Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
branch: hotfix-2013.10…
Fetching contributors…

Cannot retrieve contributors at this time

990 lines (927 sloc) 61.107 kb
train-2013.10.23:
* Add support for new 'goldilocks' API: #3961
* Allow applications to define additional claims inside assertions: #2910
* Massive overhaul of logging to enable unified metrics: #3529
* Add metrics to measure well-known lookup: #1704
* Add metrics to count email verification: #3528, #3920
* Fix double-count problem with sign_in roundtrip metrics: #3970
* Enforce loggedInUser type inside navigator.id.watch: #2647
* Update various npm dependencies: #3981, #3972, #3973, #3989
* Remove zerigo from deploy script: #3984
* Simplify app routing: #3980
train-2013.10.09:
* Get Persona working on IE11: #3593
* Remove obsolete localstorage fields: #3855
* Refactoring and visual tweaks: #3940, #3712
* Bump awsbox version to 0.6.2: #3942
* Don't bother parsing include.js if native support exists: #3924
* Email tweaks: #3957
* Improve documentation: #3923, #3963
* Fix a win32 paths-with-spaces bug: #3962
* Fix an intermittent broken test on linux+ node > 0.10.16: #3912
train-2013.09.25:
* RP Branded verification emails - if a site declares siteLogo and backgroundColor, verification emails will be styled with those instead of Persona branding: #3857
* Fix iOS7 users being logged out on RP page refresh: #3914
* Fix certs being requested from the fallback IdP for addresses that are suppored by primary IdPs: #3625
* Always decode the returnTo URL before redirecting users: #3906
* Use Fira Sans as the default font for FirefoxOS: #3885
* Update awsbox to use Route53 and node 0.10.x by default: #3901, #3908
* Update vows to fix Selenium on node 0.10.x: #3900
* Update winston to work with node 0.10.x: #3893
* Update package.json with license, author, homepage and description: #3881
* Update Ubuntu setup instructions: #3910
* Code cleanup & refactoring: #3880
train-2013.09.11:
* Add support for experimental_emailHint - pre-fill email input box or pre-select an email address when dialog opens: #3843
* Fix backgroundColor color clash with text color: #3837
* Add support for "one time certs" - if a user has not selected "Yes" to "Is this your computer", clear cert as soon as it is used to generate an assertion: #3840
* If user has no email addresses after sync, sign them out: #3820
* Ensure only one GET request to a URL can be in flight at a time: #3877
* Upgrade to qunit 1.12.0 to ensure all exceptions are caught in frontend unit tests: #3836, #3839
* Remove window.unload event from KPI event stream: #3864
* Improved logging/test reporting: #3862
* Add MPL2 license header missing from some files: #3875
train-2013.08.28:
* Add redirect flow, fixing Persona on Chrome for iOS and Windows Phone: #2034
* Ensure ToS/PP links are legible for any backgroundColor: #3725
* Add Webmaker example RP, replacing Times Crossword app: #3716
* If an unverified user was created via an allowUnverified RP, ensure that user can sign into non-allowUnverified RPs: #3811
* Update mobile button styles to match FXOS style guide: #3635
* Add MPL2 license header missing from some files: #3715
* Update lockdown version: #3303
* Fix duplicate key in unit tests: #3808
* Visual tweaks: #3636, #3814, #3813, #3765
* Copy tweaks: #3823, #3833
train-2013.08.15:
* Relax restrictions on siteLogo - allow siteLogo from any https URL or image dataURI: #3705, #3743
* Allow CSV list of platforms when running Selenium tests: #3748
* Fix mobile layout of unsupported_dialog and cookies_disabled: #3783, #3784, #3785
* Record frontend test details in a temp file when run from Selenium tests: #3780
* Fix "noSuchWindow" error for new Chrome Selenium driver: #3683, #3788
* Fix invalid CSS: #3765, #3791
* Ensure include.orig.js is available on the staging and production servers: #3212, #3795
* Refactorings and other improvements: #3751, #3683, #3750, #3758, #3759, #3788, #3774
train-2013.07.31:
* Nicely warn primary IdP users that third-party cookies must be enabled: #3520
* Update copy and design of persona emails: #1935
* Fix bugs in onmatch and oncancel callbacks: #3701, #3170, #3463
* Properly handle primaries when entered with uppercase initial letter in domain: #3728, #3741, #3739, #3729
* Improvements to the dialog flow: #3708, #3689, #3609, #3671, #3691
* Visual tweaks: #3668, #3677, #3668, #3573, #3662
* Test improvements: #3733, #3720, #3719, #3665
* Refactorings and other minor improvements: #3694, #3740, #3666, #3695, #3718, #3697, #3630, #3670
train-2013.07.17:
* Simplify tooltip copy and replace tooltips with inline notifications: #3154, #3607
* [FXOS] Make TOS/PP links same size as surrounding text: #3634
* Ensure dialog hides the 'checking with your email provider' screen after that check completes: #3638
* Remove eval() from i18n workflow by passing i18n-abide .js, not .json files: #3672, #2501
* Fix lockdown & rpm build errors by bumping i18n-abide version number to semver-compatible string: #3658, #3639
* Refactor xhr code into a module, removing global state, and squashing an intermittent unit testing bug: #3647
* Prevent Chrome from logging spurious KPI errors by aborting in-flight xhrs on page unload: #2423, #3618
* On each Travis-CI run, record linux, mysql, and phantomjs versions for future reference: #3626
train-2013.07.03:
* [FXOS] Add support for primary IdPs to FirefoxOS: #3572, #3592, #3566, #3567
* w00t! Enable RP dialog custom branding with new parameter, 'backgroundColor': #3589
* Add Spanish translation of TOS/PP & infrastructure to support additional TOS/PP l10n: #3604
* Fix another occurrence of 'native' causing problems on old Android: #3595
* Display RP name, not 'undefined', in primary-upgrade dialog screen: #3621
* If reporting a custom error type to KPIs, use a meaningful field: #3584
* Redefine 'undefined' in case the underlying page broke it: #3598
* If a domain has transitioned between primary/secondary, don't reuse the old cert: #3515
* If a primary can't be reached, don't cache this result--let the user immediately retry: #3155
* Adjust caching headers on dynamically-generated pages to force revalidation: #3547, #3582
* Add 90 day future expires header to favicon.ico: #2482
* Redirect legacy endpoints /signin, /signup, /forgot to homepage: #3467
* Improve Travis-CI docs: #3599
* Add SIGINT handler, so interrupted Selenium tests immediately dump useful output on POSIX systems: #3570
train-2013.06.19:
* Correctly transition users from primary IdP-based to fallback IdP-based accounts: #3551
* Bump version in package.json and add additional metadata: #3555
* Don't use Array.prototype.indexOf, as it's missing in IE8: #3548
* Improve script used to inspect contents of localstorage: #3542
* Ensure all expected KPI fields are present: #2280
* Refactor code that handles transitions between primary and the fallback IdP: #3517, #3543
* Improve KPI usage metrics by counting users who only open the Persona dialog once, and don't complete registration: #3306
* Avoid using ES3 reserved word 'native', it offends Android 2.2: #3522
* [FXOS] Add FXOS user-agent string to list of browsers recognized by KPI (client-side usage metrics): #3373
* [FXOS] UI tweak to avoid FXOS popping an error toolitp prematurely: #3502
* [FXOS] Ensure tooltips are rendered on screen, specifically on FxOS: #3496
* Serve P3P headers to IE, bringing its third-party cookie behavior in line with other browsers: #2340, #3417
* Move saucelabs Selenium tests to newer versions of browsers: #3510
* Add a new example RP for local testing of navigator.id.get: #3507
* Update terms of service to indicate that educational and government use of Persona is generally ok: #3509
* Better support RPs by console.logging, not swallowing, errors thrown by RP page inside watch() callbacks: #3374
* Improve backend test stability by delaying daemon shutdown: #3465
* UI tweaks: #3426
* Upgrade to awsbox 0.4.5, with improved security and error handling: #3483
* Show client local timestamp on dialog error screen: #3478
train-2013.06.05:
* Fix primary IdP support on FirefoxOS: #3461
* Allow firefoxos.persona.org & login.persona.org to force issuers: #3382
* Allow TOS/PP pages to be served over HTTP, not HTTPS: #3469
* Configure ephemeral instances to send KPI data to a kpiggybank server they can reach: #3471
* Updates to make persona compatible with node 0.10.x: #3482
* Fix typo in verify-assertion script: #3449
* Fix new_user KPI gathering for two scenarios: #3359, #3459
* namely, new FirefoxOS users and users who bail at the 'set password' step
* Refactor & simplify handling of primary users in dialog: #3184
train-2013.05.22:
* fix persona in ActiveX-based browsing environments: #3383
* performance improvement: prefetch resources in communication iframe: #3273
* test fixes: #3389, #3385, #3411, #3424
* ui improvements:
* make spinners spin: #3394, #3342
* fix error/wait/delay screen transparent background: #3393
* improved spinner styling: #3404, #3349
* set password input width fix: #3409
* buttons use available space: #3407
* TOS/PP display fixes: #3413, #3442
* fix white screen when clicking through invalid verification links: #3362
* many general UI improvements for mobile: #3410
* focus email address input on dialog startup: #3424
* ensure buttons are re-enabled when appropriate: #3431
* change mobile font to Feura Sans: #3430
* fix users unable to sign out: #3386
* detect when dialog closes even if on a IdP's page: #1773
* IE8 no longer buries dialog: #3423
train-2013.05.08:
* SCHEMA CHANGE: the user table gained an integer field: auth
* CONFIG CHANGE: in production we need "forcible_issuers": [ "login.persona.org" ]
* FirefoxOS specific changes and features:
* experimental_forceAuthentication feature to force re-authentication: #3312
* experimental_forceIssuer feature to disable federation
* experimental_allowUnverified feature to support "unverified" email addresses.
* Show the Persona TOS/PP in the dialog without headers and footers when experimental_inlineTermsOfService is specified: #2905
* Test improvements: #3310
* Fixes to the key performance indicator mechanism: 3319
* Mobile styling improvements (motivated by FirefoxOS): #3341, #3343, #3355, #3350, #3352, #3354
* Fix an issue where slow database replication could block primary logins: #3309
* Require a password reset when too many failed password attempts are made: #2656
* Don't reset sessions to ephemeral duration after email verification: #3336
* (hotfix 2013.05.14) verifier parameters for forceIssuer and allowUnverified now have an experimental_ prefix
train-2013.04.26:
* up to 25% performance improvement on mobile (delayed loading of crypto code): #3060, #3287
* when user is verifying email, show nothing on persona.org, just verify and redirect: #2871
* better handling of disabled 3rd party cookies: #2308, #2999
* _experimental_forceAuthentication flag added to support FirefoxOS: #3235
* add explicit cache headers on .well-known/browserid #3249
* "internal" api improvements for FirefoxOS: #3238
* main site now uses the dialog: issue #900
* UI improvements:
* improve readability of nav links in the header nav: #3223
* better display of "this is not me" button in non-english locales: #3250
* refine button content and organization on login.persona.org: #3196, #3197
* dialog no longer steals focus on FF/linux/gnome: #3211
* Code/infrastructure improvements:
* ignore specific selenium tests with a command line option: #3259
* helpers.log() function now takes handles multiple arguments: #3237
* remove issue assignment round-robin script, obsolesced by process improvements: #3205
* remove dep. on node-inspector: #3268
* remove confusing console output during frontend tests: #3290
* better error reporting to KPI: #3302
* make it harder to poison user caches during deployment #3315
train-2013.04.12:
* Key Performance Indicator (anonymous metrics) improvements: #3148
* l10n fix - "Removing the last email..." string now translated: #2492
* UI improvements:
* dynamic scaling of "is this your computer" button: #2066
* fix double escaping of website name: #3173
* fix flash of wait screen on IE8/9: #2618, #2492
* (mobile) shrink footer text on mobile: #3129
* Improve frontend code versioning (to detect frontend/backend code mismatch during deployment): #3125
* Fix npm install errors related to automation test dependencies: #3160
* Keyboard accessibility improvment - allow tab from email/password to submit button: #3079
* Potential server performance improvement: don't use the node.js global connection agent anywhere: #3217
* Test improvements:
* improve usage of selenium test runner: #3204
* Add KPI load testing documentation: #3203
* Add a script to post an assertion to a verifier and check response: #3209
* Improve check_primary_support script: #3185
train-2013.03.29:
* Improve privacy policy! Clarify that we don't retain a list of sites users visit, plus other tweaks: #2922
* Mozilla Persona: respecting users' privacy since 2011 <3
* Refactor network.js and user.js to separate user state from network code: #3134
* Remove unused winchan code from communication_iframe, saving space: #3109
* Tweak background image URLs to prevent 404s on IE8: #1736
* Update connect-fonts-opensans dependency, fixing local font lookup on Mac OS: #3113
* Fix HTML double-escaping on cookies_disabled dialog screen: #2979
* Ensure KPI doesn't lose info gathered prior to session_context firing: #3104
* Add logging for KPI backend responses: #3100
* Test improvements:
* split out local selenium configs and use platform-agnostic browser identifiers: #3118
* enable local simultaneous selenium testing with multiple firefox binaries: #3138
* automation-tests README enhancements: #3117
* (hotfix 2013.04.01) remove build of automation-tests due to error messages in build: issue #3160
* (hotfix 2013.04.03) [dev,train-2013.03.28] expired certificates are not being invalidated. #3153 (on right branch now).
* (hotfix 2013.04.03) After verifying email addition, original dialog does not sign user in and close. #3172
* (hotfix 2013.04.03) [signin] - dialog does not close after verifying second secondary address when logged in with primary. #3178
train-2013.03.15:
* When a user types an email, it's no longer case sensitive: #3078, #2891, #2866, #2049, #2551, #1104
* IDP API improvment - .raiseProvisioningFailure() requires no specific string argument: #2339
* internal_api (for embedding) should not require callbacks to have curry() method on prototype: #3067
* speed improvment - 8% reduction in resources loaded by sites using .watch() - #3060
* Test improvements:
* better error messages from automation test runner: #3095
* all tests npm depndencies are installed at top level npm install: #3084
* list of platforms we run on saucelabs harmonized with documented names: #3072
* Infrastructure improvments:
* load testing improvements for testing KPI mechanisms: #3064
* generate include.js more frequently: #3061
train-2013.03.01:
* Remove rollback code for new, improved password reset flow: #3018
* Fix double-escaping of RP site name in dialog: #3007
* Add optional onmatch callback to id.watch, fired if the browser's state matches loggedInUser: #2648
* Aid new RP debugging by throwing an error if nav.id.request is called before nav.id.watch: #3023
* Split include.js to enable one winchan/jschannel to be used everywhere: #3056
* Test improvements:
* Fix reference error in front-end unit tests: #3032
* Re-enable remove-email selenium test: #3046
* Add unit tests to ensure fonts are served OK: #3052
* Add KPI to load-gen: #3042
* (hotfix 2013.03.15) fix certificate re-provisioning for primary email addresses: #3091
train-2013.02.15:
* convert to optimized locale-specific fonts - 50% reduction in resource footprint: #2996
* upgrade toobusy to repair win32 support: #2978
* improve language for account cancel confirmation: #2462
* logging improvements: #2985
* test improvments: #2994
* add new APIs to prepare for improved reset flow: #1232, #2937
* increase STS to allow for better load performance in firefox (HSTS preload): #2903
train-2013.02.01:
* Improve handling of optional configuration (proxy_idps): #2790
* Code cleanup (tooltips): #2762
* Only show ToS/PP when needed: #2669
* Improve determination of current software version:
* Fix bad UX when enters short password on email verification: #2943
* Increase Strict-Transport-Security max-age:
* Image optimization: #2957
* Improve script portability: #2537
* Test coverage and fixes: #2920, #2963, #2968, #2974, #2973
* Logging cleanup: #2967
train-2013.01.18:
* upgrade to node.js 0.8.17
* metrics (KPI) improvements: #1931
* code cleanup: #2825, #2762
* test improvements: #2745, #2832, #2828, #2846, #2857, #2807
* fix non-functional cancel button when email provider is broken: #2839
* fix bug in verifier where if default port is provided verification would fail with 'port mismatch': bug 820446
* fixes related to gracefully handling of email providers implementing or removing persona support: #2840
* added debugging scripts: #2880
* update to newer versions of dependencies: #2893 #2911
* eliminate innocuous but annoying 500 errors when bogus URLs are requested: #2887
* fix bug where users cannot delete accounts when staged but unverified emails exist: #2919
* Allow logout to be called before .request or .watch: #2529
* Blocking requests when the server is too busy: #2722
* improvements to load generation utility
* fix one wrong password blocking user from verifying email in different browser: #2943
train-2012.12.07:
* persona now handles gracefully (UX and code) when email providers implement or remove support: #2606, #2607, #2608, #2678, #2404, #2688, #2674, #2717, #2770, #2779, #2794, #2795, #2836, #2834, #2839, #2838
* email provider may place 'disabled: true' in support doc to disable persona support: #2687
* allow email providers a "grace period" when they go offline where we will not step in and issue certs: #2689
* piles of automated test improvments: #2740, #2699, #2741, #2784, #2768, #2805, #2817, #2819
* KPI improvements, measure dialog startup time: #2557
* trim whitespace from typed in emails: #2781
* unit test improvements: #2759
* dump more environmental information at process start: #2800
* CEF logging: #2799
train-2012.11.23:
* New selenium tests authored in node.js merged.
* Verifier rejects requests that don't supply a proper hostname: bug #806577
* (hotfix 2012.12.03) nodejs version in .spec file >= 0.8.12
* (hotfix 2012.12.05) when an email is re-staged, ensure the latest password is used: issue #2822
train-2012.11.09:
* code cleanup, including jshinting of source and code coverage: #2643, #2272
* principal domain now supplied as a query argument when fetching .well-known documents: #2565
* embedded IE running in compat mode (like in Lotus Notes) now works for email verification: #2566
* (hotfix 2012.11.15) focus email field when dialog loads: #2711
* (hotfix 2012.11.28) browserid.spec designates wrong version of nodejs: #2791
train-2012.10.26:
* Upgrade to Node.JS 0.8.12
* Fix redirect to /signin after email verification & unneeded password prompt: #1682
* Improved handling of uncaught exceptions: #2440
* Enable debug mode in development: #2175
* Fix regression: ephemeral deployments properly serve static resources: #2588
* Repair email delivery: #2589
* Image optimization: #2596
* Fix race conditions in internal.get() API: #2580
* Dialog startup performance improvments: #2604, #2624
* Now compatible with Firefox Password Manager: #314
* Test fixes: #2619, #2632
* Update lockdown: #2572
* Improved user-facing language: #2600
* .well-known fetch timeout shortened to 8s: #2603, #2636
* "Dynamic well-known" support: upon fetch of .well-known, domain of email address passed as a get parameter: #2078
* Fix class of sporatic dialog stalls at "Connection to Persona": #2629
* Fix regression: "Dialog fails to show authenticate screen on Android": #2638
* Fix regression: siteName not being displayed in dialog: #2634
* (hotfix 2012.11.05) fix missing CONTRIBUTORS and renaming of en-US: #2682
train-2012.10.12:
* Fix IE failing when authenticating with IdP from main site's /signin: #2287
* Added CONTRIBUTORS file, served as /humans.txt: #2411
* navigator.id.logout() with callback issues deprecation warning: #2427
* About page screenshot updated: #2469
* Updated versions of dependencies: #2563, #2571
* Visual fixes: #2457, #1566
* KPI changes (rp_api): #2484
* Pre-compile client side templates, remove eval() calls: #2394, #2502, #2517
* l10n fixes, default language is 'en': #1863
* Remove changelog snippets: #2378
* Improved error messages when JavaScript is disabled: #2309)
* Fix error when returnTo is empty or '/': #2515
* Code cleanup: #2515, #2523, #2359, #2510, #2511, #2558, #2579
* Check issuer for primary-address operations: Bugzilla 793579
* Language improvements: #2528
* "Internal" API improvements: #2561
* Accessibility improvements: #2541, #2543
* Fix static resources - served from static.login.persona.org: #2552
* (hotfix 2012.10.12) Fix processing of ejs templates to repair email delivery: #2589
* (hotfix 2012.10.25) Fix issue where sometimes dialog sticks at "Connecting to Persona": #2629
* (hotfix 2012.10.30) Fix API regression: onlogout fired when it shouldn't be: #2662
train-2012.09.14:
* Automated test improvements: #2364, #2429
* Allow siteName and siteLogo when using navigator.id.get: #2382
* If there is no saved site info in localStorage, redirect to the management page after verification is complete: #2388
* Fix the password being hidden if the user tabbed into the email field without typing any key besides tab: #2353
* Code cleanup: #2389
train-2012.08.31:
* Test/example code fixes: #2345, #2363
* allow id.watch() to be invoked from <head>: #2252
* KPI additions for reset password flow: #2281
* Improvements for developing on windows: #2263
* Code cleanup: #2347
* Documentation improvements: #2279
* Host sign-in button images on our service.
train-2012.08.17:
* Reseting your password now logs you out everywhere: #2026, #2307
* SCHEMA CHANGE: add TIMESTAMP lastPasswordReset to user table for #2026
* CONFIG CHANGE: default statsd to false
* Changes to allow devs to work on windows: #1751
* KPI refinements: #2061, #2176, #2203
* No email is selected by default for a site you haven't logged into on a device: #2059
* Logging improvements: #928, #2016
* URL length limits in frontend code: #2081
* UI improvements: #2087, #2023, #2082, #2132, #2120, #2187, #2200, #1565, #406, #1093, #1615, #2258, #1594, #2231
* Fixed javascript error in FFX 14 when resizing dialog: #2071
* IE8 fixes: #2190, #2206
* Mobile UI fixes: #2066, #1325
* Disable spell checking in email fields in iOS: #2116
* Language improvements: #2136
* All environments now on node 0.6.17, minimum required version raised: #2250
* Node.JS 0.8.x now continuously tested in CI environment: #2238
* Persona window now has a name "__persona_dialog" to simplify automated testing: #1023
* Added email headers for improved verification completion by non-humans: #2174
* Usability enhancements for "forgot password" screen: #1679
* Redirect an authenticated user from /signin or /forgot to / on main site: #2178
* Update jwcrypto with zero behavior change: #2204, #2226
* Documentation improvements: #2125, #2262, #1977
* Make sure navigator.id.get can be called with no options: #2216
* Automated (selenium) tests moved into repository at /automated-tests/*: #2235
* Code cleanup: #2213, #2227
* Addition of a command line utility to inspect your browser's local storage: #2243
* RPM build fixes: #2249
* API improvements (better error messages): #1438, #2255, #2228, #1659
* .getVerifiedEmail() deprecated: #2267
* add a permanent redirect from /signup to /signin: issue #2277
* lockdown our dependencies, keep checksums of .tgzs in repo: #2022
train-2012.07.30:
* Emails are prettier! They now include both HTML and Text versions: #1890
* (hotfix 2012.08.03) l10n fix, string extraction, email templates are moved: #2122
* (hotfix 2012.08.06) Fix IE8 not remembering you: #2183, #2218
* (hotfix 2012.08.09) Fix IE8 / secondary verification in same browser: #2206
train-2012.07.20:
* Introduction of "static" process which serves views and static resources: #1757
* Update account password recovery flow, no longer do we remove all emails upon password recovery: #1913
* API parameter validation on all API calls: #1526, #2001, #1981, #2042, #2032, #2057, #2121
* 'locale_directory' no longer a neccesary nor allowed configuration parameter
* Implement support for proxy IdP (a.k.a. BigTent): #2019, #2060
* Main site i18n - now persona is completely translated: #1862, #2075, #2093
* UI improvements: #1898, #1786, #1920, #1932, #1901, #1885, #1951, #1964, #1967, #1916, #1967, #2007
* KPI improvements: #1827, #1825
* Localization improvments, reduced dependencies and debugging locale works all the time: #1917, #1905, #1970
* Fix regression of fonts on windows: #1856, #1973
* Resource optimization: #1941, #1999
* Links to external sumo pages are language neutral: #1938, #2055
* Unit test fixes and improvements: #1958, #1948, #1783, #1916, #2011, #1986
* Fixes for node 0.8.x (production still on node 0.6.x): #1914
* Code cleanup: #1902, #1989
* Language improvements: #1960, #1167
* Opera 12 fixes: #1844
* Persona logos added to repo: #1974
* Fix error when KPIs are disabled: #1978
* For primary certificate provisioning, fail if the process takes longer than 20s: #1570
* Fix IE8 cookie check: #1982
* Log assertion verification failures: #2016
* Fix slow keyboard key press response on fennec: #2029
* Documentation fixes: #2064
* All resources should include license and links: #1655?
* Repair metrics, specifically counting of distinct sign_ins: #2040
* returnTo, siteName, and siteLogo only work with the observer API: #2086
* Fix regressions introduced during development: #2118, #2104, #2088
train-2012.07.06:
* refinement of all user facing language: #1889, #1905, #1675, #1923, #1925
* requiredEmail feature removed: #1760
* A new /about page #1768
* watch() parameter - loggedInEmail renamed to loggedInUser #1805
* persona ToS / PP now displayed in dialog: #1240
* fix cases where redirection to website after verification would fail: #1860
* clean up console messages: #1518
* load_gen cleanup: #1278
* user interface improvements: #1777, #1661, #1433, #1548, #1774, #1721, #1826, #868, #1517, #1093, #1892, #1928
* updates to "key performance indicator": #1667, #1730
* test improvments: #1794, #1875, #1883
* code cleanup: #1778, #1756, #1748, #1849, #1852
* font licenses added to source tree: #1820
* load time performance improvements: #1793, #1851, #1861
* improvments to email provider API ("primary"): #1502
* security improvments - better random numbers: #1788
* Fix Persona on Windows Metro: #1867
* Fix dialog layout when rendered in a native webview on iOS: #1517
train-2012.06.22:
* browserid.org now redirects to login.persona.org, all URLs are updated: #1743
* Websites can now provide their name and logo (requires SSL) to be displayed in the dialog: #1098, #1761
* A user is now sent back to the site they were visiting after verification (requires .watch() API): #385
* Fix .watch() API under IE8: #1637
* For dev and ephemeral deployments, move to awsbox, and new URLs: #1394, #1046, #1741
* Fix the scroll bar appearing on the main site's index page if it is not needed: #1693
* Clear the password if the user types a password then changes the email address: #1540
* New watch API now requires invocation with proper context (navigator.id.foo, not var foo = navigator.id.foo)
* Router fixes: #1713
* Serve fonts locally, don't pull resources from google: #1695
* Optimize images: #1747
* Fix flashes when verifying an email address: #1734
* Unit test added which runs jshint: #1731
* Fix submit occurring when selecting an email address in Firefox from the auto-complete list: #1780
* For KPI data, round timestamp to nearest 10 minutes, making correlation improbable: #1732
* Code cleanup: #1701, #1703, #1000, #1248, #1759, #1733, #1792
* Breaking API change: Persona now returns pubkey from generateKeypair to IdPs as a string
train-2012.06.08:
* rebrand from 'browserid' to 'persona': (including regressions #1711 #1706 #1716 #1719)
* new "router" process added - subsumes responsibility of old "webhead" process, handles all requets forwarding: #1657
* Support non-english passwords: #1631
* allow sessions to persist for 4 weeks after a user confirms ownership of a device (was effectively 1 week): #1632
* general code cleanup, removal of obsolete code, accidental globals cleaned up: #1645 #1681 #1699
* fix tab order on signup page: #1635
* minified include.js again has link to unminified source: #1624
* improve handling of uncaught exceptions (new statsd counter): #1558
* fix cachify stuff to allow multiple background images per css dec: #1652
* 50x error pages added to repo
* authenticated sessions are now 4 weeks: #1632, #1572
* improvements to KPI system: #1614 #1619 #1660 #1698
* UI improvements: #1684
* new secret debug menu added to dialog
* "silent assertions" (via observer api) now check cert expiry and don't issue invalid assertions
train-2012.05.25:
* many KPI improvements: #1597, #1613
* code cleanup: #1599, #1602
* verification links sent before deployment, should still work after - transitional code required by issue #1000: #1592
* repair load_gen: #1596
* fixes to mysql reconnection logic - processes can now reconnect while out of pool and only having /__heartbeat__ polled: #1608
* make "is this your computer" screen keyboard navigable: #1582
* when user types in wrong password while verifying secondary address (on different browser), show clear tooltip style error: #1557
* don't make a user type their password when not neccesary (adding secondary address to acct with only primary addresses): #1555
* perform rigorous checking of inputs to dialog from RP. (PR #1627, bug #747859)
* support new parameter names in .get & .request APIs: #1643
* perform rigorous checking of arguments returned from primary IdPs: bug #758449
train-2012.05.14:
* Password is now requested in dialog for new user signup: #1000, #290
* "Key Performance Indicator" system implemented, to be disabled pending review: #1546, #1567
* Improve error handling: #1227, #1495
* code and test cleanup: #1521, #1547
* ToS and privacy policy display regardless of cookie settings: #1514
* Integrated new version of jwcrypto: #1543, #1544, #1545, #1552, #1574, #1575
* Android 4.0 cookie fixes: #1542
* Proper error display in IE6 & IE7: #1529
* Allow mysql password to be specified in environment: #1560
* Fix occasional dropped click during sign-in on chrome: #1581
train-2012.04.27:
* Observer API updated, still experimental.
* A more responsive dialog design that scales to different screen sizes: #1101, #1317
* Improved consistency of links: #702, #1453
* Test improvements: #1246, #1437, #1488, #1464
* Allow underscores in email address domain and site origin: #1454
* Fixes to per site last-used-email state maintenence: #968
* Never ask a user if this "is your computer" in a session that involves email verificatino: #1446
* Remove placeholder text from change password inputs: #1461
* General cleanup: #1449, #1396
* Logging improvements: #1383
* IE visual improvements for error screens: #1485, #1390, #1496
* Improved checks for disabled cookies: #1418, #1484
* Fix bug where if user pauses for 2 minutes on "is this your computer" the generated assertion is invalid: #1460
* (hotfix 2012.05.07) upgrade to node.js 0.6.17 to mitigate risk of HTTP parser bugs - bug #752605
* (hotfix 2012.05.08) handle syntax errors in declaration of support better. bug #752721
train-2012.04.11:
* New BrowserID "Observer" API implemented in experimental status: #912
* Implement variable length sessions and explicit user confirmation to improve saftey on public terminals/shared computers: #884
* keysize is now 1024: #1293
* fix case where removing the same email address twice could cancel your account: #1123
* give user feedback after typing in email while we're checking the email provider for BrowserID support: #1290
* optimize javascript resources: #1351
* frontend tests only output failures: #1326
* documentation fixes: #1367, #1401
* logging improvements: #1327
* improve experience for users with cookies disabled: #1402, #1201, #1202, #1414
* use http status codes in verifier where appropriate: #1362
* improve password update in account manager screen: #1388, #1389
* developers link now points to MDN: #1397
* fix issues that were introduced while implementing the above features: #1349, #1348, #1354, #1357, #1374, #1399, #1400, #1408, #1395, #1406, #1405, #1390, #1391
* (hotfix 2012.04.12) return 400 rather than 500 for invalid params to stage_user or stage_email: #1429
* (hotfix 2012.04.12) fix broken string, "is this your computer" was broken into two fragments: #1425
* (hotfix 2012.04.16) fix API regression that would cause javascript error when .get() invoked without second arg: #1442
* (hotfix 2012.04.16) update load_gen to new server apis that require an `ephemeral` argument: #1436
* (hotfix 2012.04.17) fix broken reset password flow - button was non-responsive in dialog: #1440
* (hotfix 2012.04.17) mitigate errors seen when adding a secondary email to an acct with only primary emails: #1445
* (hotfix 2012.04.18) fix error where under certain conditions user could see an error immediately after authenticating: #1449
train-2012.03.28:
* work towards better user messaging for when cookies are disabled: #1167, #1302
* improved cache headers: #1331, #620
* error handling fix in frontend code: #1339
* new API: /wsapi/ping - used for server monitoring: #1324
* support email providers (with BrowserID support) with digits in their hostnames: #1284
* tools/build/dev env fixes: #1284
* (hotfix 2012.03.30) Fix regression where 304 responses to requests for IFrame HTML would have X-Frame-Options: deny, preventing loading of iframes #1353
* (hotfix 2012.03.30) ETag headers now vary by locale, fixes regression where switching between locales was broken #1364
* (hotfix 2012.04.10) more rigorous checking of email inputs to WSAPI
* (hotfix 2012.04.10) copy config/l10n-*.json to build directory
* (hotfix 2012.04.10) final 40 production locales merged: #1412
* (hotfix 2012.04.10) update l10n-all.json to have all locales (complete and in-progress) as well as en-US and db-LB
* (hotfix 2012.04.10) fix more rigorous checking of email inputs to WSAPI: domain checking of 'site' parameter was validating hostnames rather than domains.
* (hotfix 2012.04.12) fix /signup page on browserid.org: #1429
train-2012.03.14:
* BrowserID now speaks Bulgarian
* Fix regressions related to ToS/PP feature (#841): #1303
* Fix regressions related to improved email selection on iOS (#1133): #1304
* "delegation of authority" implemented: #1271, #864
* visual improvements: #403
* improved algorithm for finding best language for a given user: #1128
* frontend tests now run on every commit under travis-ci: #635
* improve the way that .well-known/browserid is cached: #1205
* l10n fixes: #1124, #1300
* tools/build/dev env cleanup: #1235, #1234, #1257, #1245, #1055
* improvements to developer tool for checking primary support - scripts/checks_primary_support
* documentation improvements: #1264, #1287, #1288
* logging improvements: #1254, #1255, #1283, #1291
* (hotfix 03.23) re-add bulgarian: #1312
* (hotfix 03.23) add a ping wsapi to give monitoring probes a target that will test db connectivity: #1324
* (hotfix 03.23) ensure ETag on sign-in is changed: #1331
train-2012.03.01:
* When the user authenticates log them in automatically without going to the email picker: #198
* database (mysql) improvements, handle temporary outages without taking down the server: #990, #1211
* improved error flows when cookies are disabled: #835
* travis-ci support: #1166, #1197 - http://travis-ci.org/#!/mozilla/browserid
* clicking label in picker in iOS toggles radio button: #1133, #1137
* dialog zooming and scrolling fixed: #423
* Mobile firefox fixes: #1176
* websites can now provide a ToS and PP for display in-dialog: #841
* caching improvements: #1143, #1141
* fix webhead crash when keysigner is unreachable: #1011
* fix to allow viewing of error details on browserid.org: #1139
* disable unit tests in production in the application: #1044
* fix cases where 'keep me signed in' can disappear: #871
* fix cases where 'keep me signed in' can't be unchecked: #1155
* more password length checking in more places: #1173
* rewrite compression scripts in nodejs, improve performance: #660, #1009
* cosmetic and language fixes: #1105, #1154, #1160, #1178, #1179, #1184, #1185, #1189, #1209
* documentation fixes: #1043
* code cleanup: #1108, #1147, #1157, #1188
* test cleanup: #1156
* rpm fixes: #1165, #1177
* devtool fixes: #1219
* fix string extraction: #1170, #1194
train-2012.02.16:
* improve failure mode when cookies are disabled (especially on iOS): #1056
* serve static css/js resources from perma URLs to improve load times: #620
* improve UI flows concerning cancelation during primary sign in: #983, #1036
* localization improvements: #1040, #1045, #1048, #1062, #1081, #1113
* cosmetic dialog fixes: #1062, #1058, #892, #1117
* fix bug preventing email addresses with under-bars in hostnames: #1074
* Mobile specific cosmetic improvements: #1072
* don't localize developer targeted error strings: #1051
* remove obsolete code: #1082
* sort email addresses alphabetically in dialog picker: #130
* improve error messages: #835, #1056
* improve log messages: #1069
* wsapi semantic improvements: #1083, #835
* logging in with a primary email address no longer forces you to re-enter your password when subsequently using a secondary address: #1049
* Fix IE specific issue where cookies with same name on domain and subdomain would collide: #296
* long emails look better: #1100
train-2012.02.02:
* i18n support, now BrowserID speaks your language: #926, #936, #977, #1013, #1031
* improved error screens on slow server responses: #913, #915
* better cache headers on all html resources (which Vary by Accept-Languages): #226, #620, #920, #938
* cosmetic fixes: #918, #947, #966, #981, #1020, #987
* preliminary work to improve messaging when cookies are disabled: #835
* remove dead code: #925
* fix include.orig.js: #921, #911
* load testing compatibility and minified resources are no longer mutually exclusive: #939
* improve usability via default button focus (just hit enter in more places): #946, #960
* scripts to deploy to an amazon EC2 instance.
* improve configuration mechanism: #582, #1006
* limit post bodies to verifier: #878
* cancel from forgot password doesn't cause your email to be, uh, forgotten: #1001
* remember the users email as they move from screen to screen in the dialog: #984, #1001, #1002, #1003, #1004
* secondary "cancel" style buttons have a smaller font: #1020
* build fixes: #1021, #1024
* (hotfix 2012.02.07) add a l10n-all.json which holds all locales we'll be shipping to production
* (hotfix 2012.02.07) Fix the missing email address in the "check your email" screen for the forgot password flow: #1058
* (hotfix 2012.02.07) Modify build process to pick up locales from a .json file
* (hotfix 2012.02.07) fix production-locales.sh script to defer to the environment for configuration
* (hotfix 2012.02.13) fix for IE users not seeing error screens sometimes: #1087
* (hotfix 2012.02.22) add banner announcing brand change
train-2012.01.18:
* support for 3rd party primary identity providers: #761, #904, #865
* loadgen improvements
* Re-license under MPL2: #859, #827
* clean up unused developer tools (vagrant): #861
* (primary support) declaration of support now hosted in .well-known/browserid (was 'vep'): #865
* unit test fixes: #889, #851
* help link opens in new window: #728
* fix 'not supported' display in IE7: #831
* language/rendering refinements: #850, #439, #622, #818, #901, #630, #888, #345, #815
* front end performance improvements: #899, #910
* better UX for network timeouts: #905
* (hotfix 2012.01.23) Remove unwanted scrollbar in dialog: #947
* (hotfix 2012.01.23) Fix black backgrounds on IE8: #929
* (hotfix 2012.01.23) fix broken transition to "check your email": #933, #934, #935
* (hotfix 2012.01.24) Fix "slow script" error on IE8 during keygen on behalf of primary: #956
* (hotfix 2012.01.24) Publish javascript API to provide a native-support compatible for primaries' auth pages: #909
* (hotfix 2012.01.24) Allow load testing hooks to be enabled with minified resources: #939
* (hotfix 2012.01.24) IE8 fixes for primary flow: #962, #961, #958, #955
* (hotfix 2012.01.24) print correct url for where the user will be directed: #964
* (hotfix 2012.01.31) fix silent assertions: #972
* (hotfix 2012.02.01) fix verification of email on a browser other than the initiator: #973, #1026 (and maybe others)
train-2012.01.05:
* client entropy pool mixes in randomness from server for better browser RNG: #298, #800
* new assertion format that avoids double (base64) encoding - 33% smaller: #507
* Turn license URL in ToS into a clickable link: #382
* limit post requests to 10kb: #822
* improved password length checks, check in client and server code more often
* after authenticating we store your userid rather than email in the session (many issues/possible attacks relate to this): #388
* session cookies are now encrypted, sent only when required, and generally more awesome: #416, #832
* IE8 display tweaks
* primary support 90% implemented but disabled in this train (*major* changes including schema, but not user visible)
* (hotfix on 2012.01.09) explicitly call .removeAllListeners() during http forwarding to eliminate memory leak: #839
train-2011.12.28:
* improve animation during cert/assertion procedures in dialog: #709
* user visible error message in dialog when under back breaking load: #738
* cleanup and removal of stale deps from package.json
* improve mobile formatting: #747
* fixes in dialog communication channel: #748
* add a waiting screen while crypto is running on slow browsers: #706
* don't allow a user to re-add address they already have verified: #732
* CSP (content security policy) fixes: #676
* doc fixes regarding running browserid under vagrant
* doc fixes regarding new dependencies (libgmp for (much) faster crypto)
* bcrypt now runs out of process, uses all available cores, allows for app level 503 under extreme load: #694
* Fix "cancel" in the forgot password screen when accessed via required email: #754
* first time a user visits browserid.org, show a "learn more" message: #384
* partial code versioning/cache busting implementation: #226, #687
* improved build process - resource minification no longer leaves artifacts all over: #700
* clean up whitespace. meh. : #758
* emails now come from "BrowserID@" instead of "noreply@": #756
* completely new implementation for cross domain window communication (https://github.com/lloyd/winchan): #764, #766
* allow canceling of "use a different email: #765
* improve language and UX of required email flow: #608
* better, earlier dev errors for required email: #632
* new assertion format (smaller by 66%) handled by verifier, to be generated by browserid next train: #507
* now you can change your password: #771, #114
* load generator improvements: #782
* improved PRNG: #789, #735
* fix regressions in the above: #719, #776
* CSRF token uses better RNG: #800
train-2011.12.08:
* improve performance of unit tests: #686
* IE8 fixes: #688
* logging improvements: #681
* loadgen fixes: #682
* android fixes: #704
* performance improvements: #680
* moar instrumentation: #691
train-2011.12.01:
* BrowserID now requires NodeJS >= 0.6.2
* extensive work on load generation tool: #504
* modularize front-end, remove deps on stealjs and JSMVC: #609, #625, #634
* front-end refactoring: #578, #611, #608, #650, #654, #655
* regression fix: account consolidation possible without explicit canceling: #607, #612
* make it possible to gracefully update domain key at any time: #599
* domain key now uses RSA-2048: #600
* optimize (and combine) frontend resources (vepbundle): #606
* many rpm/packaging updates: #617, #656
* timestamps on all log entries: #541
* IE8 fixes: #615
* unit test fixes: #557 (revisited), #629, #657
* update_password WSAPI added: #560, #114
* verifier improvements and unit tests: #467, #598, #605, #643, #642, #645, #646
* node-mysql driver update - improved for prod env: #648
* include a link to support.mozilla.com off of browserid.org: #533
* added command line tool to create and account: #603
* added command line tool to bcrypt a password: #651
* fix button heights in firefox on browserid.org: #658
* make sure logout is called only once in dialog: #666, #630
* make 'use another email address' more discoverable: #623
* use statsd for statistics reporting: #662
* heartbeat checks are now shallow, only indicating presence of a server and basic health: #566
* keysigner and verifier now saturate multiple cores via 'compute-cluster' module: #213
* fix spurious console error messages on sites that use postMessage and include.js: #534
* refine language in verification email: #672
* (hotfix on 2011.12.02) Fix regression where email rate limiting tooltips in dialog were not shown: #685
* (hotfix on 2011.12.02) Fix regression where emails sent out had no newlines: #684
* (hotfix on 2011.12.08) Fix bug where domain key update detection was not working properly, preventing users from logging in: #734
* (hotfix on 2011.12.08) Fix bugs in "internal api" used by native code (like openwebapps stuff): #601
train-2011.11.17:
* frontend code restructuring and refactoring
* process breakup complete (dbwriter, keysigner, browserid, and verifier): #460
* several updates to production deployment scripts (rpm generation): #571, #575
* all processes should log and exit hard if misconfigured: #576, #581
* complete 'keep me signed in' feature: #559, #490
* simplify and consolidate user facing help links in dialog: #553
* clean up user facing error messages (email throttling and sent email): #579, #577, #591
* moved 'this is not me' and 'use a different email' links based on UX suggestions: #459
* incrementally work to repair load_gen (not yet complete): #504
* unit test fixes: #504
* remove extraneous console logging: #574
* improve email validation in main site (whitespace handling): #583, #429
* fix serious regressions related to iOS5 fixes that prevented dialog from working the second time on RPs: #580, #588, #589
* fix "go back and try another" link in dialog: #587
* added "required email" feature: #491
* (added 2011.11.18) fix regression - sporadic assertion verification failures: #616
train-2011.11.10:
* keysigner process now handles certificate generation: #460
* verifier no longer supports CORS requests: #245
* experimental support for nodejs 0.6.0: #535
* reduce access to private key (only the keysigner has access to it): #539
* improve language of buttons during sign-in: #198
* better error messaging during sign-in/up interactions on main site: #542
* user only has to type their browserid password every two weeks (not one): #543
* upgrade mysql driver - no crash upon idle reconnection: #540
* address regression in #540 - reconnect to proper database (also fixes 'create_schema' flag): #548
* implement 'keep me signed in' - includes API changes and UX/UI changes: #490
* front end unit test improvements: #542, #408
* fix regression in tooltips (weren't showing contents): #547
* calls to __heartbeat__ aren't logged: #537
* strip whitespace on email input: #429
* fix sporadic errors in unit tests: #550, #556
* crypto changes to support IE8: #244
* fix tab ordering in UI: #544
* chrome specific UI fixes: #552
* better UI feedback when hovering over buttons: #553
* reorganization of browserid process, breakout of dbwriter (not yet enabled): #460
* improve log message error levels (be sparing with 'error'): #509
train-2011.11.03:
* Remember the last used email for a site, and optimize the default selection based on this: #1
* Fix regression where verification of assertions would fail for https sites: #500 (also hot-fixed in production https://github.com/mozilla/browserid/commit/1528364)
* improved end user visible error messages: #448, #465, #512, #515
* style/transition improvements for desktop and mobile devices: #494, #502, #522, #527
* refuse to send out more than one email per minute to the same address: #430
* be *really* smart about how long to display tool-tips in the dialog: #508
* behave reasonably (at least display content) when javascript is disabled: #510
* remember the users email as they transition between screens, when appropriate: #476
* Suppress iOS autocapitalizion and auto-correction for email addresses: #464
* Improve front end email address validation: #513
* Improve repository organization: #503, #488
* As part of above and in prep for #460 - all processes (browserid, verifier, etc) are now always run separately (never combined into the same express instance)
* Test improvements: #520, #530, #531
* Fix undefined reference (crash) in verifier after verification failure: #523 (hot-fixed in production: https://github.com/mozilla/browserid/commit/ba3c53)
* Remove UI that corresponds to unimplemented features: #519
* Handle upper case letters in domain part of email addresses properly: #501
* Use a more conventional log format that includes time-stamps when logging to file: #234
* Shutdown gracefully whenever possible, and always log why we go down: #529
* 'LOG_TO_CONSOLE' env var for verbose console output during tests: #530
* more checks around '/code_update' URL invocation: bug #699171
* Many minor bug-fixes: #497, #532
* (2011.11.08) don't crash on mysql connection timeout: #540
train-2011.10.27:
* link fixing ('need help?' to point to SUMO): #378
* unit tests repaired: #469 (broken in fix to #82)
* improve handling of network errors: #448
* improve styling and language of email confirmation page: #349
* logging improvements: #455
* RPM generation script created (for installation of browserid on redhat [moz prod] boxes): #478
* SCHEMA CHANGES to improve database performance and scalability: #480
* change the health check call from '/ping.txt' to '/__heartbeat__': #481
* remove application level network timeouts (let the network stack do its job, the user can cancel if they get sick of it): #485
* improve messaging for unsupported browsers: #273, #484
* developer documentation improvements: #496
train-2011.10.20:
* android < 3.0 now supported: #461
* properly set assertion expiration time to when they expire, not when they're issued: #433, #457, #458
* update privacy policy language to jive with new UI: #381
* add redirects for old URLs that no longer exist with the new UI: #376
* inside the minified include.js, link to uncompressed version for developer convenience and discovery: #432
* language tweaks: #437, #444
* improve button UI appearance on opera and IE: #435
* improve visual feedback for links: #440
* UI fixes for > 2 email addresses on iOS: #417
* smooth out screen transitions in dialog: #369
* improved "check your email" screen on mobile: #462
* no auto-caps nor auto-correct for iOS in add email field: #464
* improve event listening on input fields: #406
* remember email when moving user from signup to sign-in for known email address: #108
* don't call sync_emails more than necessary: #434
* assertions now include full origin (scheme+host+port). verifier accepts only host+port OR full origin, and returns whatever RP sends for back compat: #82
train-2011.10.13:
* fix verification of email in different browser than where verification is initiated: #336
* Android < 3.0 (browsers that can't handle JSON.parse("null")) now blocked explicitly (until we complete support)
* textual fixes to about page: #350
* 'cancel account' link added to manage page: #405
* warn user that removing last email address effectively cancels account: #394, #404, #137
* fixed signing dialog hang when you delete an email on manage page while dialog is open (now that's not obscure :P): #401
* Optimize UI in case where user has only 1 email address: #412
* smooth out transition from pick email to add new email pages: #410
* reposition remove buttons on manage page: #409
* identity and labs links open in new tabs: #380
* fix innocuous (but ugly) error in firefox error console: #390
* implement dynamic bcrypt work factor update: #204
* default work factor is now at 12 (NOTE: [re]authentication now takes 6x longer - ~600ms on our current hardware): #212
* many test fixes, and code refactoring, cleanup, and reorganization
* accept SMTP parameters from the environment: #214 (not yet closed)
* WSAPI CHANGES (https://github.com/mozilla/browserid/commit/511b56): all server responses are now objects: #217, #325
train-2011.10.06:
* full site & dialog redesign: (many, many closed issues are related to this, including #269, #343, #342, #347, #354, #356, #357, #350, #349, #364, #346, #336)
* improved debugging, all network callbacks are invoked asynchronously: #276
* MYSQL SCHEMA CHANGE: passwd field no longer in staged table (password is now set after verify link clickthrough)
* MYSQL SCHEMA CHANGE: add index to emails table: #209
* WSAPI CHANGES (to support new UI): https://github.com/mozilla/browserid/commit/b6ee51
* WSAPI CHANGES: a mis-set client clock no longer causes invalid assertions to be issued (wsapi changed to minimize network requests): #329
* disallow re-registration of existing account: #333
* (non-visible) namespacing in dialog code: #275
* API BREAKING CHANGE: verifier no longer supports GET requests: #98
* significant performance / UX improvement - keys are generated and certified when needed, not all upfront at sign-in: #278
* remove 'download printable format' language from privacy policy: #280
* faster keygen via crypto optimizations: https://github.com/mozilla/browserid/commit/778433
* improvements to mobile layout & usability (specific to the new UI)
* more user visible error messages to improve community sourced problem reports: #335
* IE8 improvements (still not fully supported): #246, #361, #346
* cookie fixes revisited, now on upstream version of connect-cookie-session: #310
* (merged 2011.10.07) fix unstyled flash at first dialog display: #365
train-2011.09.29:
* shortly after dialog is spawned, we remove the four random chars in the fragment (aesthetic)
* fix bug where session duration had an upper bound of 7 days - the time the server was running: #310
* fix bug where a user could go longer than 1 week without re-authenticating: #309
* fix link on /developers page to verfier source: #326
* (merged 2011.10.04) fix issue where a wrong-set client clock could prevent login: #329
* (external fix in myfavoritebeer) IE9 support: #240
train-2011.09.22:
* migrate to browserid signed certificates rather than keypairs where browserid hosts the public key: https://github.com/mozilla/browserid/issues?milestone=6
* IE9 support
* partial IE8 support (not yet usable, several small remaining bugs, and abysmal performance)
* development harness (./run.js) now respects an IP_ADDRESS env var to bind to a specific address (other than 127.0.0.1)
* improved first-time development experience: `git clone && cd browserid && npm install && npm run`
* initial support for running locally under virtualbox via vagrant: #261 (thanks ozten!)
* (fix 2011.09.23) fix race condition between relay iframe and window introduced with IE9 support: #287
* (fix 2011.09.23) fix blank popup on second signin invocation in same session in Firefox: #286
* (fix 2011.09.23) explicitly disable caching for /wsapi calls, prevents unwanted caching of CSRF and friends: #294
train-2011.09.01:
* /ws_api/set_key always returns returns value instead of HTTP 204 response: #219
* update javascript mvc to 3.1.0.
* major interframe/window communication change using a hidden relay iframe to facilitate IE: #97 (still open)
* link colors on browserid.org are consistent: #227
train-2011.08.25:
* created command line load generation tool and performance analysis work: #125
* beginning unit/functional tests for front end: #183
* front end refactor to facilitate unit/functional tests and UX iteration: #183
* error messages are shown on front end: #184
* users must now verify account ownership before attempting a key sync.
* manage page date format: #191
* manage page button only displayed if user is currently authenticated: #195
* manage page emails are synced on page open: #181
* wsapi_client created for clients needing programatic access to wsapi.
* harden set_key against duplicate keys.
* fix new email addresses added not being synced on client: #199
* upgrade to bcrypt 0.2.4.
* minify include.js by default: #206
* more than one email address can be added per dialog lifespan: #215
* verifyier no longer verifies assertions issued by another server.
* (2011.08.31) no error message displayed if you try to authenticate with an invalid u/p: #222
train-2011.08.18:
* upon clickthrough of the email link, don't have the browser window close itself: #162
* passwords must be between 8 and 80 chars: #155
* improved handling of emailing & verification urls during local development & testing: #88
* language changes in dialog: #150
* many improvements to unit tests: #171
* forgotten password flow was broken with port to mysql, fixed: #170
* improved metrics reporting abstraction: #168
* moved all server logging into a single file: #169
* all files created at execution time are now in one location: #172
* developer ergonomics - improved colorized logging with terse webserver output to console
* always require a user to authenticate if they don't have an active session: #74
* improved CSRF protection to fix race conditions in previous train: #173
train-2011.08.12:
* massive zero-user-visibile refactoring of dialog javascript.
* fix cancel button in "waiting for verification state": #147
* all browserid source is now tri-licensed (MPL1.1/GPL/LGPL): #141
* fixes for mobile firefox (fennec): #140
* mysql support implemented for browserid (default persistence production): #71
* json persistence support added - a standalone dead simple persistence layer which is the default for local development and requires no external software.
* email secrets are now persisted in the database, so upon server restart outstanding verification links are no longer invalidated: #91
* (website) styling changes - like fix issues where links on dev page were being displayed white on white.
train-2011.08.04:
* when user closes dialog without clicking "cancel", properly return 'null' to the webpage (via getVerifiedEmail callback): #107
* improve checks to warn developer that prerequisite software is missing: #110
* parameterize software to support multiple deployment environments (dev/beta/prod): #102, #52
* documentation updates.
* improved logging (using the winston logging framework for node.js)
* [website] fixed inclusion of youtube video (now over https to keep browsers from getting scared about mixed mode resource inclusion)
train-1:
* beginning of time, everything is new.
* (2011.08.03) include youtube video embedding over https: #112
* (2011.08.04) fix mozillalabs.com link in dialog: #116
Jump to Line
Something went wrong with that request. Please try again.