Anonymous committed d6e9f95 Draft

Release preparation

Comments (0)

Files changed (3)

 Each entry has the developer who committed the change in brackets.
 Entries without name were done by Richard Jones.
-2012-??-??: 1.4.21
+2012-12-21: 1.4.21


-I'm proud to release version 1.4.20 of Roundup which can be seen as a
-security release. We've fixed several security issues, in particular
-some XSS issues. We've also dropped support for python 2.4 with this
-release. This release also introduces some minor features and, as usual,
-fixes some bugs:
+I'm proud to release version 1.4.21 of Roundup which has been possible
+due to the help of several contributors.  This release introduces some
+minor features and, as usual, fixes some bugs:
-- Experimental support for the new Chameleon templating engine.
-  We now have two configurable templating engines, the old Zope TAL
-  templates (called zopetal in the config) and the new Chameleon (called
-  chameleon in the config). A new config-option "template_engine" under
-  [main] can take these config-options, the default is zopetal.
-  Thanks to Cheer Xiao for the idea of making this configurable *and*
-  for the actual implementation! (Ralf)
-  WARNING: Chameleon support is highly experimental and *not* recommended for
-  production use. It has known performance issues and i18n is not yet
-  functioning. It's still under active development. Only use this feature if
-  you want to experiment with Chameleon and/or help with Roundup
-  developement. If you found a bug in Chameleon support, please report after
-  testing against latest Roundup source from the Mercurial repository.
-- issue2550678: Allow pagesize=-1 which returns all results.
-  Suggested and implemented by John Kristensen. 
-  Tested by Satchidanand Haridas. (Bernhard)
-- Allow to turn off translation of generated html options in menu method
-  of LinkHTMLProperty and MultilinkHTMLProperty -- default is
-  translation as it used to be (Ralf)
-- Sending of OpenPGP encrypted mail to all users or selected users (via
-  roles) is now working. (Ralf)
-- Add config-option "nosy" to messages_to_author setting in [nosy]
-  section of config: This will send a message to the author only
-  in the case where the author is on the nosy-list (either added
-  earlier or via the add_author setting). Current config-options
-  for this setting will send / not send to author without considering
-  the nosy list. (Ralf)
+- issue2550782: Added a new irker detector to send notifications on IRC
+  when an issue is created or messages are added. (Ezio Melotti)
+- Beta version of responsive templates using devel schema
+  and Twitter Bootstrap for styling (Pradip Caulagi)
+- pywin32 is not longer required to run on Windows (anatoly techtonik)
+- Rewritten logic in ctypes for Windows (anatoly techtonik)
+- Add an interface to register clearCache callbacks in roundupdb.
+  Sometimes complicated computations may require an application cache.
+  This application can now register a callback to clear the application
+  cache, because roundup knows better when to clear it (usually when a
+  transaction ends, either with rollback or with commit). The interface
+  for this is currently considered experimental. The current interface
+  is registerClearCacheCallback(self, method, param) where method is
+  called with param as the only parameter.  (Ralf Schlatterbeck)
+- Add a script to remove file-spam from a tracker, see
+  scripts/spam-remover. (Ralf Schlatterbeck)
-- issue2550730: FAQ has broken link to Zope book. Reported and fixed by
-  John Rouillard.(Bernhard)
-- issue2550728: remove buggy parentheses in TAL/
-  Reported and fixed by Ralf Hemmecke. (Bernhard)
-- issue2550715: IndexError when requesting non-existing file via http.
-  Reported and fixed by Cedric Krier. (Bernhard)
-- issue2550712: exportcsvaction errors poorly when given invalid columns.
-  Reported by Will Kahn-Greene, fixed by Cedric Krier. (Bernhard)
-- issue2550695: 'No sort or group' settings not retained when editing queries.
-  Reported and fixed by John Kristensen. Tested by Satchidanand Haridas. 
-  (Bernhard)
-- Fix matching of incoming email addresses to the alternate_addresses
-  field of a user -- this would match substrings, e.g. if the user has
- as an alternate email and an incoming mail
-  is addressed to this would (wrongly) match. (Ralf)
-- issue2550729: Fix password history display for anydbm backend, thanks
-  to Ralf Hemmecke for reporting. (Ralf)
-- OpenPGP support is again working (pyme API has changed significantly) and
-  we now have a regression test. We now take care that bounce-messages
-  for incoming encrypted mails or mails where the policy dictates that
-  outgoing traffic should be encrypted is actually OpenPGP encrypted. (Ralf)
-- Ignore confirm set() fields by themselves in the absence of non-"confirm"
-  values; otherwise a bare confirm field can be used to change the a
-  password. Reported by Cam Blackwood. (Ralf)
-- Updated version of simplified Chinese message file by Cheer Xiao:
-  Corrected some mistakes, added a few more items and did some
-  formating. (Ralf)
-- Fix xmlrpc URL parsing so that passwords may contain a ':' character
-  (Ralf)
-- Be more tolerant when parsing RFC2047 encoded mail headers. Use
-  backported version of my proposed changes to
-  email.header.decode_header in
-  (Ralf)
-- issue2550684 Fix XSS vulnerability when username contains HTML code,
-  thanks to Thomas Arendsen Hein for reporting and patch. (Ralf)
-- issue2550711 Fix XSS vulnerability in @action parameter,
-  thanks to "om" for reporting. (Ralf)
-- issue2550535 In some cases even when keep_quoted_text=yes is
-  configured we would strip quoted sections. This hit the python
-  bug-tracker especially for python interpreter examples with leading
-  '>>>' strings. The fix is slightly different compared to the proposal
-  as this broke keep_quoted_text=no in certain cases. We also fix a bug
-  where keep_quoted_text=no would drop the last line of a non-quoted
-  section if there wasn't an empty line between the next quotes. (Ralf)
-- issue2431638 wrong registration link in bounce mail for non-registered
-  users reported *years* ago by anonymous (Ralf)
-- Fix doc/upgrading.txt which produces errors with latest docutils about
-  wrong block structure. Fix .gitignore in doc directory. Thanks to
-  Cheer Xiao for the patches. (Ralf)
-- Fix wrong execute permissions on some files, thanks to Cheer Xiao for
-  the patch. (Ralf)
-- Fix override of TemplatingUtils in, thanks to Cheer Xiao
-  for the patch. (Ralf)
-- Fix another XSS with the "otk" parameter, thanks to Jesse Ruderman for
-  reporting. (Ralf)
-- Mark cookies HttpOnly and -- if https is used -- secure. Fixes
-  issue2550689, but is untested if this really works in browsers.
-  Thanks to Joseph Myers for reporting. (Ralf)
-- Fix another XSS with the ok- and error message, see issue2550724. We
-  solve this differently from the proposals in the bug-report by not
-  allowing *any* html-tags in ok/error messages anymore. Thanks to 
-  David Benjamin for the bug-report and to Ezio Melotti for several
-  proposed fixes. (Ralf)
+- issue2550765: Don't show links in calendar that will fail.
+  Found and fixed by Cedric Krier. (Bernhard)
+- issue2550765: use <meta name="robots" content="noindex, nofollow"> in the
+  _generic.calendar.html to prevent robots to follow all the links in the
+  calendar. (Ezio Melotti)
+- "BaseException.with_traceback" is not available on Python 2, so use
+  "raise E, V, T" instead of "raise E(V).with_traceback(T)".  This change was
+  originally introduced in 74476eaac38a. (Ezio Melotti)
+- issue2550759: Trailing punctuation is no longer included when URLs are
+  converted to links. (Ezio Melotti)
+- issue2550574: Restore sample detectors removed in roundup 1.4.9
+  (Thomas Arendsen Hein)
+- Prevent AttributeError when removing all roles of a user
+  (Thomas Arendsen Hein)
+- issue2550762 Minor Documentation fix in doc/developers.txt, thanks
+  to W. Trevor King. (Bernhard Reiter)
+- issue2550766: Minor formatting issues in the docs for date properties,
+  thanks John Kristensen. (Bernhard Reiter)
+- issue2550738: Fixes for various documentation typoes,
+  thanks Nathan Russell. (John Kristensen)
+- issue2550756: Fix `oder' typo in mailer.Mailer.bounce_message docstring,
+  thanks W. Trevor King (John Kristensen)
+- Fix basic authentication: instatiating the login action would fail if
+  the user is not set. We now first set the user to anonymous and then
+  try basic authentication if enabled. (Ralf Schlatterbeck)
+- Fix xmlrpc permissions for lookup method: Allow if the key attribute
+  is either searchable or viewable, don't check id attribute (Ralf
+  Schlatterbeck)
+- Fix installation documentation (section Prerequisites) to require at
+  least python 2.5, thanks to John P. Rouillard for discovering this.
+  (committed by Ralf Schlatterbeck)
+- Fix to require at least python 2.5 (anatoly techtonik)
+- Fixing the download button re-activating the cheeseshop plugin in the 
+  sphinx config. Thanks to Richard for the hint. (Bernhard Reiter)
+- issue2550783 devel template's permissions referenced the
+  organization property for the user, but the property is called
+  organisation. Thanks to Pradip Caulagi. (committed by John Rouillard)
+- issue2550749 - the xmlrpc interface is invoked on content type
+  and not url path. Sending any text/xml data to roundup results in
+  invoking the xml-rpc interface, but a REST or other interface could
+  also consume xml data and do something different. So require the use
+  of 'http(s)://.../xmlrpc' uri to trigger the xmlrpc interface.
+  (John Rouillard)
+- issue2550774: Remove generating documentation with rst2html, and update the
+  README.txt with how to create the html docs using sphinx, thanks Kai Storbeck
+  (John Kristensen)
+- issue2550774: Include doc/ in the release tarball, so people can build
+  their own documentation in html, thanks Kai Storbeck (John Kristensen)
+- issue2550774: Update website/www/Makefile to symlink COPYING.txt so "make"
+  works again, thanks Kai Storbeck (John Kristensen)
+- issue2550760: Several improvements to the manpages
+  thanks Kai Storbeck & Bastian Kleineidam (John Kristensen)
 If you're upgrading from an older version of Roundup you *must* follow
 the "Software Upgrade" guidelines given in the maintenance documentation.


 __docformat__ = 'restructuredtext'
-__version__ = '1.4.20'
+__version__ = '1.4.21'
 # vim: set filetype=python ts=4 sw=4 et si