ramiro Morales
- clean up query display of "Private to you items" (sf bug 1481394)
- use local timezone for mail date header (sf bug 1658173)
- allow CSV export of queries on selected issues (sf bug 1783492)
- remove blobfiles on destroy (sf bug 1654132)
- handle postgres exceptions during session cleanup (sf bug 1703116)
- update Xapian indexer to use current API
- handle export and import of old trackers that have data attached to
journal "create" events
- fix a couple more old instances of "type" instead of "ENGINE" for mysql
backend
- make LinkHTMLProperty handle non-existing keys (sf patch 1815895)
2007-02-15: 1.3.3
Fixed:
- If-Modified-Since handling was broken
- Updated documentation for customising hard-coded searches in page.html
- Updated Windows installation docs (thanks Bo Berglund)
- Handle rounding of seconds generating invalid date values
- Handle 8-bit untranslateable messages from database properties
- Fix scripts/roundup-reminder date calculation (sf bug 1649979)
- Improved due_date and timelog customisation docs (sf bug 1625124)
2006-12-19: 1.3.2
Fixed:
- relax rules for required fields in form_parser.py (sf bug 1599740)
- documentation cleanup from Luke Ross (sf patch 1594860)
- updated Spanish translation from Ramiro Morales (sf patch 1594718)
- handle 8-bit untranslateable messages in tracker templates
- handling of required for boolean False and numeric 0 (sf bug 1608200)
- removed bogus args attr of ConfigurationError (sf bug 1608056)
- implemented start_response in roundup.cgi (sf bug 1604304)
- clarified windows service documentation (sf patch 1597713)
- HTMLClass fixed to work with new item permissions check (sf bug 1602983)
- support POP over SSL (sf patch 1597703)
- clean up input field generation and quoting of values (sf bug 1615616)
- allow use of roundup-server pidfile without forking (sf bug 1614753)
- allow translation of status/priority menu options (sf bug 1613976)
2006-11-11: 1.3.1
Fixed:
- setup.py had broken reference to roundup.cgi (sf bug 1593573)
- full-text search wasn't coping with multiple multilinks to the same class
- unicode / sqlite 3 problem (sf bug 1589292)
2006-11-09: 1.3.0
Feature:
- WSGI support via roundup.cgi.wsgi_handler
Fixed:
- sqlite module detection was broken for python 2.5 compiled without sqlite
support
- fixed support for pysqlite2 (version 2.1.0 is the minimum version
supported)
- roundup-server called setuid when run by non-root user
- fix sort/group direction checkbox in issue.index.html (sf bug 1593025)
- fix error detection for non-EN locales of postgres (sf bug 1592249)
- fix email change note rendering of multiline properties (sf patch 1575223)
- fix sidebar search links (sf patch 1574467)
- nicer "permission required" messages (sf patch 1558183)
- fix unstable ordering of detectors (sf bug 1585378)
2006-10-07: 1.2.1
Fixed:
- E-mail subject line prefix delimiter configuration was being ignored.
- Password confirm field in user editing.
2006-10-04: 1.2.0
Feature:
- supports Python 2.5, including the sqlite3 module
- full timezone support (sf patch 1465296)
- handle connection loss when responding to web requests
- match incoming mail In-Reply-To against existing messages when no issue
id is specified in the Subject
- added StringHTMLProperty wrapped() method to wrap long lines in issue
display
- include the popcal in Date field editing and search fields by default
- @required in forms may now specify properties of linked items (sf patch
1507093)
- update for latest version of pysqlite (sf bug 1487098; patch 1534227)
- update for latest version of psycopg2 (sf patch 1429391)
- new "exporttables" command in roundup-admin (sf bug 1533791)
- roundup-admin "export" may specify classes to exclude (sf bug 1533791)
- sorting and grouping by multiple properties is now supported by the
backends *and* the classic template.
- sorting, grouping, and searching by transitive properties (e.g.,
messages.author.supervisor) is now supported in all backends
- added filter_sql to SQL backends which takes an arbitrary SQL statement
and returns a list of item ids
Fixed:
- Verbose option for import and export (sf bug 1505645)
- -c option for roundup-mailgw won't accept parameter (sf bug 1505649)
- '?' in rfc2822-encoded header isn't quoted (sf bug 1505663)
- fix error message in form parser
- updated ZRoundup for Zope 2.9 (sf patch 1511734)
- fix timelog example in customisation doc to mention permissions
- nicer listing of Superseder links (sf non-patch 1497767)
- include roundup-server.ini.example (sf bug 1493859)
- dumb bug in cgi templating utils (sf bug 1490176)
- handle unicode in query names (sf bug 1495702)
- fix error during mailgw bouncing message (sf bug 1413501)
- hyperdb handling of empty raw values for Multilink and Password (sf bug
1507814)
- don't int() ids (sf bug 1512939)
- fix importing into anydbm backend (sf bug 1512939)
- fix help message for roundup-admin install (sf bug 1494990)
- removed traceback with OTK is used multiple times (sf bug 1240539)
- metakit backend was indexing FileClass content even when asked not to
- anydbm backend will finally sort numerically by ID
- problem with string sorting in anydbm backend fixed: If a string was
fully numeric it was sorted as a number
- Multilink-sorting now sorts by orderprop not by ID and works for all
backends
- Bug with name-collisions in sorted classes when sorting by Link
properties in metakit backend fixed
- Postgres backend allows transaction collisions to be ignored when
committing cleanup in the sessions database
- translate titles of "show all" and "unassigned" issue lists
in classic template (sf patch 1424576)
- "as" is a keyword in Python 2.6
- "from __future__" statments need to be first line of file in Python 2.6
- better conflict retry in postgresql backend (sf bug 1552809)
- fix time log example (sf bug 1554630)
2006-04-27: 1.1.2
Feature:
- server-ctl script uses server configuration file (sf bug 1443805)
- mail user interface translated (sf patch 1462491)
Fixed:
- progress display in roundup-admin reindex
- bug in menu() permission filter (sf bug 1444440)
- indexing may be turned off for FileClass "content" now
("content" and "type" properties are now automatically included in the
FileClass schema where previously the "content" property was faked and
"type" was optional)
- verbose output during import is optional now (sf bug 1475624)
- escape *all* uses of "schema" in mysql backend (sf bug 1472120)
- responses to user rego email (sf bug 1470254)
- dangling connections in session handling (sf bug 1463359)
- reduced frequency of session timestamp update
- classhelp popup pagination forgot about "type" (sf bug 1465836)
- umask is now configurable (with the same 0002 default)
- sorting of entries in classhelp popup (sf bug 1449000)
- allow single digit seconds in date spec (sf bug 1447141)
- prevent generation of new single-digit seconds dates (sf bug 1429390)
- implement close() on all indexers (sf bug 1242477)
2006-03-03: 1.1.1
Fixed:
- failure with browsers not sending "Accept-Language" header
(sf bugs 1429646 and 1435335)
- translate class name in "required property not supplied" error message
(sf bug 1429669)
- error in link property lookups with numeric-alike key values (sf bug 1424550)
- ignore UTF-8 BOM in .po files
- add permission filter to menu() implementations (sf bug 1431188)
- lithuanian translation updated by Nerijus Baliunas (sf patch 1411175)
- incompatibility with python2.3 in the mailer module (sf bug 1432602)
- typo in SMTP TLS option name: "MAIL_TLS_CERFILE" (sf bug 1435452)
- email obfuscation code in html templating is more robust
- blank-title subject line handling (sf bug 1442121)
- "All users may only view and edit issues, files and messages they
create" example in docs (sf bug 1439086)
- saving of queries (sf bug 1436169)
- "Adding a new constrained field to the classic schema" example in docs
(sf bug 1433118)
- security check in mailgw (sf bug 1442145)
- "clear this message" (sf bug 1429367)
- escape all uses of "schema" in mysql backend (sf bug 1397569)
- date spec wasn't allowing week intervals
2006-02-10: 1.1.0
Feature:
- trackers may configure custom stop-words for the full-text indexer
- login may now be for a single session (and this is the default)
- trackers may hide exceptions from web users (they will be mailed to the
tracker admin) (hiding is the default)
- include "clear this message" link in the "ok" message bar
Fixed:
- fixes in scripts/import_sf.py
- fix some unicode bugs in roundup-admin import
- Xapian indexer wasn't actually being used and its reindexing of existing
data was busted to boot
- roundup-admin import wasn't indexing message content
- allow dispname to be passed to renderWith (sf bug 1424587)
- rename dispname to @dispname to avoid name clashes in the future
- fixed schema migration problem when Class keys were removed
2006-02-03: 1.0.1
Feature:
- scripts/import_sf.py will import a tracker from Sourceforge.NET
- added hasRole() to HTMLUser
Fixed:
- SQL generation for sort/group by separate Link properties (sf bug
1417565)
- fix timezone offsetting in email Date: header
- fix security check for hasPermission('Permission', None)
2006-01-27: 1.0
Feature:
- Lithuanian translation by Aiste Kesminaite
- Web User Interface language selection by form variable @language,
browser cookie or HTTP header Accept-Language (sf patch 1360321)
- initial values for configuration options may be passed on
'roundup-admin install' command line (based on sf patch 1237110)
- favicon.ico image may be changed with server config option (sf patch 1355661)
- Password objects initialized from plaintext remember plaintext value
(sf rfe 1379447)
- Roundup installation document includes configuration example
for Exim Internet Mailer (sf bug 1393860)
- enable registration confirmation by web only (sf bug 1381675)
- allow preselection of values in templating menu()s (sf patch 1396085)
- display the query name in the header (sf feature 1298535 / patch 1349387)
- classhelp works with Link properties now (sf bug 1410290)
- added setorderprop() and setlabelprop() to Class (sf features 1379534,
1379490)
- CSV encoding support (sf bug 1240848)
- fields rendered with StructuredText are hyperlinked by default
- additional attributes for input element may be passed to the 'field'
method of a property wrapper
- added "copy_url" method to generate a URL for copying an item
Fixed:
- MySQL now creates String columns using the TEXT column type
- password.crypt won't work with md5 passwords (sf bug 1372253)
- use quoted printable encoding for nosy attachments that have MIME
type 'text/plain' but contain 8-bit characters (sf bug 1381559)
- login name and email address fields in the classic template
are highlighted as required fields (sf bug 1392364)
- french translation updated by Patrick Decat (sf patch 1397059)
- HTTP authorization takes precedence over session cookie (sf bug 1396134)
- enforce correct encoding of PostgreSQL backend (sf bug 1374235)
- grouping/sorting on link to same class fixed (sf bug 1404930)
- all backends implement the retired check in getnodeids (sf bug 1290560)
- fix detection of "missing" existing values in CGI form parser (sf bug
1414149)
- ZRoundup works again (sf bug 1263842)
- default user template does not display password fields and submit button
when editing is not allowed
- fix StructuredText import in cgi.templating
- have "System Messages" be marked as such again (sf bug 1281907)
- enable editing of public queries (sf bug 966144)
2005-10-07: 0.9.0b1
Feature:
- added "imapServer.py" script (sf patch 934567)
- added date selection popup windows (thanks Marcus Priesch)
- added Xapian indexer; replaces standard indexers if Xapian is available
- mailgw subject parsing has configurable levels of strictness
- nosy messages may be sent individually to all recipients
- remember where we came from when logging in (sf patch 1312889)
2006-01-27: 0.8.6
Fixed:
- french translation updated by Patrick Decat (sf patch 1397059)
- tighten up Date parsing to not allow 'M/D/YY' (or 'D/M/YY) (sf bug
1290550)
- handle "schema" being reserved word in MySQL 5+ (sf bug 1397569)
- fixed documentation of filter() in the case of multiple values in a
String search (sf bug 1373396)
- fix comma-separated ID filter spec in web requests (sf bug 1396278)
- fix Date: header generation to be LOCALE-agnostic (sf bug 1352624)
- fix admin doc description of roundup-server config file
- fix redirect after instant registration (sf bug 1381676)
- fix permission checks in cgi interface (sf bug 1289557)
- fix permission check on RetireAction (sf bug 1407342)
- timezone now applied to date for pretty-format (sf bug 1406861)
- fix mangling of "_" in mail Subject class name (sf bug 1413852)
- catch bad classname in URL (related to sf bug 1240541)
- clean up digested_file_types (sf bug 1268303)
- fix permission checks in mailgw (sf bug 1263655)
- fix encoding of subject in generated error message (sf bug 1414465)
2005-10-07: 0.8.5
Feature:
- Argentinian Spanish translation by Ramiro Morales
Fixed:
- Display of Multilinks where linked Class labelprop values are None
- Fix references to the old * Registration Permissions
- Fix missing merge of fix to sf bug 1177057
- Fix RDBMS indexer indexing UTF-8 words that encode to > 30 chars
- Handle invalidly-specified charsets in incoming email
2005-07-18: 0.8.4
Fixed:
- extra CRs in CSV export files on Windows platform (sf bug 1195742)
- activity RDBMS columns were being reported in changes
- fix name collision in roundup.cgi script (sf bug 1203795)
- fix handling of invalid interval input
- search locale files relative ro roundup installation path (sf bug 1219689)
- use translation for boolean property rendering (sf bug 1225152)
- enabled disabling of REMOTE_USER for when it's not a valid username (sf
bug 1190187)
- fix invocation of hasPermission from templating code (sf bug 1224172)
- have 'roundup-admin security' display property restrictions (sf bug
1222135)
- fixed templating menu() sort_on handling (sf bug 1221936)
- allow specification of pagesize, sorting and filtering in "classhelp"
popups (sf bug 1211800)
- handle dropped properies in rdbms/metakit journal export (sf bug 1203569)
- handle missing Subject lines better (sf bug 1198729)
- sort/group by missing values correctly (sf bugs 1198623, 1176897)
- discard, don't bounce messages to the mailgw when the messages's sender
is invalid (ie. when we try to bounce, we get a 550 "unknown user
account" response from the SMTP server) (sf bug 1190906)
- removed debugging code from cgi/actions.py
- refactored hyperdb.rawToHyperdb, allowing a number of improvements
(thanks Ralf Schlatterbeck)
- don't try to set a timeout for IMAPS (thanks Paul Jimenez)
- present Reject exception messages to web users (sf bug 1237685)
2005-05-02: 0.8.3
Feature:
- chinese translation by limodou
Fixed:
- fix reference to The Zope Book in Roundup FAQ
- disabled file logging in Roundup test suite (sf bug 1155649)
- return original string if message issue xref isn't valid
- fix nosyreaction.py to stop it setting the nosy list unnecessarily
(see doc/upgrading.txt for how to fix in your trackers)
- after logout, always display tracker home page
- web forms don't create new items if no item properties are set from UI
- item creation failed if multilink fields had invalid entries (sf bug
1177602)
- fix bdist_rpm (sf bug 1164328)
- fix checking of "Email Access" for Anonymous email registration (sf bug
1177057)
- disable "Email Access" for Anonymous by default to stop spam regsitering
users on public trackers
- send errors in the web interface to a logfile by default. Use the
"debug" multiprocess mode (roundup-server) or the DEBUG_TO_CLIENT var
(roundup.cgi) to have the errors appear in your browser
- fix setgid typo (sf bug 1171346)
- fix faulty find_template filename facility (sf bug 1163629)
- fix roundup-admin "export" so it creates the target dir if needed
- "fix" roundup-admin "import" to not use "universal newline support" since
the csv module appears to have its own ideas about such things (sf bug
1163890)
- fix installation docs referring to old-style configuration variables
- fix roundup-admin "find" for searching Multilinks (sf bug 1189465)
2005-03-03: 0.8.2
Feature:
- roundup-server automatically redirects from trackers list
to the tracker page if there is only one tracker
Fixed:
- added content to ZRoundup refresh.txt file (sf bug 1147622)
- fix invalid reference to csv.colon_separated
- correct URL to What's New in setup.py meta-data
- change AUTOCOMMIT=OFF to AUTOCOMMIT=0 for MySQL (sf bug 1143707)
- compile message objects in 'setup.py build'
- use backend datatype for journal timestamps in RDBMSes
- fixes to the "Using an external password validation source"
customisation example (sf bugs 1153640 and 1155108)
2005-02-17: 0.8.1
Fixed:
- replaced MutlilinkIterator with multilinkGenerator (thanks Bob Ippolito)
- fixed broken csv import in roundup.admin module
- fixed braino in HTMLClass.filter() (sf bug 1124213)
- change ZTUtils Iterator to always iter() its sequence argument
2005-01-16: 0.8.0
Fixed:
- fix roundup-server log and PID file paths to be absolute
- fix initialisation of roundup-server in daemon mode so initialisation
errors are visible
- fix: 'Logout' link was enabled on issue index page only
- have Permissions only test the check function if itemid is suppled
- modify cgi templating system to check item-level permissions in listings
- enable batching in message and file listings
- more documentation of security mechanisms (incl. sf patches 1117932,
1117860)
- better unit tests for security mechanisms
- code cleanup (sf patch 1115329 and additional)
- issue search page allows setting of no sorting / grouping (sf bug
1119475)
- better edit conflict handling (sf bug 1118790)
- consistent text searching behaviour (AND everywhere) (sf bug 1101036)
- fix handling of invalid date input (sf bug 1102165)
- retain Boolean selections in edit error handling (sf bug 1101492)
- fix initialisation of logging module from config file (sf bug 1108577)
- removed rlog module (py 2.3 is minimum version now)
- fixed class "help" listing paging (sf bug 1106329)
- nicer error looking up values of None (response to sf bug 1108697)
- fallback for (list) popups if javascript disabled (sf patch 1101626)
2005-01-13: 0.8.0b2
Fixed:
- note about how to run roundup demo in Windows (sf bug 1082090)
- fix API for templating utils extensions - remove "utils" arg (sf bug 1081981)
- back_sqlite.py is missing "import time" (sf bug 1081959)
- fix (list) popup (sf bug 1083570)
- fix some security assertions (sf bug 1085481)
- 'roundup-server -S' always writes [trackers] section heading (sf bug 1088878)
- fix port number as int in mysql connection info (sf bug 1082530)
- fix setup.py to work with <Python2.3 (sf bug 1082801)
- fix permissions checks in cgi templating (sf bug 1082755)
- fix "Users may only edit their issues" example in docs
- handle ~/.my.cnf files for MySQL defaults (sf bug 1096031)
2004-12-08: 0.8.0b1
Feature:
- added MD5 scheme for password hiding
- added support for HTTP charset selection
- implement __nonzero__ for HTMLProperty
- remove "manual" locking of sqlite database
- create a new RDBMS cursor after committing
- added basic logging, and configuration of it and python's logging module
- roundup-mailgw now logs fatal exceptions rather than mailing them to admin
- add a default argument to the DateHTMLProperty.field method, and an
optional Interval (string or object) to the DateHTMLProperty.now (patch
from Vickenty Fesunov)
- hide "(list)" popup links when issue is only viewable
- roundup-server options -g and -u accept both ids and names (sf bug 983769)
- roundup-server now has a configuration file (-C option)
- added mod_python interface (see installation.txt)
- reorganised tracker configuration, using ConfigParser config, cleaned-up
schema definition and implementing easier extension writing (sf rfe 661301)
- Permissions may now be defined on a per-property basis
- added "Create" Permission. Replaces the "Web"- and "Email Registration"
Permissions.
- added option to turn off registration confirmation via email
("instant_registration" in config) (sf rfe 922209)
- roundup-admin reindex command may now work on single items or classes
- multiple selection Link/Multilink search field (thanks Marlon van den Berg)
- relaxed hyperlinking in web interface (accept "issue123" or "Issue 123")
- record journaltag lookup ("fixes" sf bug 998140)
- allow listing popup to be used in query forms (thanks Marcus Priesch)
- roundup windows service may be installed with command line options
recognized by roundup-server (but not tracker specification arguments).
Use this to specify server configuration file for the service.
- added experimental multi-thread server
- don't try to import all backends in backends.__init__ unless we *want* to
- unless in debug mode, keep a single persistent connection through a
single web or mailgw request.
- HTTP Basic Authentication (sf patch 1067690)
- extended security.addPermissionToRole to allow skipping the separate
getPermission call
Fixed:
- postgres backend open doesn't hide corruption in schema (sf bug 956375)
- \*dbm-style backends nuke() method now clear id counters
- removed safeget() from the API (sf bug 994750)
- demo tracker is always set up on localhost (sf bug 1049101)
- relaxed URL designator syntax to allow issue[0]*1 (sf bug 1054523)
2005-05-02: 0.7.12
Fixed:
- handle capitalisation of class names in text hyperlinking (sf bug
1101043)
- quote full-text search text in URL generation
- fixed problem migrating mysql databases
- fix search_checkboxes macro (sf patch 1113828)
- fix bug in date editing in Metakit
- allow suppression of search_text in indexargs_form (sf bug 1101548)
- hack to fix some anydbm export problems (sf bug 1081454)
- ignore AutoReply messages (sf patch 1085051)
- fix ZRoundup syntax error (sf bug 1122335)
- fix RDBMS clear() so it resets all class itemid counters
2005-01-06: 0.7.11
Fixed:
- index args URL generation broken in .10 (sf bug 1096027)
- handle NotModified for non-static files (sf patch 1095790)
- fix permission lookup in query editing
2005-01-04: 0.7.10
Fixed:
- reset ID counters if the database is cleared (thanks William)
- apply IE caching "fix" to automatically serve up all pages expired
- fix typo (sf patch 1076629)
- fix hyperlinking of items (sf bug 1080251)
- fix roundup-admin find command handling of Multilinks
- fix some security assertions (sf bug 1085481)
- don't set the title to nothing from incoming mail (thanks Bruce Guenter)
- fix py2.4 strftime() API change bug (sf bug 1087746)
- fix indexer searching with no valid words (sf bug 1086787)
- updated searching / indexing docs
- fix "(list)" popup when list is one item long (sf bug 1064716)
- have RDBMS full-text indexer do AND searching (sf bug 1055435)
- handle spaces in String index params in batching (sf bug 1054224)
2004-10-26: 0.7.9
Feature:
- DateHTMLProperty.field() accepts format string (thanks Wil Cooley)
Fixed:
- popup listing uses filter args (thanks Marlon van den Berg)
- fixed editing of message contents
- loosened the detection of issue cross-references in messages
- open CSV files in "universal newline" mode
- s/Modifed/Modified (thanks donfu)
- applied patch fixing some form handling issues in ZRoundup (sf bug 995565)
- enforce View Permission when serving file content (sf bug 1050470)
- don't index common words (sf bug 1046612)
- don't wrap query.item.html in a <span> (thanks Roch'e Compaan)
- TAL expressions like 'request/show/whatever' return True
if the request does not contain explicit @columns list
- NumberHTMLProperty should return '' not "None" if not set (thanks
William)
- ensure multilink ordering in RDBMS backends (thanks Marcus Priesch, sf
bug 950963)
- always honor indexme property on Strings (sf patch 1063711)
- make hyperdb value parsing errors readable in mailgw errors
- make anydbm journal export handle removed properties
- allow use of XML templates again
2004-10-15: 0.7.8
Fixed:
- Clean out sessions / otks tables when migrating
2004-10-11: 0.7.7
Fixed:
- ZRoundup's search interface works now (sf bug 994957)
- fixed history display when "ascending"
- removed references to py2.3+ boolean values (sf bug 995682)
- fix static file path normalisation in security check (thanks David Linke)
- less specific messages for login failures (thanks Chris Withers)
- Reject raised against email messages should result in email rejection, not
discarding of the message
- mailgw can override the MAIL_DEFAULT_CLASS
- handle Py2.3+ datetime objects as Date specs (sf bug 971300)
- use row locking in MySQL newid() (sf bug 1034211)
- add sanity check for sort and group on same property (sf bug 1033477)
- extend OTK and session table value cols to TEXT (sf bug 1031271)
- fix lookup of REMOTE_USER (sf bug 1002923)
- new Interval props weren't created properly in rdbms
- date.Interval() now accepts an Interval as a spec (sf bug 1041266)
- handle deleted properties in RDBMS history
- apply timezone in correct direction in user input (sf bug 1013097)
- more efficient find() in RDBMS (sf bug 1012781)
2004-07-21: 0.7.6
Fixed:
- rdbms backend full text search failure after import (sf bug 980314)
- rdbms backends not filtering correctly on link=None
- fix anydbm journal import (sf bug 983166)
- handle postgresql bug in SQL generation (sf bug 984591)
- fix dates-from-Dates (sf bug 984604)
- fix messageid generated when msgid is None for send_message (sf bug 987933)
- make user permissions check more sane (fix search page for anonymous)
- fixed RDBMS filter() for no matches from full-text search (sf bug 990778)
- fixed DateHTMLProperty for invalid date entry (sf bug 986538)
- fixed external password source example (sf bug 986601)
- document the STATIC_FILES config var
- implement the HTTP HEAD command (sf bug 992544)
- fix journal export of files to remove content from CSV files
- API clarification. Previously, the anydbm/bsddb/metakit filter() methods
had required exact matches to Multilink argument lists. The RDBMS
backends treated Multilink matches like all other data types - matching
any of the Multilink argument list is good enough. The latter behaviour
is implemented across the board now.
- fix metakit handling of filter on Link==None
2004-06-24: 0.7.5
Fixed:
- force lookup of journal props in anydbm filtering
- fixed lookup of "missing" Link values for new props in anydbm backend
- allow list of values for id, Number and Boolean filtering in anydbm
backend
- fixed some more mysql 0.6->0.7 upgrade bugs (sf bug 950410)
- fixed Boolean values in postgresql (sf bugs 972546 and 972600)
- fixed -g arg to roundup-server (sf bug 973946)
- better roundup-server usage string (sf bug 973352)
- include "context" always, as documented (sf bug 965447)
- fixed REMOTE_USER (external HTTP Basic auth) (sf bug 977309)
- fixed roundup-admin "find" to use better value parsing
- fixed RDBMS Class.find() to handle None value in multiple find
- export now stores file "content" in separate files in export directory
2004-06-10: 0.7.4
Fixed:
- re-acquire the OTK manager when we re-open the database
- mailgw handler can close the database on us
- fixed grouping by a NULL Link value
- fixed anydbm import/export (sf bugs 965216, 964457, 964450)
- fix python 2.3.3 strftime deprecation warning (sf patch 968398)
- fix some column datatypes in postgresql and mysql (sf bugs 962611,
959177 and 964231)
- fixed RDBMS journal packing (sf bug 959177)
- fixed filtering by floats in anydbm (sf bug 963584)
2004-05-28: 0.7.3
Fixed:
- add "checked" to truth values for Boolean input
- fixed import in metakit backend
- fix SearchAction use of Class.filter(), and clarify API docs for same
- ensure static files may only be served out of the tracker's "static
files" directory
2004-05-17: 0.7.2
Fixed:
- anydbm sorting with None values (sf bug 952853)
- roundup-server -g option not recognised (sf bug 952310)
- HTML templating isset() inverted (sf bug 951779)
- otks manager missing (sf bug 952931)
- mention DEFAULT_TIMEZONE requirement in upgrading doc (sf bug 952932)
- fix DateHTMLProperty so local() can override user timezone (sf bug
953678)
- fix anydbm sort/group direction handling, and make RDBMS sort/group use
Link'ed "order" properties (sf bug 953148)
- fix Interval editing (sf bug 954891)
2004-05-10: 0.7.1
Fixed:
- several temp files made it into the source distribution (sf bug 949243)
- typo in roundup/instance.py
- missing CRLF var in rfc822.py (sf patch 949471)
- fix user creation page
- have roundup server pass though the cause of a "403 Forbidden" response
- fix schema mutation in sqlite backends (thanks Tamer Fahmy)
- make popup Javascript IE 5.0 friendly (thanks Marlon van den Berg)
- fix RDBMS import (thanks Tamer Fahmy)
2004-05-06: 0.7.0
Fixed:
- sqlite migration drops some journal information (thanks David Linke)
- user editing Role entry help text always appears
- disable forking server when os.fork() not available (sf bug 938586)
- removed Boolean from source to make py <2.3 happy (sf bug 938790)
- fix nested scope bug in rdbms multilink sorting
- re-seed the random number generator for each request
- postgresql backend altered to not use popen (thanks Georges Martin)
- fixed journal marshalling in RDBMS backends (sf bug 943627)
- fixed handling of key values starting with numbers (sf bug 941363)
- fixed journal "param" column size in RDBMS backends
- fixed static file serving
- fixed rego from email address (sf bug 947414)
- fixed sqlite journal ordering issue
- fixed mysql date range filtering
2004-04-18: 0.7.0b3
Feature:
- added a favicon
- added url_quote and html_quote methods to the utils object
- added isset method to HTMLProperty
- database export now exports full journals too
- tracker name at end of page title (sf rfe 926840)
- roundup-server now uses the ForkingMixin
- added another sample detector "creator_resolution"
- added search_checkboxes as an option for the search form
- added IMAP support to mail gateway (sf rfe 934000)
- check MANIFEST against the files actually unpacked
- roundupdb nosymessage() takes an optional bcc list
Fixed:
- mysql and postgresql schema mutation now handle added Multilinks
- web CSV export was busted (as was any action returning a result)
- MultiMapping deviated from the Zope C implementation in a number of
places (thanks Toby Sargeant)
- MySQL and Postgresql use BOOL/BOOLEAN for Boolean types
- OTK generation was busted (thanks Stuart D. Gathman)
- export and import now include journals (incompatible with export < 0.7)
- added "download_url" method to generate a correctly quoted URL for file
download links (sf bug 927745)
- all uses of TRACKER_WEB now ensure it ends with a '/'
- roundup-admin install checks for existing tracker in target home
- grouping (and sorting) by multilink in RDBMS backends (sf bug 655702)
- roundup scripts may now be asked for their version (sf rfe 798657)
- sqlite backend had stopped using the global lock
- better check for anonymous viewing of user items (sf bug 933510)
- stop Interval from displaying an empty string (sf bug 934022)
- fixed storage of some datatypes in some RDBMS backends
2004-03-27: 0.7.0b2
Feature:
- added CSV export to index pages
- added emailauditor.py which works around a bug in IE. See
"detectors/emailauditor.py" for more info.
- added dispatcher functionality - see upgrading.txt for more info
- added Reject exception which may be raised by auditors. This is trapped
by mailgw and may be used to veto creation of file attachments or
messages. (sf bug 700265)
- queries on a per-user basis, and public queries (sf "bug" 891798 :)
- added DEFAULT_TIMEZONE (sf rfe 895139)
- added HTML page template to the templating context as "template"
- added is_retired to HTMLItems in templating
Fixed:
- Boolean, Date and Link HTML templating was broken
- fix reporting of test inclusion in postgresql test
- EditAction was confused about who "self" was
- edit collision detection was broken for index-page edits
- sqlite backend wasn't migrating multilink tables correctly
- use SimpleCookie instead of Cookie (is an alias for the evil SmartCookie)
- handle older sessions in session dbm
- make presetunread more resilient to status Class changes
- HTMLDatabase classes() was broken
2004-03-24: 0.7.0b1
Major new features:
- added postgresql backend (originally from sf patch 761740, many changes
since)
- added new "actor" automatic property (indicates user who cause the last
"activity")
- RDBMS backends implement their session and one-time-key stores and
full-text indexers; thus they are now performing their own locking
internally
- all RDBMS backends now have indexes on several columns
- support confirming registration by replying to the email (sf bug 763668)
- all HTML templating methods now automatically check for permissions
(either view or edit as appropriate), greatly simplifying templates
Other new features:
- simple support for collision detection (sf rfe 648763)
- support setgid and running on port < 1024 (sf patch 777528)
- using Zope3's test runner now, allowing GC checks, nicer controls and
coverage analysis
- change nosymessage and send_message to accept msgid=None (RFE #707235)
- handle Resent-From: headers (sf bug 841151)
- always sort MultilinkHTMLProperty in the correct order, usually
alphabetically (sf feature 790512)
- added script for copying user(s) ("scripts/copy-user.py") from tracker
to tracker (sf patch 828963)
- ignore incoming email with "Precedence: bulk" (sf patch 843489)
- use HTTP 'Content-Length' header (modified sf patch 844577)
- HTML generated is now HTML4 (or optionally XHTML) compliant (sf feature
814314 and sf patch 834620)
- default stylesheet turns off sidebar when printing
- allow direct supply of filter() arguments in templating (thanks Godefroid
Chapelle)
- improved body_title slot in HTML templating (sf patch 873502)
- HTMLLinkProperty field() method renders as a field now (thanks darryl)
- cgi Action handlers may now return the actual content to be sent back to
the user (rather than using some template)
- date.Date now handles fractional seconds
Fixed:
- mysql documentation fixed to note requirement of 4.0+ and InnoDB
- added testing of schema mutation, fixed rdbms backends handling of a
couple of cases
- HTML 4.01 validation on the 'classic' backend
- messages to the mailgw can be about classes other than issues now.
- signature matching is more precise (sf bug 827775).
- anonymous user can no longer edit or view itself (sf bug 828901).
- corrected typo in installation.html (sf bug 822967).
- clarified listTemplates docstring.
- print a nicer error message when the address is already in use
(sf bug 798659).
- remove empty lines before sending strings off to the csv parser
(sf bug 821364).
- centralised conversion of user-input data to hyperdb values (sf bug
802405, sf bug 817217, sf rfe 816994)
- recalculate SHA on template files when installed tracker used as
template (sf bug 827510)
- fixed ZRoundup (sf bug 624380)
- the mail gateway now searches recursively for the text/plain and the
attachments of a message (sf bug 841241).
- fixed display of feedback messages in some situations (sf bug 739545)
- fixed ability to edit "content" property (sf bug 914062)
Cleanup:
- replace curuserid attribute on Database with the extended getuid() method
- extract a new 'mailer' module for sending mail
- extract a '_send_mail' method for testing mail sending
- simplify backend importing
- use roundup_server in demo.py
- implement newItemAction using editItemAction
- use FormError in client.py, moving the handling up to inner_main()
- implemented semantic comparison of Message objects in test_mailgw
- tidied up forms in default stylesheet
- force textareas to use monospace fonts, lessening surprise on the user
- moved out parts of client.py to new modules:
* actions.py - the xxxAction and xxxPermission functions refactored into
Action classes
* exceptions.py - all exceptions
* form_parser.py - parsePropsFromForm & extractFormList in a FormParser
class
2004-05-17: 0.6.10
Fixed:
- mysql backend wasn't locking tracker
- ensure static files may only be served out of the tracker's "static
files" directory
2004-04-18: 0.6.9
Fixed:
- paging in classhelp popup was broken
- socket timeout error logging can fail
- hyperlink designators in message display (sf bug 931828)
- don't match retired items in RDBMS stringFind
2004-04-01: 0.6.8
Fixed:
- existing trackers (ie. live ones) may be used as templates for new
trackers - the TEMPLATE-INFO.txt name entry has the tracker's dir name
appended (so the demo tracker's template name is "classic-demo")
- handle bad multilink input at item creation time better (sf bug 917834)
- make sure email signature starts on a newline (sf bug 919759)
- add line to rego email to help URL detection (sf bug 906247)
- look harder for text/plain in email
- fixed fallback excel writer in rcsv so it has a delimiter
- fixed setup.py's use of listTemplates (!)
- make rdbms serialise() less trusting
- handle Boolean values in history HTML display
2004-03-01: 0.6.7
Fixed:
- be more backward-compatible when asking for EMAIL_CHARSET
- made error on create consistent with edit when user enters invalid data
for Multilink and Link form fields (sf bug 904072)
- made errors from bad input in the quick "Show issue:" form more
user-friendly (sf bug 904064)
- don't add a query to a user's list if it's already there
- nicer invalid property error in HTML templating
- use EMAIL_CHARSET for message body too (still sf bug 900046)
2004-02-25: 0.6.6
Fixed:
- don't insert spaces into designators, it just confuses users (sf bug
898087)
- Eudora can't handle utf-8 headers. We love Eudora. (sf bug 900046)
- fixed bug in args to new DateHTMLProperty in the local() method (sf bug
901444)
- fixed registration (sf bug 903283)
- also changed rego to not use a 302 during confirmation, as this seems to
confuse some email clients or browsers.
2004-02-16: 0.6.5
Fixed:
- mailgw handling of subject-line errors
- allow serving of FileClass file content when the class isn't called
"file" (eg. messages and other FileClasses)
- allowed negative ids (ie. new item markers) in HTMLClass.getItem,
allowing "db/file_with_status/-1/status/menu" to generate a useful
widget
- fixed content-type when templates are serving up xml (thanks Godefroid
Chapelle)
- fixed IE double-submit when it shouldn't (sf bug 842254)
- fixed check for JS pop()/push() to make more general (sf bug 877504)
- fix re-enabling queries (sf bug 861940)
- use supplied content-type on file uploads before trying filename)
- fixed roundup-reminder script to use default schema (thanks Klamer Schutte)
- fixed edit action / parsePropsFromForm to handle index-page edits better
- safer logging from HTTP server (sf bug 896917)
2003-12-17: 0.6.4
Fixed:
- fixed date arithmetic to not allow day-of-month == 0 (sf bug 853306)
- fixed date arithmetic to limit hours-per-day to 24, not 60
- hard-coded python2.3-ism (socket.timeout) fixed
- fixed activity displaying as future because of Date arithmetic fix in 0.6.3
(sf bug 842027).
- fix Windows service mode for roundup-server (sf bug 819890)
- fixed #white in cgitb (thanks Henrik Levkowetz)
2003-11-14: 0.6.3
Fixed:
- fixed detectors fix incorrectly fixed in bugfix release 0.6.2
- added note to upgrading doc for detectors fix in 0.6.2
- added script to help migrating queries from pre-0.6 trackers
- fixed "documentation" of getnodeids in roundup.hyperdb
- added flush() to DevNull (sf bug 835365)
- fixed javascript for help window for only one checkbox case
- date arithmetic was utterly broken, and has been for a long time.
Date +/- Interval now works, and Date - Date also works (produces
an Interval.
- handle socket timeout exception (thanks Marcus Priesch)
- fixed retirement of items in rdbms imports (sf bug 841355)
- fixed bug in looking up journal of newly-created items in \*dbm backends
2003-09-29: 0.6.2
Fixed:
- cleaned up, clarified internal caching API in \*dbm backends
- stopped pyc writing to current directory! yay! (patch 800718 with changes)
- fixed file leak in detector initialisation (patch 800715)
- commented out example tracker homes (patch 800720)
- added note about hidden :template var in user.item (bug 799842)
- fixed Apply Error that was raised, when property was deleted from class and
we are trying to edit an instance
2003-08-31: 0.6.1
Fixed:
- Add note about installing cgi-bin with a different interpreter
- Importing wasn't setting None values explicitly when it should have been
- Fixed import warning regarding 0xffff0000 literal, finally, really this
time. Checked on win2k. (sf bug 786711)
- fix CGI editCSV action to handle metakit's integer itemids
- apply fix for "remove" links from Klamer Schutte
- added permission check on "remove" link while I was there..
- applied CSV fix for python2.3 (sf bug 790363)
- fixed form padding in LHS menu (sf bug 790502)
- fixed upgrading docs for timezones (sf bug 790498)
- set the content type on page templates (can have XML templates now)
- various cosmetic fixes (thanks James Kew for being persistent :)
- applied patch 739314 (sorry John!)
2003-08-08: 0.6.0
Fixed:
- Fixed editing attributes on FileClass nodes.
- Query editing now works correctly (sf bug 621248)
- roundup-server now logs IP addresses by default (sf bug 778795)
- logfile must be specified if pidfile is (sf bug 772820)
- timelog editing via csv interface crashes (sf bug 699837)
- sort multilinks a little better for grouping (sf bug 772935)
- batch the (list) listings at 500 entries per page (sf bug 759906)
- don't have RDBMS backends list retired nodes (sf bug 767319)
- fix file downloading
- add action attribute to issue.item form tag
2003-07-29: 0.6.0b4
Fixed:
- plugged cross-site-scripting hole (thanks Jeff Epler)
- handle deprecation of FCNTL in python2.2+ (sf bug 756756)
- handle missing Subject: line (sf bug 755331)
- fix New User creation (sf bug 754510)
- fix hackish message escaping (sf bug 757128)
- fix :required ordering problem (sf bug 740214)
- audit some user properties for valid values (roles, address) (sf bugs
742968 and 739653)
- fix HTML file detection (hence history xref linking) (sf bug 741478)
- session database caches it's type, rather than calling whichdb each time
around.
- changed rdbms_common to fix sql backends for new Boolean types under Py2.3
2003-06-10: 0.6.0b3
Fixed:
- cgi client was broken during b2 fixing
2003-06-09: 0.6.0b2
Feature:
- added the start/stop/restart/condstart/status roundup-server control
script
Fixed:
- handle non-existant demo dir (thanks Ollie Rutherfurd)
- strip whitespace from Role names so "User, Admin" will work
- fixed template searching on Windows (thanks J Vickroy)
2003-05-09: 0.6.0b1
Removed:
- having served its purpose as a template for other relational database
implementations, the gadfly backend has now been removed from the Roundup
distribution.
Feature:
- new instant-gratification Demo Mode
- support setting of properties on message and file through web and
email interface (thanks John Rouillard)
- allow additional control over the roundupdb email sending (explicit
cc addresses, different from address and different nosy list property)
(thanks John Rouillard)
- applied patch for nicer history display (sf feature 638280)
- cleaning old unused sessions only once per hour, not on every cgi
request. It is greatly improves web interface performance, especially
on trackers under high load
- added mysql backend (see doc/mysql.txt for details)
- switch metakit to use "compressed" multilink journal change representation
- metakit now handles "unset" for most types (not Number and Boolean)
- fixed bug in metakit search-by-ID
- added ability to display localized dates in web interface. User input is
convered to GMT (see doc/upgrading.txt).
- added a form to show a specific issue
- more proper sorting/grouping on mulitilink properties. Sorting is performed
not only by number of links, but also by links itself. This makes usable
grouping e.g. by topic multilink
- add "ago" to intervals in the past (sf bug 679232)
- included UN*X manual pages from Bastian Kleineidam
- implemented extension to form parsing to allow editing of multiple items
and creation of multiple items (but only one per class)
- the colon ":" special form variable designator may now be any of : + @
- trackers' templates directory can contain subdirectories with static files
(e.g. images). They are accessible naturally: _file/images/img.gif
- altered Class.create() and FileClass.create() methods to make "content"
property available in auditors
- can now configure CC to author only for messages creating issues (sf
feature 625808)
- registration is now a two-step process, with confirmation from the email
address supplied in the registration form
- added password reset feature for forgotten password / login
- added support for last-modified and if-modified-since headers for static
file serving
- added Node.get() method
- nicer page titles (sf feature 65197)
- relaxed CVS importing (sf feature 693277)
- added support for searching on ranges of dates and intervals (see
doc/user_guide.txt in chapter "Searching Page" for details) (closes sf
feature 700178)
- role names made case insensitive
- added ability to restore retired nodes
- more lenient date input and addition Interval input support (sf bug 677764)
- roundup mailgw now handles apop
- implemented ability to search for multilink properties with no value
- Class.find() may now find unset Links (sf bug 700620)
- more flexibility in classhelp link labelling (sf feature 608204)
- added command-line functionality for roundup-admin (sf feature 687664)
- added nicer popup windows for topic, nosy, etc (has add/remove buttons)
thanks Gus Gollings
- HTML templating files now have a .html extension
- Roundup templates are now distributed much more sanely, allowing for
3rd-party templates.
- extended date syntax to make range searches even more useful
- SMTP login and TLS support added (sf bug 710853 with extras ;)
Note: requires python 2.2+
- added Windows Service mode for roundup-server when daemonification is
attempted on Windows.
- sort HTMLClass.properties results by name (sf feature 724738)
- nicer index navigation (sf feature 676866)
Fixed:
- applied unicode patch. All data is stored in utf-8. Incoming messages
converted from any encoding to utf-8, outgoing messages are encoded
according to rfc2822 (sf bug 568873)
- fixed layout issues with forms in sidebar
- fixed timelog example so it handles new issues (sf bug 678908)
- handle missing os.fork() (sf bug 681046)
- added warning filter for "FutureWarning: hex/oct constants > sys.maxint will
return positive values..." (literal 0xffff0000 in portalocker.py)
- fixed ZPT code generating SyntaxWarning for assignment to None
- open static files using binary mode (sf bug 693208)
- fixed deja-vu bug 692910
- don't display "Editing" on read-only pages (sf bug 651967)
- re-worked detectors initialisation - woohoo, no more cross-importing!
- fixed export/import of retired nodes (sf bug 685273)
- remember the display template specified during edit (sf bug 701815)
- added example HTML tempating for vacation flag (sf bug 701722)
- finally, tables autosize columns (sf bug 609070)
- added creation to index columns (sf bug 708247)
- fixed missing (pre-commit) journal entries in \*dbm backends (sf bug 679217)
- URL cited in roundup email confusing dumb Email clients (sf bug 716585)
- set title on issues even when the email body is empty (sf bug 727430)
- under the heading of "questionable whether it's a fix or not"
(sf "bug" 621226 for the users of the "standards compliant" browser IE)
2003-05-08: 0.5.7
Fixed:
- fixed Interval maths (sf bug 665357)
- fixed sqlite rollback/caching bug (sf bug 689383)
- fixed rdbms table update detection logic (sf bug 703297)
- fixed detection of bad date specs (sf bug 691439)
- required String properties not being flagged (thanks Ajit George)
- only look for CSV files when importing (thanks Dan Grassi)
- can now unset values in CSV editing (sf bug 704788)
- fixed rdbms email address lookup (case insensitivity)
- email file attachments added to issue files list (sf bug 711501)
- added socket timeout to attempt to prevent stuck processes (sf bug 665487)
- email registered users shouldn't be able to log in (sf bug 714673)
- handle missing addresses on users (sf bug 724537)
2003-02-27: 0.5.6
Fixed:
- fixed templating filter function arguments (sf bug 678911)
- fixed multiselect in searching (sf bug 676874)
- fixed parsing of content-disposition filenames (sf bug 675116)
- added 'h' to roundup-server optarg list (sf bug 674070)
- fixed doc for db.history in anydbm and rdbms_common (sf bug 679221)
- fixed roundup-reminder (sf bug 681042)
- fixed int assumptions about Number values (sf bug 677762)
- clarified licensing
- another attempt to fix cookie misbehaviour - customise cookie name using
tracker name
- fixed error in indexargs_url (thanks Patrick Ohly)
- fixed getnode (sf bug 684531)
- fixed args to some date templating methods (sf bug 689670)
- fixed database corruption in rdbms property mutation
2003-01-24: 0.5.5
Fixed:
- fixed rdbms searching by ID (sf bug 666615)
- fixed metakit searching by ID
- detect corrupted index and raise semi-useful exception (sf bug 666767)
- open server logfile unbuffered
- revert StringHTMLProperty to not hyperlink text by default
- fixes to CGI form handling
- fix unlink bug in metakit backend
- fixed hyperlinking ambiguity (sf bug 669777)
- fixed cookie path to use TRACKER_WEB (sf bug 667020) (thanks Nathaniel Smith
for helping chase it down and Luke Opperman for confirming fix)
2003-01-10: 0.5.4
Fixed:
- key the templates cache off full path, not filename
- implemented whole-database locking
- hyperlinking of special text (url, email, item designator) in messages
- fixed time default in date.py
- fixed error in cgi/templates.py (sf bug 652089)
- fixed handling of missing password (sf bug 655632)
- applied patches for handling Outlook quirks (thanks Andrey Lebedev)
(multipart/alternative, "fw" and content-type "name")
- fire auditors and reactors in rdbms retire (thanks Sheila King)
- better match for mailgw help "command" text
- handle :add: better in cgi form parsing (sf bug 663235)
- handle all-whitespace multilink values in forms (sf bug 663855)
- fixed searching on date / interval fields (sf bug 658157)
- fixed form elements names in search form to allow grouping and sorting
on "creation" field
- display of saved queries is now performed correctly
2002-12-11: 0.5.3
Fixed:
- added mention of how to give users multiple Roles
- mention needed trailing "/" in TRACKER_WEB
- fixed upgrading doc to have CGI changes in the correct order
- fixed double-close of anydbm backend (sf bug 639030)
- removed use of string/strop from TAL/TALInterpreter
- handle KeyboardInterrupt nicely
- fixed Date and Interval form value handling
- fixed Date.local()
- email quoted text stripping is controllable again (sf bug 650742)
- extract attachment name from content-disposition if name is missing (sf
bug 637278)
- removed FILTER_POSITION from bundled configs
- reverse message listing in issue display (reversion of recent change)
- bad entries for multilink editing in cgi don't traceback now (sf bug 640310)
- detect and break email loops (sf bug 640854)
- finished of handling of retired flag in filter() (sf bug 635260)
- allow StringHTMLProperty in MultilinkHTMLProperty test to work
- don't set explicit None Link properties in web create
- fixed nasty sorting bug that was lowercasing properties
- allow multiple :remove and :add elements per property being edited
- added date header to emails (sf bug 651358)
2002-11-07: 0.5.2
Fixed:
- added quotes around python interpreter in windows bat (sf bug 623963)
- fixed link at end of installation doc (sf bug 623957)
- handle "classname" URL path errors cleaner (generate a 404)
- added CGI :remove:<propname> and :add:<propname> which specify item ids to
remove / add in <propname> multilink.
- bugfix in boolean templating
- remember the change note on bad submissions (sf bug 625989)
- highlight required form fields (sf bug 625989)
- force non-word boundary to match re: in subject (sf bug 626303)
- handle sqlite bug (<2.7.2) (sf bug 630828)
- handle missing props in anydbm stringFind
- updated email package address formatting (deprecation)
- copied email address quoting from email v2.4.3 so we're consistent with 2.2
- email summary extraction now takes the first whole sentence or line -
whichever is longer
- documented dependency on Active State (sf bug 623959)
- ensured there's no zero-length files in source (sf bug 633622)
- added ID to the search page (sf bug 631601)
- fixed filtering by id in anydbm
- show issue ID in the headings (sf bug 631598)
- show entire messages by default in issues (sf bug 625995)
- fixed journalling to save old values instead of new (sorry it took so long GM)
- handle missing REQUEST_URI for cgi-bin users (sf bug 620163)
2002-10-16: 0.5.1
Fixed:
- highlight rows in groups of three
- metakit cleanups
- nicer "navigation" style in index views
- handle missing Link values in anydbm backend set() operation
- fixed filter() with no sort/group (sf bug 618614)
- fixed register with no session (sf bug 618611)
- fixed log / pid file path handling in roundup-server (sf bug 617981)
- fixed old gadfly compatibiltiy problem, for sure this time (sf bug 612873)
- https URLs from config now recognised as valid (sf bug 619829)
- nicer display of tracker list in roundup-server (sf bug 619769)
- fixed some missed renaming instance -> tracker (sf bug 619769)
- allow blank passwords again (sf bug 619714)
- expose the tracker config as a variable for templating
- homogenise newlines in CGI text submissions (sf bug 614072)
- merged Zope Collector #372 fix from ZPT CVS trunk
- fixed history to display username instead of userid
- shipped templates didn't import all hyperdb types in dbinit.py
- fixed bug in Interval serialisation
- handle "unset" status in status auditor (sf bug 621250)
- issues in 'done-cbb' are now also moved to 'chatting' on new messages
- implemented the missing Interval.__add__
- added ability to implement new templating utility methods
- expose the Date.pretty method to templating
- made form table cell alignment consistent (sf bug 621887)
- include stylesheet in docs (sf bug 623183)
- store PIPE messages so we can re-send them on errors (sf bug 623082)
- implemented "retire" cgi action, added to user index (sf bug 618612)
- included doc ideas from Bernhard Reiter (sf feature 621941)
2002-10-02: 0.5.0
Fixed:
- fixed style for alternating rows in user lists
- fixed query edit form so it doesn't barf
- #617133 ] 0.5.0pr1 uses nonexistent renderTemplate
- merged Zope Collector #539 fix from ZPT CVS trunk
2002-09-27: 0.5.0 pr1
Fixed:
- handling of None for Date/Interval/Password values in export/import
- handling of journal values in export/import
- password edit now has a confirmation field
- registration error punts back to register page
- gadfly backend now handles changes to the schema - but only one property
at a time
- cgi.client base URL is now obtained from the config TRACKER_WEB
- request.url has gone away - there's too much magic in trying to figure
what it should be
- cgi-bin script redirects to https now if the request was https
- FileClass "content" property wasn't being returned by getprops() in most
backends
- we now verify instance attributes on instance open and throw a useful error
if they're not all there
- sf 611217 ] menu() has problems when labelprop==None
- verify contents of tracker module when the tracker is opened
- many performance improvements in \*dbm and sql backends
- mailgw was missing an "import sys"
- setup now installs scripts with python -O flag, doubling performance in some
cases (there's a lot of __debug__ use)
- fix :required for Link menus
- import wasn't setting the ID to maxid+1
- added getItem to HTMLClass so you can access arbitrary items in templates
- index filtering form values may now be key values too
- replaced the content() callback ickiness with Page Template macro usage
- changed the default CSS style to be less offensive to some ;)
- better handling of Page Template compilation errors
- handle multiple unrelated indexed classes
- #614188 ] Exception in mailgw.py
- #613310 ] traceback on onexistant items
- #613291 ] typos in nosy list
- handle stupid mailers that QUOTE their Re; 'Re: "[issue1] bla blah"'
- giving a user a Role that doesn't exist doesn't break stuff any more
- revamped user guide, customisation guide, added maintenance guide
- merge Zope Collector #538 fix from ZPT CVS trunk (path expressions with a
non-path final alternate no longer try to call a value returned by that
alternate)
- merge Zope Collector #573 fix from ZPT CVS trunk
- merge Zope Collector #580 fix from ZPT CVS trunk
- added "crypt" password encoding and ability to set password with
already encrypted password through roundup-admin
- fixed the mailgw so that anonymous users may still access it
- add hook to allow external password verification, overridable in the
tracker interfaces module
- fixed login attempt by user that doesn't exist
2002-09-13: 0.5.0 beta2
Fixed:
- all backends now have a .close() method, and it's used everywhere
- fixed bug in detectors __init__
- switched the default issue item display to only show issue summary
(added instructions to doc to make it display entire content)
- MANIFEST.in was missing a lot of template files
- added generic item editing
- much nicer layout of template rendering errors
- added context/is_edit_ok and context/is_view_ok convenience methods and
implemented use of them in the classic template
2002-09-11: 0.5.0 beta1
Fixed:
- #576086 ] dumb copying mistake (frontends/ZRoundup.py)
- installation instructions now mention "python2" in "testing your python".
- made the unit tests run again - they were quite b0rken
- #571170 ] gdbm deadlock
- #576241 ] MultiLink problems in parsePropsFromForm
- fixed the date module so that Date(". - 2d") works
- web forms may now unset Link values (like assignedto)
- cleanup: moved roundup.templatebuilder to roundup.templates.builder
- instance __init__ no longer silently traps dbinit import errors
Feature:
- new backend for metakit (thanks Gordon McMillan)
- new backend for gadfly (it's as done as it's going to get)
- further split the dbm backends from the core code, allowing easier
non-dict-like backends (eg metakit, RDB)
- implemented and used the new access control mechanisms (Permissions, Roles)
(see doc/security.txt)
- switched templating to use Zope's PageTemplates (yay!)
- switched to sessions for web authentication
- added Boolean and Number types
- fixed the journal bloat
- updated design document for new access controls
- updated customisation document, including more examples
- entire database export and import (incl files)
- better mailgw help message (feature request #558562)
- re-enabled link backrefs from messages (feature request #568714)
- the page layout is now templatable
- re-worked cgi interface to abstract out the explicit "issue" interface
- have index page handle mid-page errors better so header and footer are
still visible
- we handle "not found", access and item page render errors better
- fixed double-submit by having new-item-submit redirect at end
- daemonify roundup-server (fork, logfile, pidfile)
- modify cgitb to display PageTemplate errors better
- rename to "instance" to "tracker"
- have roundup.cgi pick up tracker config from the environment
- revamped look and feel in web interface
- cleaned up stylesheet usage
- several bug fixes and documentation fixes
- added is_retired test to hyperdb.Class
- added capability to save queries:
- a query Class with name, klass (to search) and url (query string)
properties
- a Multilink to query on user called queries
- html templates for query, and a list of queries in user.item
- search form has Save button & name input
- saved queries put in menu in pagehead
- for migration, none of the above is required and old behavior preserved.
- showquery translates search form <-> query string
- cleaned up the indexer code:
- it splits more words out
- removed code we'll never use (roundup.roundup_indexer has the full
implementation, and replaces roundup.indexer)
- only index text/plain and rfc822/message (ideas for other text formats to
index are welcome)
- added simple unit test for indexer. Needs more tests for regression.
- all String properties may now be indexed too. Currently there's a bit of
"issue" specific code in the actual searching which needs to be
addressed. In a nutshell:
+ pass 'indexme="yes"' as a String() property initialisation arg, eg:
file = FileClass(db, "file", name=String(), type=String(),
comment=String(indexme="yes"))
+ the comment will then be indexed and be searchable, with the results
related back to the issue that the file is linked to
- as a result of this work, the FileClass has a default MIME type that may
be overridden in a subclass, or by the use of a "type" property as is
done in the default templates.
- the regeneration of the indexes (if necessary) is done once the schema is
set up in the dbinit.
- new "reindex" command in roundup-admin used to force regeneration of the
index
- added email display function - mangles email addrs so they're not so easily
scraped from the web
- switched to using a session-based web login
- made mailgw handle set and modify operations on multilinks (bug #579094)
- fixed the journal bloat from multilink changes - we just log the add or
remove operations, not the whole list
2002-06-24: 0.4.2
Fixed:
- Cleaned up the hyperdb unit tests.
- Applied patch from Andrew W. Nosenko to give nicer Unauthorised message
when anonymous user tries to edit. Should've been applied in 0.4.2pr1. Oops.
- Added more detailed note to MIGRATION regarding the detectors changes.
2002-06-19: 0.4.2pr1
Feature:
- added a "detectors" directory for people to put their useful auditors and
reactors in. Note - the roundupdb.IssueClass.sendmessage method has been
split and renamed "nosymessage" specifically for things like the nosy
reactor, and "send_message" which just sends the message.
- link() htmltemplate function now has a "showid" option for links and
multilinks. When true, it only displays the linked node id as the anchor
text. The link value is displayed as a tooltip using the title anchor
attribute.
To use in eg. the superseder field, have something like this::
<td>
<display call="field('superseder', showid=1)">
<display call="classhelp('issue', 'id,title', label='list', width=500)">
<property name="superseder">
<br>View: <display call="link('superseder', showid=1)">
</property>
</td>
- stripping of the email message body can now be controlled through the
config variables EMAIL_KEEP_QUOTED_TEXT and EMAIL_LEAVE_BODY_UNCHANGED.
- all database files created are now group readable and writable.
- added option to automatically add the authors and recipients of messages
to the nosy lists with the options ADD_AUTHOR_TO_NOSY (default 'new') and
ADD_RECIPIENTS_TO_NOSY (default 'new'). These settings emulate the current
behaviour. Setting them to 'yes' will add the author/recipients to the nosy
on messages that create issues and followup messages.
- reverting to dates for intervals > 2 months sucks
- changed the default message list in issues to display the message body
- applied patch #558876 ] cgi client customization
- split instance initialisation into two steps, allowing config changes
before the database is initialised.
- don't create an empty message on email issue creation if the email is empty
- may now display additional fields in Multilink form menus
- #541941 ] changing multilink properties by mail
- #526730 ] search for messages capability
- #505180 ] split MailGW.handle_Message:
- also changed cgi client since it was duplicating the functionality
Fixed:
- stop sending blank (whitespace-only) notes
- cleanup of serialisation for database storage
- node ids are now generated from a lockable store - no more race conditions
- sorting was applied to all nodes of the MultiLink class instead of
to the nodes that are actually linked to in the "field" template
function. This adds about 20+ seconds in the display of an issue if
your database has a 1000 or more issues in it.
- added missing documentation for a few of the config option values
- file upload broke if you didn't supply a change note
- fixed SCRIPT_NAME in ZRoundup for instances not at top level of Zope
(thanks dman)
- fixed some sorting issues that were breaking some unit tests under py2.2
- mailgw test output dir was confusing the init test (but only on 2.2 *shrug*)
- node caching now works, and gives a small boost in performance
- #449374 ] re-enable bsddb3 backend
bsddb3 backend now works, reinstating
- #551483 ] assignedto in Client.make_index_link
- made backends.__init__ be more specific about which ImportErrors it really
wants to ignore
- fixed the example addresses in the templates to use correct example domains
- cleaned out the template stylesheets, removing a bunch of junk that really
wasn't necessary (font specs, styles never used) and added a style for
message content
- build htmlbase if tests are run using CVS checkout
- #565979 ] code error in hyperdb.Class.find
- #565996 ] The "Attach a File to this Issue" fails
- #564271 ] find() and new properties
- #562130 ] cookie path generated from ZRoundup was wrong in some situations
- remove CR characters embedded in messages (ZRoundup)
- properly quote the email address and "real name" in all situations using the
'email' module if it is available and 'rfc822' otherwise
- #565992 ] if ISSUE_TRACKER_WEB doesn't have the trailing '/', add it
- use the rfc822 module to ensure that every (oddball) email address and
real-name is properly quoted
- #558867 ] ZRoundup redirect /instance requests to /instance/
- #569415 ] {version}
- #569178 ] type error
was fixed as part of the general cleanup of reactors
2002-03-25: 0.4.1
Feature:
- use blobfiles in back_anydbm which is used in back_bsddb.
change test_db as dirlist does not work for subdirectories.
ATTENTION: blobfiles now creates subdirectories for files.
- add module blobfiles in backends with file access functions.
- roundup db catch only IOError in getfile.
- roundup db catches retrieving not existing files.
- #503204 ] mailgw needs a default class:
- partially done - the setting of additional properties can wait for a
better configuration system.
- Alternate email addresses are now available for users. See the MIGRATION
file for info on how to activate the feature.
- #511168 ] Web interface: Adding new products
Classes that don't provide template html get a default edit
interface now:
- access using the admin "class list" interface
- limited to admin-only
- requires the csv module from object-craft (url given if it's missing)
- Added popup help for classes using the classhelp html template
function.
- add ``<display call="classhelp('priority', 'id,name,description')">``
to an item page, and it generates a link to a popup window which displays
the id, name and description for the priority class. The description
field won't exist in most installations, but it will be added to the
default templates.
- #517734 ] web header customisation is obscure
- All messages sent to the nosy list are now encoded as
quoted-printable before they are sent.
- Fixed display of mutlilink properties when using the template
functions, menu and plain.
Fixed:
- Clean up mail handling, multipart handling.
- respect encodings in non multipart messages.
- makeHtmlBase: re.sub under python 2.2 did not replace '.', string.replace
does it.
- preamble in tepmlateBuilder mentioned htmldata
- mailgw checks encoding on first part too.
- #511586 ] unittest FAIL: testReldate_date
- Added a uniquely Roundup header to email, "X-Roundup-Name"
- All forms now have "double-submit" protection when Javascript is enabled
on the client-side.
- #516883 ] mail interface + ANONYMOUS_REGISTER
- #516854 ] "My Issues" and redisplay
- #517906 ] Attribute order in "View customisation"
- #514854 ] History: "User" is always ticket creator
- wasn't handling cvs parser feeding correctly
- fixed some problems in date calculations (calendar.py doesn't handle over-
and under-flow). Also, hour/minute/second intervals may now be more than
99 each.
- #527416 ] roundup-admin uses undefined value
- #527503 ] unfriendly init blowup when parent dir
(also handles UsageError correctly now in init)
- #524129 ] roundup-admin gets python path wrong
2002-01-24: 0.4.0
Feature:
- much nicer history display (actualy real handling of property types etc)
- journal entries for link and mutlilink properties can be switched on or
off
- properties in change note are now sorted
- you can now use the roundup-admin tool pack the database
Fixed:
- the mail gateway now responds with an error message when invalid values
for arguments are specified for link or mutlilink properties
- modified unit test to check nosy and assignedto when specified as arguments
- handle attachments with no name (eg tnef)
- fixed setting nosy as argument in subject line
- fixed back_bsddb so it passed the journal tests
- fixed status changes in mail gateway (eg. unread -> chatting)
- we'll actually distribute the frontends directory now, as advertised...
- handle stripping of "AW:" from subject line
- htmltemplate list() wasn't sorting...
- unit tests for html templating (and re-enabled the listbox field for
multilinks)
- allow abbreviation of "help" in admin tool too.
- run_tests testReldate_date failed if LANG is 'german'
- mailgw failures (unexpected ones) are forwarded to the roundup admin
2002-01-16: 0.4.0b2
Fixed:
- #495392 ] empty nosy -patch
- #500574 ] messageid must have format <part1@part2>
- fixed some problems with web editing and change detection
- mail splitting wasn't detecting responses in the same "section" as quoted
text
- missed a "from i18n import _" in date.py
- #501690 ] MIGRATION.txt incomplete
- #502342 ] pipe interface
- #502437 ] rogue reactor and unittest
- re-enabled dumbdbm when using python >2.1.1 (ie 2.1.2, 2.2)
- changed all config accesses so they access either the instance or the
config attriubute on the db. This means that all config is obtained from
instance_config instead of the mish-mash of classes. This will make
switching to a ConfigParser setup easier too, I hope.
- #502951 ] adding new properties to old database
- #502953 ] nosy-like treatment of other multilinks
- #503164 ] create and passwords
- plain rendering of links in the htmltemplate now generate a hyperlink to
the linked node's page.
- #503330 ] ANONYMOUS_REGISTER now applies to mail
- #503353 ] setting properties in initial email
- #502956 ] filtering by multilink not supported
- #503340 ] creating issue with [asignedto=p.ohly]
- #502949 ] index view for non-issues and redisplay
- #503793 ] changing assignedto resets nosy list
- lots of date/interval related changes:
- more relaxed date format for input
- handle None for date/interval properties
2002-01-08: 0.4.0b1
Feature:
- Added INSTANCE_NAME to configuration - used in web and email to identify
the instance.
- Added EMAIL_SIGNATURE_POSITION to indicate where to place the roundup
signature info in e-mails.
- Some more flexibility in the mail gateway and more error handling.
- Login now takes you to the page you back to the were denied access to.
- Admin user now can has a user index link on their web interface.
- We now have basic transaction support. Information is only written to
the database when the commit() method is called. Only the anydbm and
bsddb3 backends are modified in this way - the bsddb3 backend needs a
lot more work anyway...
- the CGI and mailgw automatically commit() at the end of processing a
single transaction
- the admin tool requires an explicit "commit" - it will prompt at exit
if there are unsaved changes. A "rollback" removes all changes made
during the session (up to the last commit).
- Added the "display" command to the admin tool - displays a node's values
- Message author's name appears in From: instead of roundup instance name
(which still appears in the Reply-To:)
- Added a Zope frontend for roundup.
- Centralised the python version check code, bumped version to 2.1.1 (really
needs to be 2.1.2, but that isn't released yet :)
- much better attaching of erroneous messages in the mail gateway
- #496356 ] Use threading in messages
This adds the tracking of messages by message-id and allows threading
using in-reply-to. Most e-mail clients support threading using this
feature, and we hope to add support for it to the web gateway.
Fixed:
- Lots of bugs, thanks Roch\E9 and others on the devel mailing list!
- login_action and newuser_action return values were being ignored
- Woohoo! Found that bloody re-login bug that was killing the mail
gateway.
- Fixed login/registration forwarding the user to the right page (or not,
on a failure)
- We now use weakrefs in the Classes to keep the database reference, so
the close() method on the database is no longer needed.
- #487480 ] roundup-server
- #487476 ] INSTALL.txt
- #489760 ] [issue] only subject
- fixed doc/index.html to include the quoting in the mail alias.
- fixed the backends __init__ so we can pydoc the backend modules
- web i/f reports "note added" if there are no changes but a note is entered
- we were assuming database files created by anydbm had the same name, but
this is not the case for dbm. We now perform a much better check _and_
cope with the anydbm implementation module changing too!
- envelope-from is now set to the roundup-admin and not roundup itself so
delivery reports aren't sent to roundup (thanks Patrick Ohly)
- #495400 ] entering blanks
Values with spaces are now accepted in roundup-admin - check the long help
for details.
- #496360 ] table width does not work
- detectors were being registered multiple times
- added tests for mailgw
2001-11-23: 0.3.0
Feature:
- #467129 ] Lossage when username=e-mail-address
- #473123 ] Change message generation for author
- MailGW now moves 'resolved' to 'chatting' on receiving e-mail for an issue.
- Added Structured Text rendering to htmltemplate, thanks Brad Clements.
- Added CGI configuration via env vars (see roundup.cgi for details)
- "roundup.cgi" is now installed to "<python-prefix>/share/roundup/cgi-bin"
- roundup-admin now accepts abbreviated commands (eg. l = li = lis = list)
- roundup-mailgw now supports unix mailbox and POP as sources of mail.
- roundup-admin now handles all hyperdb exceptions
- users may attach files to issues (and support in ext) through the web now
- incorporated patch from Roch'e Compaan implementing attachments in nosy
e-mail
- added a target version field to the extended issue schema
- added dummy hooks for I18N and some preliminary (test) markup of
translatable messages
Fixed:
- Fixed a bug in HTMLTemplate changes.
- 'unread' to 'chatting' automagic status change was b0rken.
- Anonymous user lockout wasn't working.
- roundup-server now works on Windows, thanks Juergen Hermann.
- Fixed install documentation, also thanks Juergen Hermann.
- Fixed some URL issues in roundup.cgi, again thanks Juergen Hermann.
- bug #475347 ] WindowsError still not caught (patch from Juergen Hermann)
- bug #474749 ] indentations lost
- bug #477104 ] HTML tag error in roundup-server
- bug #477107 ] HTTP header problem
- bug #477687 ] conforming html
- bug #474372 ] Netscape 4.77 do not render Support form
- bug #477685 ] base64.decodestring breaks
- bug #477837 ] lynx does not like the cookie
- bug #477892 ] Password edit doesn't fix login cookie
- newuser_action now presents error messages rather than tracebacks.
- bug #479511 ] mailgw to pop
- bug #479508 ] roundup-admin crash on wrong class
- bad error report in hyperdb
- roundup.mailgw now handles errors on the set() and create() at the end
of processing
- roundup.mailgw also handles messages that are passed to it that don't
contain a From: line - apparently some POP servers can do this. It punts
an error message to the roundup admin.
- fixed nosy reaction and author copy handling
- errors in nosy reaction will be propogated now (were effectively being
squashed)
- re-open the database as the author in mail handling
- missing "return" in filter_section (thanks Roch'e Compaan)
2001-10-23: 0.3.0 pre 3
Feature:
- MailGW now moves 'unread' to 'chatting' on receiving e-mail for an issue.
- feature #473127: Filenames. I modified the file.index and htmltemplate
source so that the filename is used in the link and the creation
information is displayed.
Admin Tool (roundup-admin):
- Interactive mode for running multiple (independant at present) commands.
- Tabular display of nodes.
- Import and export via colon-separated files.
Changed:
- re-organised the html templating code. Fixed some bugs, probably
introduced some more. Hopefully not too many.
Fixed:
- Stand-alone server now has a configurable setuid user.
- CGI interface wasn't handling checkboxes at all.
- Fixed quopri usage in mailgw from bug reports on mailing list.
- Remove the "freshen" command from the roundup-admin tool.
- Catch errors in login - no username or password supplied.
- Fixed editing of password (Password property type) thanks Roch'e Compaan.
- Fixed grouping of non-str properties thanks Roch'e Compaan.
- bug #473121: The customisation view and filters (CGI interface view
customisation section may now be hidden (patch from Roch'e Compaan.)
- bug #473122: Issue id sorting (hyperdb sorts strings-that-look-like-numbers
as numbers now.
- bug #473124: UI inconsistency with Link fields.
This also prompted me to fix a fairly long-standing usability issue -
that of being able to turn off certain filters.
- bug #473125: Paragraph in e-mails
- bug #473126: Sender unknown
- bug #473130: Nosy list not set correctly
2001-10-11: 0.3.0 pre 2
Fixed:
- Hyperdatabase was inserting empty strings instead of None for missing
property values. This broke a lot of things.
2001-10-10: 0.3.0 pre 1
Feature:
- roundup-admin create now prompts for property info if none is supplied
on the command-line.
- hyperdb Class getprops() method may now return only the mutable
properties.
- CGI interfaces now generate a top-level index of their known instances.
Changed:
- Login now uses cookies, which makes it a whole lot more flexible. We can
now support anonymous user access (read-only, unless there's an
"anonymous" user, in which case write access is permitted). Login
handling has been moved into cgi_client.Client.main()
- The "extended" schema is now the default in roundup init.
- The schemas have had their page headings modified to cope with the new
login handling. Existing installations should copy the interfaces.py
file from the roundup lib directory to their instance home.
- Passwords are now encoded by default (except exising databases which
will only be encoded when the passwords are changed). The scheme used
at the moment is SHA - but the code is flexible enough to take any
number of encoding systems.
- The roundup-admin tool always operates as the "admin" user now. Database
protection should be achieved using file system protections (see the
documentation for details.)
Fixed:
- Incorrectly had a Bizar Software copyright on the cgitb.py module from
Ping - has been removed.
- Pretty time interval wasn't handling > 1 month properly.
- Generation of links to Link/Multilink in indexes. (thanks Hubert Hoegl)
- AssignedTo wasn't in the "classic" schema's item page.
- Fixed a whole bunch of places in the CGI interface where we should have
been returning Not Found instead of throwing an exception.
- Fixed a deviation from the spec: trying to modify the 'id' property of
an item now throws an exception.
- The plain() template function now html-escapes the content.
- Change message was stuffing up for multilinks with no key property.
--------------
2001-08-30: 0.2.8
Fixed:
- Wasn't handling unguessable mime types for file uploads.
- Missing import in mailgw.
2001-08-29: 0.2.7
Feature:
- Text searches are now case insensitive. All forms of text search use
regular expressions now.
Fixed:
- Had another 2.1-ism in the unit tests
- Made the mail parser a little more robust w.r.t missing Subject:
(both thanks Mikhail Sobolev)
- Missed some isFooType usages (thanks Mikhail Sobolev for spotting them)
- Reverted back to sending change messages to the web editor of a node so
that the change note message is actually genrated.
- CGI interface wasn't generating correct change messages.
- Notes entered during a change are saved to the messages list even if
there's no nosy list. No message is generated if there's no nosy list and
there's no change note (since it would just duplicates the journal).
- Completely removed the bsddb3 module from the tests - will be reinstated
when the http://bsddb.sourceforge.net/'s bugs #439959 and #456408 are
dealt with. One is fixed in CVS, the other pending.
2001-08-08: 0.2.6
Note:
- Roundup is now released under the same terms as the Python License.
Feature:
- Added tests for instance initialisation. No more releasing the software
with bugs in roundup.init!
- Now bundling unittest with the package so that python 2.0 users can use
the tests.
- Much better error handling and messages generated by the mail gateway.
Fixed:
- Implemented correct mail splitting. Added unit tests. Also snips
signatures now too.
- Bug #447671 - typo in roundup/init.py
- Changed date.Date to use regular string formatting instead of strftime -
win32 seems to have problems with %T and no hour... or something...
- Bug #448484 - now catching correct exception from makedirs.
- Instances are now opened by a special function that generates a unique
module name for the instances on import time.
2001-08-03: 0.2.5
Note:
- The bsddb3 module has a bug that renders it non-functional. Users should
select the anydbm or bsddb backend instead.
Fixed:
- Python 2.0 does not contain the unittest module. The setup.py module now
checks for unittest before attempting to run the unit tests.
2001-08-03: 0.2.4
Features:
- Added ability for cgi newblah forms to indicate that the new node
should be linked somewhere.
- Added time logging and file uploading to the templates.
- Added "My Issues" and "My Support" to extended template. Changed "Your
Details" to "My Details". Changed the "New Foo" links to "Add Foo".
Added links for unassigned support and issues. Generally reorganised and
cleanup the header up.
- Changed the order of the information in the message generated by web edits.
- Extended the range of intervals that are pretty-printed before actual dates
are displayed.
- Added more BUILD instructions including the "clean" command to force
rebuild.
- Web edit messages aren't sent to the person who did the edit any more. No
message is generated if they are the only person on the nosy list.
- Roundupdb now appends "mailing list" information to its messages which
include the e-mail address and web interface address. Templates may
override this in their db classes to include specific information (support
instructions, etc).
Fixed:
- Argument handling for the roundup-admin find command.
- Handling of summary when no note supplied for newblah. Again.
- Detection of no form in htmltemplate Field display.
- Checklist html template command was setting wrong name.
- 2.1-specific gmtime() (no arg) call in roundup.date. (thanks Paul Wright)
- mailgw was making naughty assumptions about the schema of the classes it
was creating nodes for.
- remove the $Foo$ from the HTML files stored in the htmlbase modules.
- Instance import now imports the instance using imp.load_module so that
we can have instance homes of "roundup" or other existing python package
names.
2001-07-30: 0.2.3
Big change:
- I've split off the support class from the issue class in "extended".
Anyone who has any support entries, sorry. It should be possible to
write a scipt that moves the entries over pretty easily. If this causes
you pain, I'll do so. You'll want to update your instance with the new
code in "extended" either way.
Features:
- Added the unit tests to the start of setup.py so they're run whenever
we do anything distutils'y.
- Added nicer prompting to the roundup-admin "init" command.
- Actually, the roundup-admin code is totally revamped, and has command
help and better command-line arg handling.
- The cgi_client.Client base class now reflects the structure of "classic"
rather than "extended" since "classic" is more of a "base" template.
- Added more DB to test. Skips tests where imports fail.
Fixed:
- One of the tests in test_date had the wrong expected result.
- Fixed IssueClass so that superseders links to its classname rather than
hard-coded to "issue".
- templatebuilder was catching IOError instead of OSError.
- The cgi_client newblah method wasn't detecting the __note form field
properly.
- The History command in htmltemplate didn't handle a new node (None
nodeid) properly.
2001-07-29: 0.2.2
Features:
- Added implementation.txt to the doc directory. Contains implementation
notes specific to this implementations of Roundup.
- Cleaned up mailgw some (subclass Message for getPart) and added some
tests for multipart splitting.
- Better checking for html dir in templatebuilder.
- Base hyperdb.Class now fakes the "id" property.
- Made the classic roundup look more like the original prototype.
- Made cgi_client and templating slightly more generic.
- Moved some code around in cgi_client allowing for subclassing to change
behaviour.
- Added the fabricated property "id" to all hyperdb classes.
- Cleanup of the link label generation (new method on hyperdb.Class to do
it).
Fixed:
- Everything uses errno module now to check errno values.
- New issue form handles lack of note better now.
- HTML templating uses section-bar style for index group headers now.
- Fixed problem in link display when Link value is None.
- Form handling in cgi client wasn't propogating through the previous
query elements.
- Fixed sort arguments generated for column headings so sorting can be
changed now.
2001-07-28: 0.2.1
Features:
- Added docstring to roundup package so pydoc reports useful information.
- Added the roundup 1 software carpentry submission HTML to the doc
directory as "overview.html".
Fixes:
- Fixed bug in init command - templatebuilder was assuming existence of
"html" directory in instance home.
- Fixed INSTALL.txt to reflect some changes in the installation and test
procedure. Whatdya know, "setup.py install" does the script install.
There you go...
- Fixed some non-string node ids in cgi_client now that the hyperdb is
strict about such things.
2001-07-26: 0.2.0
Features:
- Major reorganisation of code to allow multiple roundup instances and a
single, site-packages -based installation. Also allows multiple database
back-ends.
- Moved the bin/ proggies into the top dir, so that it all works
out-of-the-box
- Added the "classic" template - a direct implementation of the Roundup
spec. Well, as close as we're going to get, anyway.
- Added an issue priority of support to "extended"
- Added command-line arg handling to roundup-server so it's more useful
out-of-the-box.
- Added distutils-style installation of "lib" files.
- Added some unit tests.
Fixes:
- Fixed bug in re generation in the filter
- Fixed handling of None String property in grouped list headings
- Fixed adding new issue with no change note
- Fixed values in text input fields which contained quotes (") are now
quoted.
- Fixed a bug in the hyperdb filter - wrong variable names in the error
message.
2001-07-19: 0.1.3
- Reldate now takes an argument "pretty" - when true, it pretty-prints the
interval generated up to 5 days, then pretty-prints the date of last
activity. The issue index and item now use the pretty format.
- Classes list for admin user in CGI interface.
- Made the view configuration more accessible, neater and more realistic.
- Fixed list view grouping handling grouping by a Multilink or String or Link
value of None or Date, ... (mind you, sorting by Date???)
- Fixed bug in the plain formatter when a Link was None.
- Fixed ordering of list view column headings.
- Fixed list view column heading sort links - and limited the number of
columns to sort by to 2.
- Added searching by glob to StringType filtering -
^text - search for text at start of fields
text$ - search for text at end of fields
^text$ - exactly match text in fields
te*xt - search for text matching "te"<any characters>"xt"
te?xt - search for text matching "te"<any one character>"xt"
- Added more fields to the issue.filter and issue.index templates
2001-07-18: 0.1.2
- Set default index to ?:group=priority&:columns=activity,status,title so
the priority column isn't displayed.
- Thanks Anthony:
- added notes to the README about Python prerequisites
- added check to roundup.py, roundup.cgi, server.py and roundup-mailgw.py
for python 2+ - and made the file itself parseable by 1.5.2 ;)
- python 2.0 didn't have the default args for the time module functions.
- better handling of db directory in initDB
- Sorting on the extra properties defined by roundupdb classes was broken
due to the caching used. May now sort on activity and creation
properties, etc.
- Set the default index to sort on activity
2001-07-18: 0.1.1
- Initial version release with consent of Roundup spec author, Ka-Ping Yee:
"Amazing! Nice work. I'll watch for the source code on your website."
2001-07-11: 0.1.0
- Needed a bug tracking system. Looked around. Tried to install many
Perl-based systems, to no avail. Got tired of waiting for Roundup to be
released. Had just finished major product project, so needed something
different for a while. Roundup here I come...