forked from apache/allura
-
Notifications
You must be signed in to change notification settings - Fork 0
/
CHANGES
1232 lines (1060 loc) · 53.9 KB
/
CHANGES
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
Version 1.12.0 (October 2019)
Upgrade Instructions
Run: `pip install -r requirements.txt` to install updated dependencies
If you wish to opt-in existing users to username notification emails, run:
`paste script your-ini-file.ini allura/scripts/set_default_user_notifications.py`
Username mentions and profile page changes:
* [#8284] Implement the notification email sender
* [#8285] Add a preference area for user mentions notifications
* [#8323] Trigger notification task per each artifact creation/modification and add tests
* [#8324] documentation for user mentions feature
* [#8330] Nicer user-project urls (for underscores) and titles
Security
* [#8335] Generic search doesn't do permission checks
Performance
* [#8332] Fix slowness on some large files in code repos
* [#8334] Python-ombed has no timeout by default
* [#8313] Make saved search cache expiry configurable, disable-able
Admin
* [#8318] Admin option to generate password reset link
* [#8331] Remove export controls settings
For Developers
* [#8314] @memoize on methods should still allow garbage collection
* [#8321] Unhandled error in Antispam class
* [#8320] Upgrade various packages
* [#8325] Upgrade more packages
* Update docs to match git/httpd config from [12f1d6]
* Publicize XSS vulnerability in 1.11.1 changes
Version 1.11.1 (July 2019)
Upgrade Instructions
Run: `pip install -r requirements.txt` to install updated dependencies
If using docker, run: `docker-compose up -d --no-deps --build http`
New Features
* [#8283] Add infotip for user mentions
Bug Fixes:
* [#8315] XSS vulnerability when adding another user to a project
* [#8312] Flash message regression due to TG upgrade
* [#8317] Docker image for git/http not working for pushes
* [#8316] Award/accolades error if project is removed
* [#8299] More precise markdown @username regex
For Developers
* Improve .ini notes about static caching in production
* [#8300] Update to py3-compatible Pypeline pkg
* [#8311] Split up and organize requirements.txt
* Publicize security fix in 1.11.0 changes
Version 1.11.0 (June 2019)
New Features
* [#5461] Option to subscribe to forums and other types of threads, when posting
* [#8253] Adding reaction support for comments
* [#8263] Indicate current reaction of comment
* [#8274] Add optional HaveIBeenPwned checks for password changes
* [#8281] Enable user mentions in markdown editor
* [#8282] Implement autocomplete list to selected users for mentioning
Upgrade Instructions
Run: `pip install -r requirements.txt` to install updated dependencies
Run: `python setup.py develop` in the `Allura` subdirectory
Recommended: `pip uninstall -y WebFlash WebError Pylons Tempita simplejson Routes` to remove old dependencies
Recommended, after upgrade is complete: in mongo, run `db.repo_commitrun.drop()` to free up storage space
To enable haveibeenpwned.com password checks:
Add to your .ini file the `auth.hibp_password_check` and following settings from `development.ini` and set to true.
Run: `paste script your-ini-file.ini allura/scripts/backfill_previous_login_details.py`
Security
* [#8303] CVE-2019-10085 Apache Allura XSS vulnerability in ticket user dropdown selector
Code Repositories
* [#6440] incorrect diff encoding (original in ru_RU.UTF-8)
* [#8264] AssertionError from git branch lock file
* Clear localStorage of merge request descriptions after successful create or edit
Discussion Forums
* [#8237] Moving discussion thread breaks attachments
General
* [#8261] Embed youtube videos without cookies
* [#8269] External link redirects should be 302 instead of 301
* [#8270] External link tool: rel=nofollow, omit from sitemap
* Track menu mount_point explicitly, fixes [#8270] regression of unconfigurable external links
* [#8289] Parse error in allura.tasks.mail_tasks.route_email
* Fix project-wide search with unicode terms
* Use correct vars in flash error message, when trying to send too many messages
* For fields like username/email/password fields, set some autocomplete/capitalize hints
Admin
* [#8302] Screenshot caption inputs not clickable in chrome
* [#8256] Drag-to-reorder on touch screens
* [#8280] Faster spam controls in discussions
Performance
* [#8271] Remove CommitRun usage
* [#8272] Really big artifact_feed queries
* [#8298] Use jinja caching settings for EW core widgets
* Lazy load /tree controller (self._commit.tree can run compute_tree_new and svn info2 for example), and run .ls() only once
For Developers
* [#8081] Subscriptions page should have the issues' Title column - migration script bugfixes
* [#8093] Developing Mobile Web View
* [#8222] TestForumMessageHandling fails occasionally
* [#8259] Update docker & docs for newer Ubuntu LTS
* [#8265] Update spam filter plugins
* [#8268] Make TroveCategory shortname unique per trove type
* [#8273] Upgrade TurboGears and WebOb partially
* [#8276] Turbogears 2.3.2 upgrade followup fixes
* [#8277] UnicodeDecodeErrors with weird url params
* [#8278] Track previous login details
* [#8279] Additional login security checks
* [#8286] Upgrade TG/etc more, remove pylons etc
* [#8287] Backfill all previous_login_details - NEEDS SCRIPT
* [#8288] Remove genshi templates, update EasyWidgets to py3-compatible
* [#8290] Move previous_login_details to a separate collection
* [#8291] Upgrade timermiddlware
* [#8295] error with latest EasyWidgets and debug=false
* [#8296] Regression on branches with "/" in name
* [#8301] Fix some issues with encoding in urls
* Release script: sort tags better (like 1.10 after 1.9)
* Avoid git directory clashes in tests
* Remove vagrant config
* Fix linter test when certain number of files are being linted, and files list is empty
* Upgrade colander and its dependencies
* Remove unused menus() function
* Update Node.js 4.x to 10.x
* Update our git repo URL
Version 1.10.0 (October 2018)
New Features
* [#8230] Make markdown checklists interactive
* [#6923] Support emoji shortcodes
* [#6299] Support attachments on blog posts and new forum topics
Upgrade Instructions
Run: `pip install -r requirements.txt` to install updated dependencies
Run: `paster script your-ini-file.ini ../scripts/migrations/034-update_subscriptions_ticket_and_mr_titles.py` in Allura dir
If you have your own .ini file (recommended), add `disable_entry_points.allura.theme.override = responsive` to it
Security
* [#8255] Escape html on wiki & blog diff views
Uploads & attachments
* [#2578] Handle BMP images
* [#6560] if same filename used, screenshot thumbnail not update
* [#8043] Animated gif attachment silently converted to static gif
* [#8238] Delete screenshot doesn't show any confirmation
* [#8239] Screenshots lightbox
* Add validation for screenshot file input
Accounts
* [#7459] Show password requirements on forms
* [#8244] Warn user if attempting to send messages when messaging is disabled
* [#8081] Subscriptions page should have the issues' Title column
* [#8233] Add "title" to envelope icon
Discussion Forums
* [#8232] DuplicateKeyError can happen on forum thread ids
* Make forums admin inline editing layout better
Admin
* [#8225] Component delete everything end up with 404
* [#8242] When deleting module and user at permissions page still gives 404
* [#8247] Project Categorization select and button are attached together
* [#8248] Module rename dialog accepts empty inputs
* Enforce a format for GA tracking id
* Fix _id var name (affects user searches where *anonymous/None is in results)
Code Repositories
* [#8231] Forking a repo doesn't keep the default branch
Wiki
* [#8246] Set Home dialog validation fix
Blog
* [#8249] Blog revert gives 405 Method Not Allowed
For Developers
* [#8093] Developing Mobile Web View
* [#8240] Personal Dashboard - Add dashboard docs
* [#8241] SMTP maximum allowed line length
* [#8243] Template extension point to wrap all content
* [#8245] Rename "row" and "column" classes
* Restore srcset support for img tags in HTML
* Upgrade paster packages to latest versions
* Allow more admin page customization via some div classes, and jinja block
* Santize more in paging_sanitizer() to avoid errors on invalid URL params
* Error handling around invalid pagination limits
Version 1.9.0 (September 2018)
New Features
* Personal Dashboard, showing your own tickets, merge requests, projects, etc
* [#8196] Save content before form submission
* [#8085] Add support for checkboxes to the markdown converter
Upgrade Instructions
Run `pip install -r requirements.txt` to install updated dependencies
Run: `paster ensure_index development.ini` in Allura dir
General
* [#8212] Github import error on deleted users
* [#8217] Content doesn't get saved when rate limit is hit
* Improve new external link dialog
* Fix scrollbar issue in "get link" dialog
* Add search help about specific fields, to blog, chat, discussion, wiki tools
* Audit log table fits better
* Make project status UI more prominent
* Better project import validation
Accounts
* [#8199] 2FA recovery codes file - line endings
* Don't list your own u/username project as going to be orphaned when disabling your account
* Only float profile project icon to left, avoid possible emoji img like in "Allura™"
Administration
* [#8186] Make antispam form post expiration configurable
* [#8197] Site admin searches match better
* [#8198] Ability to remove activity entries
* [#8210] Use different tmp dir for code snapshots
* [#8211] Use different tmp dir for project exports
Wiki
* [#1699] Fix incoming email for wiki pages with space in the title
* Show wiki edit link & login prompt, based on actual perms, not just whether user is logged in
Code Repositories
* [#6070] Make code snapshots based on directory
* [#8194] Persist the list of commits on Merge requests
* [#8200] Update GitPython to support git >= 2.15
* [#8201] Mask/hide email addresses in commit messages
* [#8214] Compute merge request commits in background
* Avoid calling _git.heads unnecessarily
Tickets
* [#6353] Pre-fill "private" using URL param
* [#8149] Bulk Delete for tickets
* [#8213] Nested replies don't update ticket timestamp
* [#8224] Ticket subscriptions orphaned when moving tickets
* Avoid error when closing a private ticket created by a deleted user
For Developers
* [#8195] More test coverage for rate limiting
* Use correct capitalization for solr "OR"
* Upgrade jinja to 2.10 and avoid bytecode versioning problems
* wrap export controls area on metadata admin page
* Don't generate SHA1 files any more, per ASF policy update
* Provide another master template block to hook in after the "block head" that many individual templates are using (without calling super)
* Support video_url field in project import
* Add a note to the debug section about how to do it with docker
* Make debug pages and post permalinks work correctly when behind a proxy (like docker)
* refreshrepo.py option to control creating activity, firing webhooks, etc
* Option in refreshrepo.py to clean commits after certain date
* Publicize previous security fix in changelog
Version 1.8.1 (March 2018)
New Features
* [#8192] StopForumSpam filter and moderation+spam update
* [#8193] Allow rate-limiting of comments
General
* [#4841] Anonymous updates should be moderated
* [#8182] Improve category management screens
* [#8183] Browse Commits graph should support hi-dpi
* [#8184] Project Importer should include optional icon
* [#8185] Allow additional domain patterns for inbound email
* [#8187] Make forum thread subjects editable
* [#8191] Remove html-only mailing options
* Adds convenience property for Neighborhood shortname
* Fix visual style on a modal cancel button
* Add tool_data field, use ProjectRegistrationProvider shortname validator, cleanup
* Ensure after a pwd reset, you can still log in. Test improvements.
Performance:
* [#8189] Fix slow forum listings
* [#8188] Config options for some scm limit params
Security:
* [#8190] HTTP response splitting vulnerability CVE-2018-1319
* Remove md5 from our release script, per latest ASF dist policy
* Publicize previous security fix in changelog
Version 1.8.0 (February 2018)
New Features
* Notify user of password changes, and more login audit logging
* [#7908] Docker setup for production environment
Upgrade Instructions
Run `pip install -r requirements.txt` to install updated dependencies
To subscribe merge request creators to their own merge requests, run:
paster script config-file.ini ../scripts/migrations/032-subscribe-merge-request-submitters.py
Bug Fixes & Minor Improvements
Security:
* [#8180] StaticFilesMiddleware allows directory traversal CVE-2018-1299
* [#8155] Record logins to audit log
* [#8156] Notify user of password changes
* [#8158] Add antispam measures to login page
* [#8159] Loosen ip requirements for antispam checks
General:
* [#6342] Errors in ForgeLinkPattern parsing
* [#8160] UnicodeEncodeError processing inbound email
* [#8169] Updating markdown cache should not affect last_updated
* [#8172] Markdown dialog shows same text repeatedly
* [#8176] Don't show related artifacts that user can't view
* Make Youtube embed work better with different CSS
* Allow a legacy icon (no original stored) to still be served when a larger width is requested
* If small icon requested, allow resizing down from old icons even if we don't have newer fullsize original
* Add a stylized search button to sidebar search boxes
* When reindexing, set c.app based on current artifact to avoid "Ambiguous link..."
* Make sure fontawesome never is downloaded twice, since we always provide it
* Upgrade to pygments 2.2 (includes faster HTML rendering for long lines)
Code Repositories:
* [#7896] Better plaintext mail for commit notifications
* [#8048] Better email subjects for merge request updates
* [#8157] Improvements to multiple commits in single notification
* [#8164] Merge requests should notify the submitter of changes HAS MIGRATION SCRIPT
* Handle repo's upstream fork being gone, rather than whole sidebar being blank
* Fix git merge requests to not update project last_updated when viewed.
* Show a root directory icon in the repo directory breadcrumbs too
* If a user can "write" to a MR but not "post" to it, still let them reject their MR
* Clarify a bit that a repo refresh is different than just refreshing the page
* Put the disabled attr on the merge button, not the icon within it
* Handle git 2.x output for last-commit detection
* Fix url encoding of diff urls
* Ensure markdown always gets unicode input (e.g. for rendering files from a repo)
* Fix encoding errors noticed in test.log when running tests with weird-chars.git repo
News:
* [#8167] errors when updating blog post, if feed item doesn't exist
Activity:
* [#8171] Changing your name should update your activity records
* [#8173] Empty activity pages have floating "1"
Wiki:
* [#8175] Better permission handling for non-existent wiki pages
Tickets:
* [#8177] Search bin counts include deleted items
* [#8178] Configurable invalidation delay for bin counts update
* Don't error on search_feed if ticket has unresolvable reporter
* Avoid errors on ticket search if filter=123 or =foo instead of json dict
Forum:
* Better labels & buttons for creating new forum
* Cache Thread.last_post, which avoids dupe queries when the prop is accessed frequently, e.g. in allura/templates/widgets/threads_table.html
* Include thread subject on spam check (for first post of forum threads)
Admin:
* [#8162] When purging a project, admin users missing audit log
* [#8174] Improve messaging around icon uploads
* Improve user skills interface:
* Allow subprojects within User-projects to be removed (since you can create them, after all)
* Fix positioning of Create project button
* Add username to admin user detail page title
* Provide convenience link on admin user detail page to remove all their projects
* Stronger delete tool messaging (since some people may use it while on an individual thread page)
For Developers:
* [#8161] Switch from React to Preact - or upgrade to React 16
* [#8168] Remove TreesDoc usage
* [#8179] Use PreferencesProvider for contacts and availability fields
* If an entry point is specified incorrectly, provide helpful error message and continue
* Flash message positioning moved CSS
* Add **kw to various @expose'd methods to avoid errors from extra url params
* Make merge instructions textarea height/width controllable by theme CSS
* Allow packages to have their own test.ini used automatically from their TestController tests
* Fix & clean up breadcrumbs link logic (loop scoping changed in jinja 2.9.x)
* Adds subnav to some account pages, allow explicit selection of current nav item
* Replace g.url usage with h.absurl; have it always use config.base_url so it works fine behind proxies, etc
* Adds extra content block for masthead, Adds optional textbox placeholders
* update jinja version; handle new jinja filter args and loop var scoping
* Add support for a size param in project_icon_srcs
* Tests can sometimes convert markdown in "0 seconds" making the caching not work, so use a slightly negative number
* Provide a AuthProvider hook to do things after login
* Release script: push single tag instead of all tags
Deployment & Configuration:
* Better bearer token https check; Unauthorized instead of Forbidden
* Provide a good index for last_post queries, so mongo won't ever pick the 'timestamp' index which can be very slow
* Config option to customize the default user avatar image
* Remove SF branding from default icon (on profile pages), allow overriding
* Upgrade docker-compose file to v2 format
* Replace forgemail.url with base_url
* Include Date header in email, instead of assuming mail service will add it
* Ticket custom fields that are "number" need to be indexed in solr as double, not int
* Optional support for much faster cchardet, used in really_unicode()
* Use nofollow on raw (download) and mode switching links, to reduce crawling within repos a little bit
Version 1.7.0 (June 2017)
New Features
* [#8143] Support hi-res logos
* Adds ability for neighborhood home to use Wiki home content
Upgrade Instructions
Run `pip install -r requirements.txt` to install updated dependencies
Bug Fixes & Minor Improvements
Security:
* [#8140] After password change, change current session id
* update Pypeline for .rst XSS fix
General:
* [#5867] Table display too wide, displaying very wide content in comments
* [#6016] Personal Contacts Remove button not working
* [#8120] CSS problem in help tooltip
* Allow for a lot more text in activity entries; do real truncation client-side
Code Repositories:
* [#7811] Coloring of long lines in diffs stops too early
* [#7814] Showing diffs for renamed files
* [#8144] When pushing multiple commits, email/rss list them backwards
* [#8142] Allow more configuration of types of checkout commands
* Remove unneeded broken icon link
Admin:
* [#7839] Failed to change permission of discussion
* [#7232] some unmoderated posts missing from in-line discussion view
* [#8021] Surface to spammy users to site admins
* [#8055] Moderate page has wrong params for next/prev page
* [#8073] Prevent pending users from being added to project ACLs
* [#8148] Error exporting with certain attachments
* Remove space in middle of URL that shows where a new tool will be installed at
* Fix broken export control link
Tickets:
* [#8059] Ticket search's dropdown filter choices should not show options from deleted tickets
* [#8150] Bulk edit change comment not shown as meta
* [#8154] Ticket searches not matching properly
* On new ticket page, hide helper text that was showing at bottom of page; regression from [#8145] most likely. Rules copied from jquery-ui.css which isn't included on that page
News:
* [#8112] Filter out comments from rss feeds
* Fix RSS updates to blog posts, when post has comments.
For Developers:
* [#8145] Minimize jquery ui JS
* [#8146] Index error with mongo 3.4
* [#8152] UnicodeDecodeError on svn tarball export's cleanup
* [#8153] Stronger no-cache headers
* Updates to installation (libffi-dev needed for cffi package if not installing from wheel)
* Some SVN errors have critical info after the "Unable to connect" lines (e.g. unreadable repo formats from a newer SVN versions), and should not be treated like an empty/missing dir
* Latest ubuntu requires locales pkg for locale-gen cmd
* Move "stylistic" rules from navbar.css to site_style.css so that different themes can more easily style the nav bar
* Remove unneeded backslashes
* Upgrade jquery.lightbox_me.js so it can work with jQuery 2 (no $.browser)
* Change the ForgeUserStats tests' git repos to be unique from each other so they can be run in parallel safely
* Update link to SVN patch for recursive repos
* Allow spam checks where artifact=None; text fixes; for [ca8b596]
* Update six to latest, to match with latest setuptools' six requirement
* Fix inner_grid for right_bar. Closing quote and variable scoping were wrong. Not used in core allura currently, so hadn't been a problem
* Removes neighborhood cache
* Avoid importer requests hanging indefinitely
* Better debugging with docker
Version 1.6.0 (December 2016)
New Features
* Multifactor authentication and recovery codes
* Add git-http docker container
* Per-thread subscriptions in discussion forums [#7981]
Bug Fixes & Minor Improvements
General:
* Specify python 2.7 and ubuntu 16.04 in docs
* [#6876] Handle revoked OAuth tokens for GitHub import
* [#8132] Fix comment threading when email In-Reply-To header isn't useful
* [#8125] Require password when confirming new email address
* Add rel=nofollow to links in user profiles
* Includes "seconds" in ago() helper
* Remove src="#" that was causing extra requests to the same page
* Fix iframe sanitization so that closing tag is okay, which had been putting closing tags in the wrong place
* Good text wrapping on project lists
* Remove weird notch from project list when project has award, and using 2 or 3 column display
Admin:
* [#8135] Improve admin categorization page
Code Repositories:
* [#5496] Git browse view stalls on "Loading commit details ..."
* [#8001] Error with git status "T" in a commit
* [#8131] refresh repo task uses wrong query
* Remove message about browser not supporting canvas
* Adds commit id to notification email subject
For Developers:
* [#8062] Naming of docker image is incorrect in docker-compose during initial build using git
* Update docker images, pysolr
* Update for newer `docker-compose logs` syntax
* Fix RAML syntax (queryRequired wasn't coming through as bool in the type def), other minor tweaks
* Split up pylint test into chunks that can be run with nose multiprocess; move pyflakes chunks into parallelized pattern
* Various other test improvements
* Remove requirements from setup.py
Version 1.5.0 (August 2016)
New Features
* [#3593] Add a guided tour after project registration
* [#8088] Design changes to Discussions
* Added project count and new design for neighborhood listing
* Design changes to list attachments. Added lightbox_me to view images
* Updated design of tool listing
* Added refresh commits button to merge requests
* Added emoji rendering via twemoji
Bug Fixes & Minor Improvements
General:
* [#4644] Don't whitelist form elements in markdown processing
* [#8006] Large timeline performance issue in activity stream
* [#8082] Rate limit artifact creation per-user NEEDS INDEX
* [#8094] Improve project creation UX
* [#8110] moderation queue items with long lines break layout
* Added optional parameter metalink in sendmail function that adds a view button in email clients
* Move help/fullscreen/preview icons on markdown editor to the right
* Fix how far lists inside comments can go; a proper fix for [#6248]
* Compressed PNG images losslessly using OptiPNG (-o6 -zm1-9)
* No rate limiting for anonymous user; on wiki page edit check perms before rate limit
* Whitelist posts for members of a project
Code Repositories:
* [#6409] CSS & JS on commit view missing
* [#7949] Better listing of files changed in a certain commit
* [#7965] Improve git/hg/svn endpoints for rest api
* [#8048] Better email subjects for merge request updates
* [#8078] Missing notification when using the one-click merge button
* [#8090] Show merge requests in sidebar, even if there are 0
* Added link items of owner column to filter by assigned_to
* Improve design of merge requests listing filter
* Fix for scm-ssh-key to be visible only if allow upload ssh key is true
* Speed up checking of newly forked repo (patterned after tarball, merge request pages)
* Use authored date instead of committed date in merge requests
Tickets:
* [#8087] Make Columns resizable in ticket table and ticket search
* [#8104] Skip creating metapost if list of changes is empty
* [#8106] tracker: can't reply to comment which was just moderated Approved
* [#8108] tracker markdown text editor handles end key incorrectly
Wiki:
* [#8071] Create wiki page button should work without admin access
* [#5194] For newly registered projects, don't send new wiki page email
Admin:
* [#7858] /categories URLs needs to use unique ids
* Don't error out when reindexing a post/thread that has been deleted
* Specify title for /nf/admin/new_projects page
API:
* [#8077] Add author profile picture information to the post inside response from the API
* [#8092] REST API for User Activity does not work due to missing attribute
For Developers:
* [#8040] Upgrade SimpleMDE and contribute our toggleCodeBlock
* [#8079] ensure_index command should not drop indexes
* [#8109] Reduce gridfs index creation
* Update copyright year.
* Adds a jinja block for specifying css classes on body element
* Remove modernizr and some unused related classes.
* Updated readme
* Minor updates to release script
* Do not buffer output from gunicorn (or taskd/mail containers that extend this one), useful when using print statements during dev
* Stop tracking ForgeGit/forgegit/tests/data/testgit.git/FETCH_HEAD file which changes values based on local machine when running tests
* Add a few helpful notes for Docker installation, move login info to Post-setup section so Docker installers see it too
Version 1.4.0 (April 2016)
Upgrade Instructions
To show a custom logo, update your .ini file with logo.* settings (see development.ini for examples)
To show custom header links, set global_nav in the .ini file
New Features
* [#7919] [#7920] New admin nav bar
* [#5940] Add options for site logo and links in header
* [#8023] [#8024] Site notification admin interface
* [#6662] [#8051] Add attachments to Export
* [#7987] Standardize fenced blocks in markdown
Bug Fixes & Minor Improvements
Code Repositories:
* [#8029] Submitter should be able to reject merge request
* [#8042] Better handing of tmp dirs during merge
* [#8072] Change "asked you to merge" text
* Remove .ts from list of known binary extensions; allow repo settings to override binary blacklist
* Encode username for git
Wiki:
* [#7998] Adding attachment to wiki loses your text changes
Tickets:
* [#7929] Enable voting on tickets by default
* [#8069] Ticket search error: undefined field assigned_to
* [#8061] Attachments not visible if ticket status is 'pending'
Blog:
* [#4153] RSS feed for blog should not show revisions or deleted posts
* [#8031] Show blog search box
Admin:
* [#7145] When deleting a tool, the solr call should be a bg task
* [#7682] Add confirmation dialog to award/awardgrant delete
* [#8020] Easy way to view all posts from a certain user, and flag as spam
* [#8033] create-allura-sitemap.py broken
* [#8037] Change "Label" admin option to "Rename"
* [#8057] Handle user-projects better in project delete form
* When deleting a user project, actually do it - not just disable the user
General:
* [#4849] Pages are more printer-friendly
* [#7978] Activity page fixes
* [#8003] Bugs in attachments to comments
* [#8005] Subprojects not checked for 'deleted' flag
* [#8010] Markdown editor does not load when url hash contains slashes
* [#8013] New Users should not be displayed in /u/wiki/home until email is verified
* [#8036] Update modal css (simple-flat-dark)
* [#8046] Don't duplicate titles on neighborhood pages
* [#8066] Don't error out on missing users
* Add login redirect to the nav "Log In" link
* better tool descriptions
For Developers:
* [#7907] Use standardized solr installation
* [#7921] Remove old tool configuration page
* [#8032] Set up primary emails for test users (paster setup-app)
* [#8034] Fire event for any menu changes
* [#8035] Finalize frontend eslint/jscs setup
* [#8038] Support mongo 3.x
* [#8039] Change jslint to use an npm tool instead of java
* [#8041] Update regexes to match DNS host rules better
* [#8044] API for current site notification
* [#8047] Akismet filter needs to send original metadata when reporting spam/ham
* [#8054] Remove Google Code importers
* Add audit log messages to disable_users.py script
* Docker fixes
* Add clear_user_data and from_username helper methods
* Add guardfile for livereload of frontend changes
* Delete bootstrap tasks instead of running them; 30-40% speedup in test run time
* new admin APIs, new _nav.json param
* remove AdminModal widgets, use JS directly
* remove sidebar_menu_widgets and admin_menu_widgets, using JS directly instead
* upgrade existing react code to 0.14
* better calculation of tool/subproject ordinal values when installing
Version 1.3.2 (December 2015)
Upgrade Instructions
To enable faster commit views, by skipping copy detection, update the development.ini file to set
scm.commit.git.detect_copies and scm.commit.hg.detect_copies to false.
New Features
* [#6797] Move API docs from sf.net wiki to RAML. Browse at https://forge-allura.apache.org/p/allura/rest-api-docs
* [#7922] Add "admin" section to the left sidebar of all tools
* [#7924] Update icon set to FontAwesome
* [#7999] Admin page to really delete projects
* [#8004] Cleaner project nav, tool icons removed
* [#7955] Add more formatting support to markdown editor
Security
* [#5694] Set max limit on limit param
* [#8011] Served SVG images can execute JS
Bug Fixes & Minor Improvements
Documentation:
* [#7957] Document how to run allura with gunicorn/uwsgi/mod_wsgi
* [#7995] Some docker config & doc improvements
Tickets:
* [#7911] Remove "bin" terminology from saved searches pages
Code Repositories:
* [#7403] [Allura|Bug] - Typo found in initial Git command description.
* [#7538] If diff is empty, it shouldn't show "empty file" [ss7532]
* [#7913] Handle parsing of the output from git 2.4.0+
* [#7925] Speed up diff processing with binary files
* [#7963] Speed up commit view by disabling copy detection with option
Blog:
* [#7822] Should not show draft blog post changes in activity stream
Wiki:
* [#7871] Send email notifiction on wiki page delete
Admin:
* [#7923] Left sidebar should show appropriate links when viewing tool options
General:
* [#7943] Limit the "_discuss" results from the tickets api.
* [#7948] Cursor position often wrong in new markdown editor
* [#7950] Markdown editor should have max height
* [#7970] Expand urlopen retry conditions
* [#7994] Fix comments split across two threads, not all comments showing
* [#8016] Dialog 'cancel' link in wrong place
Other:
* [#7946] Error setting channel in Chat's options
* [#7953] API endpoints error when using access_token as URL param
* [#7984] Fix layout at bottom of subscriptions page
* [#7990] Change link on new_projects admin page
* [#7997] image attachments visible on posts (replies) awaiting moderation
* [#8007] Broken icon images when running under gunicorn
* [#8014] Bug: removed upsert() method needed by TracWikiImporter
* [#7959] Need to set focus when phone validation overlay appears
* [#7960] clean_phone_number function is too eager to prepend 1-
* [#7969] Option to force phone validation language
* [#7979] Phone validation interfering with project import
* [#7991] Option to limit phone validation usage
For Developers:
* [#7976] JSX and ES6 support, via Broccoli toolchain
* [#8026] Remove jquery.file_chooser.js
* [#8027] Fix licensing of several files
* [#7964] test_merge_request_detail_view fails (intermittent)
* [#7980] Fix pep8 and pyflakes violations
* [#8015] Activitystream needs ming config option
* [#8028] Use virtualenv inside docker
Version 1.3.1 (August 2015)
Upgrade Instructions
To enable CORS headers for the rest APIs, use the cors.* settings in the development.ini file.
If you have your own .ini file, enable git tag & branch caching speedups by setting: repo_refs_cache_threshold = .01
New Features
* [#5943] Post-setup instructions
* [#6373] Document administrative commands
* [#7897] Live syntax highlighting for markdown editing
* [#7927] Allow CORS access to rest APIs
* [#7540] Ticket notifications should include links to attachments
Security
* [#7947] XSS vulnerability in link rewriting
* [#7942] In project admin - user permissions, removing a custom group needs to use POST
* [#7685] Subscribe/unsubscribe action should use POST
Bug Fixes & Minor Improvements
Tickets:
* [#4020] Date picker in milestone editor doesn't flip between months
Wiki:
* [#4802] Wiki edit link is not very discoverable
* [#7310] "Maximize" should stick
Code repositories:
* [#7873] Git branch & tag speedups -- NEEDS INI
* [#7894] Don't update merge request timestamps incorrectly
* [#7932] Fix pagination issue in the commit browser
* [#7899] Issue with downloading files from repo with spaces in name
* [#7906] Fix login check on ApacheAccessHandler.py
Forums:
* [#7880] Forums mail not getting sent that require moderation
* [#7930] Bug: viewing a thread updates project mod_date
Project Admin:
* [#7884] Move add/edit Features to Metadata section
* [#7885] Tooltip for project admin
* [#7898] Icon upload/edit is not clear
General:
* [#7803] Fix taskd_cleanup to search for right process name
* [#7889] Improve markdown logic for cached vs threshold limits
* [#7890] Neighborhood cache preventing saving admin changes
* [#7916] Error when handling user-profile URLs of users with invalid names.
* [#7928] Site admin search tables can overflow the page width
* [#7903] No mention about small letters in user registration
* [#7909] Use dashes when suggesting project shortnames
* [#7915] Move Allura installation instructions into the docs
For Developers:
* [#7809] Update install/docker to ubuntu 14.04
* [#7891] Remove zarkov integration code
Version 1.3.0 (June 2015)
Upgrade Instructions
* Run: cd Allura; paster script development.ini allura/scripts/trim_emails.py
New Features
Webhooks:
* [#4542] Implement webhooks
* [#7832] APIs to manage webhooks
* [#7829] Webhooks documentation
Merge requests:
* [#7830] One-click merge
* [#7865] Config options to disable one-click merge requests
* [#7866] Run can_merge in background, and cache results
* [#7882] Option to use a tmp dir for git ops on merge request view
* [#7872] Show markdown preview/help buttons for merge requests
Phone verification:
* [#7868] Phone verification system
* [#7881] Clean up phone numbers before using them
* [#7887] Better messaging for phone validation
Other:
* [#7806] Create a docker image for Allura
* [#7886] Config options to limit ticket & wiki page creation
* [#7840] Support Authorization header for OAuth
* [#7633] API for has_access
* [#6057] Adding an external link should be one step, not two
* [#7850] Ability to close discussion on a ticket
* [#6107] Disable email posting for the forum? [ss3579]
Security
* [#7786] Invalidate pwd reset tokens after email change
* [#7893] CSRF checks don't work on login
Bug Fixes & Minor Improvements
Tickets:
* [#6017] Should show attachment changelog when ticket gains an attachment
* [#5467] Create Issue Button Should Always Appear (Only possibly refer to an explanation for why it was disabled).
* [#7834] Bug: viewing a ticket updates its 'updated' date
* [#7874] UnicodeEncodeError on ticket attachment diff
Code Repositories:
* [#7837] Use repo directly instead of DiffInfoDoc
* [#7843] Handle quotes in filenames on commit view
* [#7857] Retry svnsync repo clone failures
* [#7825] Update "new commits" email template
* [#7836] Merge request shows 0 commits, if upstream has new commits
Wiki:
* [#7841] wiki code to not show delete authors.
User Profile:
* [#7072] User can't access personal subscriptions page [ss6565]
* [#7833] Trim emails before saving them to mongo NEEDS SCRIPT
Tools Configuration:
* [#7817] Replace "mount point" field with URL field, on tool creation forms
* [#7820] Validate URLs when configuring external link tool
Importers:
* [#7864] Error on google code import with paginated comments
* [#7854] Decode html entities in importers; and make taskd easier to debug
Activity Stream:
* [#7823] Commit activity is assigned to wrong person
* [#7082] Filter deleted, unmoderated, or spam artifacts from Activity Stream
* [#7888] has_activity_access/deleted error
Administration:
* [#7892] script/task to disable list users
For Developers:
* [#7827] Upgrade jQuery to latest version
* [#7835] Update theme for the documentation.
* [#7855] Upgrade docutils, Pygments and Babel, so docs can be built easily
* [#7869] During tests, apply patches only once
* [#7870] Clean up .ini files
Other:
* [#1731] Cannot delete a post, after deleting its parent
* [#7852] Don't update mod time when viewing artifact creates a cache
* [#7856] Error looking up user by email address when email is invalid
* [#7876] projects macro display_mode=list is missing CSS
Version 1.2.1 (February 2015)
Bug Fixes & Minor Improvements
* [#5726] RSS feed for discussion stopped 12/13/2012? [ss2637]
* [#6248] long lines in markdown lists get truncated on the right [ss4073]
* [#7772] Type text is splitted in more lines if separated by spaces in bulk edit
* [#7813] Handle uppercase in email address all the time
* [#7815] KeyError: 'name'
* [#7808] Check for wiki presence before importing it
* [#7831] Logout issue
Administration:
* [#7816] Show/manage user's pending status
* [#7821] More accurate audit logs when changing user's status
Performance:
* [#7824] Cache neighborhood record
For developers:
* [#7516] Timing may case test_set_password_sets_last_updated to fail
* [#7795] test_version_race fails occassionally
* [#7819] New email address lookup helpers fail on None
Version 1.2.0 (December 2014)
Upgrade Instructions
* Edit Allura/development.ini and set: activitystream.enabled = true
* Run: mongo allura scripts/migrations/030-email-address-_id-to-email--before-upgrade.js
* Run: mongo allura scripts/migrations/030-email-address-_id-to-email--after-upgrade.js
* Run (optional): mongo allura scripts/migrations/030-email-address-_id-to-email--cleanup.js
* Run: cd Allura; paster ensure_index development.ini
* Run: cd Allura; paster script development.ini ../scripts/migrations/031-set-user-pending-to-false.py
* Run: cd Allura; paster script development.ini allura/scripts/remove_duplicate_troves.py
New Features
* [#7097] New profile page design
* [#7156] Turn on activitystreams by default
* Admin page to search for projects
* Admin pages to search, view, and edit user details
* [#7524] User audit trail, for site admins
* [#7593] Allow site admins to add user audit entries
* LDAP improvements
* [#7409] Configurable max & min password lengths
* [#7432] Password expiration
* [#7451] Remember me option on login
* [#7372] Allow users to disable their own accounts
* [#2286] Ability to restrict tools per neighborhood
* [#4019] Add an easy way to filter ticket queries by open/closed without knowing Solr syntax
* [#4905] button to subscribe to a wiki
* [#7134] Added option to allow overriding repo clone URL
* [#7381] Google code importer should handle Apache-Extras/EclipseLabs projects
Removed functionality:
* [#1687] Remove pre-oauth API keys (use OAuth now)
* [#7013] Remove broken openid support
Bug Fixes & Minor Improvements:
* [#4602] Artifact links to closed tickets should have strikethrough
* [#4987] Artifact links within a tool should match within tool first
* [#4703] "Related" artifacts should indicate project/tool if referencing other project
* [#6305] Merge email notifications when possible
* [#7213] Discussion edit/reply non-functional in IE11 (at least)
* [#7378] RSS feeds shouldn't include comments held for moderation
* [#7679] project admin listings should not include disabled users
Users & Authentication:
* [#6677] User profile's list of projects is slow to build
* [#5414] Typo on user prefs page
* [#3815] return_to field not created in LoginForm
* [#7085] error on activity rss feed for users
* [#7164] Make activity widgets show 5 items if possible
* [#7410] Show more info in password recovery flow
* [#7436] /auth/preferences cleanup
* [#7452] Require an email address be verified before it is set as primary
* [#7480] Track last session info
* [#7484] OAuth app names don't need to be globally unique NEEDS ENSURE_INDEX
* [#7492] Clean up incomplete sentence in activity feed
* [#7523] Better to go to /auth/preferences after email addr verification
* [#7526] Fix mail headers in email verification email
* [#7527] Email address associations need better user associations NEEDS MONGO MIGRATION
* [#7543] Password recovery should not confirm email addr existance
* [#7545] return_to param should be validated for relative URLs
* [#7585] Require password entry for changes to email settings
* [#7635] Add autofocus to login form
* [#7636] Fix forgotten pwd link on login overlay
* [#7688] Redirect to password expiration page after login
* [#7704] Option to require email for user registration NEEDS MIGRATION
* [#7715] Handle + in email address url params
* [#7717] Better existing email addr handling
* [#7732] Be able to use secure cookies and SSLMiddleware
* [#7756] Ensure user always go to pwd expired form, when expired
* [#7759] After resetting pwd and logging in, don't redir back to pwd reset form
* [#7761] Disabling a user does not remove/disable his primary email
* [#7787] Ldap error when logging in with unicode in username or password
* [#7794] "Page Size" preference must actually affect pagination
* [#7799] Changing password should invalidate other sessions
Admin:
* [#5939] Missing icons on permission edit page
* [#6495] Screenshot admin UI improvements
* [#6834] Inconsistent display of new user in Permissions
* [#6949] Error on export: artifact ref and cleanup
* [#7014] Trove category editing improvements
* [#7075] Screenshot macro incorrectly includes text about sorting
* [#7275] Add users broken in IE11
* [#7293] Create Trove Category browse page
* [#7347] Add URL and comment fields to AwardGrant
* [#7351] When export control is True, it always records a change in the audit log
* [#7613] Integrate sortable.js to the new_projects page
* [#7675] Fix error when deleted permission group is still referenced
Code Repositories:
* [#5175] Merge requests should have a good <title>
* [#5176] Merge requests should show the date
* [#6164] Ability to edit merge requests
* [#6301] Track changes to merge requests
* [#6902] Merge request to branch list commits against master
* [#7295] Bigger text inputs for merge requests
* [#5472] JS spinner uses a lot of CPU
* [#5700] Replace "git branch --set-upstream" with "git branch --set-upstream-to"
* [#5769] Can't select code via double- or triple-click
* [#6764] Git test failures on 1.8.3
* [#7021] Handle pgp-signed git commits
* [#7051] 500 error with large number of repos
* [#7069] unable to view/process merge requests when fork is deleted