Skip to content
This repository
branch: train-2012.07.…
Fetching contributors…

Octocat-spinner-32-eaf2f5

Cannot retrieve contributors at this time

file 570 lines (537 sloc) 36.21 kb
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569
train-2012.07.20:
  * Introduction of "static" process which serves views and static resources: #1757
  * Update account password recovery flow, no longer do we remove all emails upon password recovery: #1913
  * API parameter validation on all API calls: #1526, #2001, #1981, #2042, #2032, #2057, #2121
  * 'locale_directory' no longer a neccesary nor allowed configuration parameter
  * Implement support for proxy IdP (a.k.a. BigTent): #2019, #2060
  * Main site i18n - now persona is completely translated: #1862, #2075, #2093
  * UI improvements: #1898, #1786, #1920, #1932, #1901, #1885, #1951, #1964, #1967, #1916, #1967, #2007
  * KPI improvements: #1827, #1825
  * Localization improvments, reduced dependencies and debugging locale works all the time: #1917, #1905, #1970
  * Fix regression of fonts on windows: #1856, #1973
  * Resource optimization: #1941, #1999
  * Links to external sumo pages are language neutral: #1938, #2055
  * Unit test fixes and improvements: #1958, #1948, #1783, #1916, #2011, #1986
  * Fixes for node 0.8.x (production still on node 0.6.x): #1914
  * Code cleanup: #1902, #1989
  * Language improvements: #1960, #1167
  * Opera 12 fixes: #1844
  * Persona logos added to repo: #1974
  * Fix error when KPIs are disabled: #1978
  * For primary certificate provisioning, fail if the process takes longer than 20s: #1570
  * Fix IE8 cookie check: #1982
  * Log assertion verification failures: #2016
  * Fix slow keyboard key press response on fennec: #2029
  * Documentation fixes: #2064
  * All resources should include license and links: #1655?
  * Repair metrics, specifically counting of distinct sign_ins: #2040
  * returnTo, siteName, and siteLogo only work with the observer API: #2086
  * Fix regressions introduced during development: #2118, #2104, #2088

train-2012.07.06:
  * refinement of all user facing language: #1889, #1905, #1675, #1923, #1925
  * requiredEmail feature removed: #1760
  * A new /about page #1768
  * watch() parameter - loggedInEmail renamed to loggedInUser #1805
  * persona ToS / PP now displayed in dialog: #1240
  * fix cases where redirection to website after verification would fail: #1860
  * clean up console messages: #1518
  * load_gen cleanup: #1278
  * user interface improvements: #1777, #1661, #1433, #1548, #1774, #1721, #1826, #868, #1517, #1093, #1892, #1928
  * updates to "key performance indicator": #1667, #1730
  * test improvments: #1794, #1875, #1883
  * code cleanup: #1778, #1756, #1748, #1849, #1852
  * font licenses added to source tree: #1820
  * load time performance improvements: #1793, #1851, #1861
  * improvments to email provider API ("primary"): #1502
  * security improvments - better random numbers: #1788
  * Fix Persona on Windows Metro: #1867
  * Fix dialog layout when rendered in a native webview on iOS: #1517

train-2012.06.22:
  * browserid.org now redirects to login.persona.org, all URLs are updated: #1743
  * Websites can now provide their name and logo (requires SSL) to be displayed in the dialog: #1098, #1761
  * A user is now sent back to the site they were visiting after verification (requires .watch() API): #385
  * Fix .watch() API under IE8: #1637
  * For dev and ephemeral deployments, move to awsbox, and new URLs: #1394, #1046, #1741
  * Fix the scroll bar appearing on the main site's index page if it is not needed: #1693
  * Clear the password if the user types a password then changes the email address: #1540
  * New watch API now requires invocation with proper context (navigator.id.foo, not var foo = navigator.id.foo)
  * Router fixes: #1713
  * Serve fonts locally, don't pull resources from google: #1695
  * Optimize images: #1747
  * Fix flashes when verifying an email address: #1734
  * Unit test added which runs jshint: #1731
  * Fix submit occurring when selecting an email address in Firefox from the auto-complete list: #1780
  * For KPI data, round timestamp to nearest 10 minutes, making correlation improbable: #1732
  * Code cleanup: #1701, #1703, #1000, #1248, #1759, #1733, #1792
  * Breaking API change: Persona now returns pubkey from generateKeypair to IdPs as a string

train-2012.06.08:
  * rebrand from 'browserid' to 'persona': (including regressions #1711 #1706 #1716 #1719)
  * new "router" process added - subsumes responsibility of old "webhead" process, handles all requets forwarding: #1657
  * Support non-english passwords: #1631
  * allow sessions to persist for 4 weeks after a user confirms ownership of a device (was effectively 1 week): #1632
  * general code cleanup, removal of obsolete code, accidental globals cleaned up: #1645 #1681 #1699
  * fix tab order on signup page: #1635
  * minified include.js again has link to unminified source: #1624
  * improve handling of uncaught exceptions (new statsd counter): #1558
  * fix cachify stuff to allow multiple background images per css dec: #1652
  * 50x error pages added to repo
  * authenticated sessions are now 4 weeks: #1632, #1572
  * improvements to KPI system: #1614 #1619 #1660 #1698
  * UI improvements: #1684
  * new secret debug menu added to dialog
  * "silent assertions" (via observer api) now check cert expiry and don't issue invalid assertions

train-2012.05.25:
  * many KPI improvements: #1597, #1613
  * code cleanup: #1599, #1602
  * verification links sent before deployment, should still work after - transitional code required by issue #1000: #1592
  * repair load_gen: #1596
  * fixes to mysql reconnection logic - processes can now reconnect while out of pool and only having /__heartbeat__ polled: #1608
  * make "is this your computer" screen keyboard navigable: #1582
  * when user types in wrong password while verifying secondary address (on different browser), show clear tooltip style error: #1557
  * don't make a user type their password when not neccesary (adding secondary address to acct with only primary addresses): #1555
  * perform rigorous checking of inputs to dialog from RP. (PR #1627, bug #747859)
  * support new parameter names in .get & .request APIs: #1643
  * perform rigorous checking of arguments returned from primary IdPs: bug #758449

train-2012.05.14:
  * Password is now requested in dialog for new user signup: #1000, #290
  * "Key Performance Indicator" system implemented, to be disabled pending review: #1546, #1567
  * Improve error handling: #1227, #1495
  * code and test cleanup: #1521, #1547
  * ToS and privacy policy display regardless of cookie settings: #1514
  * Integrated new version of jwcrypto: #1543, #1544, #1545, #1552, #1574, #1575
  * Android 4.0 cookie fixes: #1542
  * Proper error display in IE6 & IE7: #1529
  * Allow mysql password to be specified in environment: #1560
  * Fix occasional dropped click during sign-in on chrome: #1581

train-2012.04.27:
  * Observer API updated, still experimental.
  * A more responsive dialog design that scales to different screen sizes: #1101, #1317
  * Improved consistency of links: #702, #1453
  * Test improvements: #1246, #1437, #1488, #1464
  * Allow underscores in email address domain and site origin: #1454
  * Fixes to per site last-used-email state maintenence: #968
  * Never ask a user if this "is your computer" in a session that involves email verificatino: #1446
  * Remove placeholder text from change password inputs: #1461
  * General cleanup: #1449, #1396
  * Logging improvements: #1383
  * IE visual improvements for error screens: #1485, #1390, #1496
  * Improved checks for disabled cookies: #1418, #1484
  * Fix bug where if user pauses for 2 minutes on "is this your computer" the generated assertion is invalid: #1460
  * (hotfix 2012.05.07) upgrade to node.js 0.6.17 to mitigate risk of HTTP parser bugs - bug #752605
  * (hotfix 2012.05.08) handle syntax errors in declaration of support better. bug #752721

train-2012.04.11:
  * New BrowserID "Observer" API implemented in experimental status: #912
  * Implement variable length sessions and explicit user confirmation to improve saftey on public terminals/shared computers: #884
  * keysize is now 1024: #1293
  * fix case where removing the same email address twice could cancel your account: #1123
  * give user feedback after typing in email while we're checking the email provider for BrowserID support: #1290
  * optimize javascript resources: #1351
  * frontend tests only output failures: #1326
  * documentation fixes: #1367, #1401
  * logging improvements: #1327
  * improve experience for users with cookies disabled: #1402, #1201, #1202, #1414
  * use http status codes in verifier where appropriate: #1362
  * improve password update in account manager screen: #1388, #1389
  * developers link now points to MDN: #1397
  * fix issues that were introduced while implementing the above features: #1349, #1348, #1354, #1357, #1374, #1399, #1400, #1408, #1395, #1406, #1405, #1390, #1391
  * (hotfix 2012.04.12) return 400 rather than 500 for invalid params to stage_user or stage_email: #1429
  * (hotfix 2012.04.12) fix broken string, "is this your computer" was broken into two fragments: #1425
  * (hotfix 2012.04.16) fix API regression that would cause javascript error when .get() invoked without second arg: #1442
  * (hotfix 2012.04.16) update load_gen to new server apis that require an `ephemeral` argument: #1436
  * (hotfix 2012.04.17) fix broken reset password flow - button was non-responsive in dialog: #1440
  * (hotfix 2012.04.17) mitigate errors seen when adding a secondary email to an acct with only primary emails: #1445
  * (hotfix 2012.04.18) fix error where under certain conditions user could see an error immediately after authenticating: #1449

train-2012.03.28:
  * work towards better user messaging for when cookies are disabled: #1167, #1302
  * improved cache headers: #1331, #620
  * error handling fix in frontend code: #1339
  * new API: /wsapi/ping - used for server monitoring: #1324
  * support email providers (with BrowserID support) with digits in their hostnames: #1284
  * tools/build/dev env fixes: #1284
  * (hotfix 2012.03.30) Fix regression where 304 responses to requests for IFrame HTML would have X-Frame-Options: deny, preventing loading of iframes #1353
  * (hotfix 2012.03.30) ETag headers now vary by locale, fixes regression where switching between locales was broken #1364
  * (hotfix 2012.04.10) more rigorous checking of email inputs to WSAPI
  * (hotfix 2012.04.10) copy config/l10n-*.json to build directory
  * (hotfix 2012.04.10) final 40 production locales merged: #1412
  * (hotfix 2012.04.10) update l10n-all.json to have all locales (complete and in-progress) as well as en-US and db-LB
  * (hotfix 2012.04.10) fix more rigorous checking of email inputs to WSAPI: domain checking of 'site' parameter was validating hostnames rather than domains.
  * (hotfix 2012.04.12) fix /signup page on browserid.org: #1429

train-2012.03.14:
  * BrowserID now speaks Bulgarian
  * Fix regressions related to ToS/PP feature (#841): #1303
  * Fix regressions related to improved email selection on iOS (#1133): #1304
  * "delegation of authority" implemented: #1271, #864
  * visual improvements: #403
  * improved algorithm for finding best language for a given user: #1128
  * frontend tests now run on every commit under travis-ci: #635
  * improve the way that .well-known/browserid is cached: #1205
  * l10n fixes: #1124, #1300
  * tools/build/dev env cleanup: #1235, #1234, #1257, #1245, #1055
  * improvements to developer tool for checking primary support - scripts/checks_primary_support
  * documentation improvements: #1264, #1287, #1288
  * logging improvements: #1254, #1255, #1283, #1291
  * (hotfix 03.23) re-add bulgarian: #1312
  * (hotfix 03.23) add a ping wsapi to give monitoring probes a target that will test db connectivity: #1324
  * (hotfix 03.23) ensure ETag on sign-in is changed: #1331

train-2012.03.01:
  * When the user authenticates log them in automatically without going to the email picker: #198
  * database (mysql) improvements, handle temporary outages without taking down the server: #990, #1211
  * improved error flows when cookies are disabled: #835
  * travis-ci support: #1166, #1197 - http://travis-ci.org/#!/mozilla/browserid
  * clicking label in picker in iOS toggles radio button: #1133, #1137
  * dialog zooming and scrolling fixed: #423
  * Mobile firefox fixes: #1176
  * websites can now provide a ToS and PP for display in-dialog: #841
  * caching improvements: #1143, #1141
  * fix webhead crash when keysigner is unreachable: #1011
  * fix to allow viewing of error details on browserid.org: #1139
  * disable unit tests in production in the application: #1044
  * fix cases where 'keep me signed in' can disappear: #871
  * fix cases where 'keep me signed in' can't be unchecked: #1155
  * more password length checking in more places: #1173
  * rewrite compression scripts in nodejs, improve performance: #660, #1009
  * cosmetic and language fixes: #1105, #1154, #1160, #1178, #1179, #1184, #1185, #1189, #1209
  * documentation fixes: #1043
  * code cleanup: #1108, #1147, #1157, #1188
  * test cleanup: #1156
  * rpm fixes: #1165, #1177
  * devtool fixes: #1219
  * fix string extraction: #1170, #1194

train-2012.02.16:
  * improve failure mode when cookies are disabled (especially on iOS): #1056
  * serve static css/js resources from perma URLs to improve load times: #620
  * improve UI flows concerning cancelation during primary sign in: #983, #1036
  * localization improvements: #1040, #1045, #1048, #1062, #1081, #1113
  * cosmetic dialog fixes: #1062, #1058, #892, #1117
  * fix bug preventing email addresses with under-bars in hostnames: #1074
  * Mobile specific cosmetic improvements: #1072
  * don't localize developer targeted error strings: #1051
  * remove obsolete code: #1082
  * sort email addresses alphabetically in dialog picker: #130
  * improve error messages: #835, #1056
  * improve log messages: #1069
  * wsapi semantic improvements: #1083, #835
  * logging in with a primary email address no longer forces you to re-enter your password when subsequently using a secondary address: #1049
  * Fix IE specific issue where cookies with same name on domain and subdomain would collide: #296
  * long emails look better: #1100

train-2012.02.02:
  * i18n support, now BrowserID speaks your language: #926, #936, #977, #1013, #1031
  * improved error screens on slow server responses: #913, #915
  * better cache headers on all html resources (which Vary by Accept-Languages): #226, #620, #920, #938
  * cosmetic fixes: #918, #947, #966, #981, #1020, #987
  * preliminary work to improve messaging when cookies are disabled: #835
  * remove dead code: #925
  * fix include.orig.js: #921, #911
  * load testing compatibility and minified resources are no longer mutually exclusive: #939
  * improve usability via default button focus (just hit enter in more places): #946, #960
  * scripts to deploy to an amazon EC2 instance.
  * improve configuration mechanism: #582, #1006
  * limit post bodies to verifier: #878
  * cancel from forgot password doesn't cause your email to be, uh, forgotten: #1001
  * remember the users email as they move from screen to screen in the dialog: #984, #1001, #1002, #1003, #1004
  * secondary "cancel" style buttons have a smaller font: #1020
  * build fixes: #1021, #1024
  * (hotfix 2012.02.07) add a l10n-all.json which holds all locales we'll be shipping to production
  * (hotfix 2012.02.07) Fix the missing email address in the "check your email" screen for the forgot password flow: #1058
  * (hotfix 2012.02.07) Modify build process to pick up locales from a .json file
  * (hotfix 2012.02.07) fix production-locales.sh script to defer to the environment for configuration
  * (hotfix 2012.02.13) fix for IE users not seeing error screens sometimes: #1087
  * (hotfix 2012.02.22) add banner announcing brand change

train-2012.01.18:
  * support for 3rd party primary identity providers: #761, #904, #865
  * loadgen improvements
  * Re-license under MPL2: #859, #827
  * clean up unused developer tools (vagrant): #861
  * (primary support) declaration of support now hosted in .well-known/browserid (was 'vep'): #865
  * unit test fixes: #889, #851
  * help link opens in new window: #728
  * fix 'not supported' display in IE7: #831
  * language/rendering refinements: #850, #439, #622, #818, #901, #630, #888, #345, #815
  * front end performance improvements: #899, #910
  * better UX for network timeouts: #905
  * (hotfix 2012.01.23) Remove unwanted scrollbar in dialog: #947
  * (hotfix 2012.01.23) Fix black backgrounds on IE8: #929
  * (hotfix 2012.01.23) fix broken transition to "check your email": #933, #934, #935
  * (hotfix 2012.01.24) Fix "slow script" error on IE8 during keygen on behalf of primary: #956
  * (hotfix 2012.01.24) Publish javascript API to provide a native-support compatible for primaries' auth pages: #909
  * (hotfix 2012.01.24) Allow load testing hooks to be enabled with minified resources: #939
  * (hotfix 2012.01.24) IE8 fixes for primary flow: #962, #961, #958, #955
  * (hotfix 2012.01.24) print correct url for where the user will be directed: #964
  * (hotfix 2012.01.31) fix silent assertions: #972
  * (hotfix 2012.02.01) fix verification of email on a browser other than the initiator: #973, #1026 (and maybe others)

train-2012.01.05:
  * client entropy pool mixes in randomness from server for better browser RNG: #298, #800
  * new assertion format that avoids double (base64) encoding - 33% smaller: #507
  * Turn license URL in ToS into a clickable link: #382
  * limit post requests to 10kb: #822
  * improved password length checks, check in client and server code more often
  * after authenticating we store your userid rather than email in the session (many issues/possible attacks relate to this): #388
  * session cookies are now encrypted, sent only when required, and generally more awesome: #416, #832
  * IE8 display tweaks
  * primary support 90% implemented but disabled in this train (*major* changes including schema, but not user visible)
  * (hotfix on 2012.01.09) explicitly call .removeAllListeners() during http forwarding to eliminate memory leak: #839

train-2011.12.28:
  * improve animation during cert/assertion procedures in dialog: #709
  * user visible error message in dialog when under back breaking load: #738
  * cleanup and removal of stale deps from package.json
  * improve mobile formatting: #747
  * fixes in dialog communication channel: #748
  * add a waiting screen while crypto is running on slow browsers: #706
  * don't allow a user to re-add address they already have verified: #732
  * CSP (content security policy) fixes: #676
  * doc fixes regarding running browserid under vagrant
  * doc fixes regarding new dependencies (libgmp for (much) faster crypto)
  * bcrypt now runs out of process, uses all available cores, allows for app level 503 under extreme load: #694
  * Fix "cancel" in the forgot password screen when accessed via required email: #754
  * first time a user visits browserid.org, show a "learn more" message: #384
  * partial code versioning/cache busting implementation: #226, #687
  * improved build process - resource minification no longer leaves artifacts all over: #700
  * clean up whitespace. meh. : #758
  * emails now come from "BrowserID@" instead of "noreply@": #756
  * completely new implementation for cross domain window communication (https://github.com/lloyd/winchan): #764, #766
  * allow canceling of "use a different email: #765
  * improve language and UX of required email flow: #608
  * better, earlier dev errors for required email: #632
  * new assertion format (smaller by 66%) handled by verifier, to be generated by browserid next train: #507
  * now you can change your password: #771, #114
  * load generator improvements: #782
  * improved PRNG: #789, #735
  * fix regressions in the above: #719, #776
  * CSRF token uses better RNG: #800

train-2011.12.08:
  * improve performance of unit tests: #686
  * IE8 fixes: #688
  * logging improvements: #681
  * loadgen fixes: #682
  * android fixes: #704
  * performance improvements: #680
  * moar instrumentation: #691

train-2011.12.01:
  * BrowserID now requires NodeJS >= 0.6.2
  * extensive work on load generation tool: #504
  * modularize front-end, remove deps on stealjs and JSMVC: #609, #625, #634
  * front-end refactoring: #578, #611, #608, #650, #654, #655
  * regression fix: account consolidation possible without explicit canceling: #607, #612
  * make it possible to gracefully update domain key at any time: #599
  * domain key now uses RSA-2048: #600
  * optimize (and combine) frontend resources (vepbundle): #606
  * many rpm/packaging updates: #617, #656
  * timestamps on all log entries: #541
  * IE8 fixes: #615
  * unit test fixes: #557 (revisited), #629, #657
  * update_password WSAPI added: #560, #114
  * verifier improvements and unit tests: #467, #598, #605, #643, #642, #645, #646
  * node-mysql driver update - improved for prod env: #648
  * include a link to support.mozilla.com off of browserid.org: #533
  * added command line tool to create and account: #603
  * added command line tool to bcrypt a password: #651
  * fix button heights in firefox on browserid.org: #658
  * make sure logout is called only once in dialog: #666, #630
  * make 'use another email address' more discoverable: #623
  * use statsd for statistics reporting: #662
  * heartbeat checks are now shallow, only indicating presence of a server and basic health: #566
  * keysigner and verifier now saturate multiple cores via 'compute-cluster' module: #213
  * fix spurious console error messages on sites that use postMessage and include.js: #534
  * refine language in verification email: #672
  * (hotfix on 2011.12.02) Fix regression where email rate limiting tooltips in dialog were not shown: #685
  * (hotfix on 2011.12.02) Fix regression where emails sent out had no newlines: #684
  * (hotfix on 2011.12.08) Fix bug where domain key update detection was not working properly, preventing users from logging in: #734
  * (hotfix on 2011.12.08) Fix bugs in "internal api" used by native code (like openwebapps stuff): #601

train-2011.11.17:
  * frontend code restructuring and refactoring
  * process breakup complete (dbwriter, keysigner, browserid, and verifier): #460
  * several updates to production deployment scripts (rpm generation): #571, #575
  * all processes should log and exit hard if misconfigured: #576, #581
  * complete 'keep me signed in' feature: #559, #490
  * simplify and consolidate user facing help links in dialog: #553
  * clean up user facing error messages (email throttling and sent email): #579, #577, #591
  * moved 'this is not me' and 'use a different email' links based on UX suggestions: #459
  * incrementally work to repair load_gen (not yet complete): #504
  * unit test fixes: #504
  * remove extraneous console logging: #574
  * improve email validation in main site (whitespace handling): #583, #429
  * fix serious regressions related to iOS5 fixes that prevented dialog from working the second time on RPs: #580, #588, #589
  * fix "go back and try another" link in dialog: #587
  * added "required email" feature: #491
  * (added 2011.11.18) fix regression - sporadic assertion verification failures: #616

train-2011.11.10:
  * keysigner process now handles certificate generation: #460
  * verifier no longer supports CORS requests: #245
  * experimental support for nodejs 0.6.0: #535
  * reduce access to private key (only the keysigner has access to it): #539
  * improve language of buttons during sign-in: #198
  * better error messaging during sign-in/up interactions on main site: #542
  * user only has to type their browserid password every two weeks (not one): #543
  * upgrade mysql driver - no crash upon idle reconnection: #540
  * address regression in #540 - reconnect to proper database (also fixes 'create_schema' flag): #548
  * implement 'keep me signed in' - includes API changes and UX/UI changes: #490
  * front end unit test improvements: #542, #408
  * fix regression in tooltips (weren't showing contents): #547
  * calls to __heartbeat__ aren't logged: #537
  * strip whitespace on email input: #429
  * fix sporadic errors in unit tests: #550, #556
  * crypto changes to support IE8: #244
  * fix tab ordering in UI: #544
  * chrome specific UI fixes: #552
  * better UI feedback when hovering over buttons: #553
  * reorganization of browserid process, breakout of dbwriter (not yet enabled): #460
  * improve log message error levels (be sparing with 'error'): #509

train-2011.11.03:
  * Remember the last used email for a site, and optimize the default selection based on this: #1
  * Fix regression where verification of assertions would fail for https sites: #500 (also hot-fixed in production https://github.com/mozilla/browserid/commit/1528364)
  * improved end user visible error messages: #448, #465, #512, #515
  * style/transition improvements for desktop and mobile devices: #494, #502, #522, #527
  * refuse to send out more than one email per minute to the same address: #430
  * be *really* smart about how long to display tool-tips in the dialog: #508
  * behave reasonably (at least display content) when javascript is disabled: #510
  * remember the users email as they transition between screens, when appropriate: #476
  * Suppress iOS autocapitalizion and auto-correction for email addresses: #464
  * Improve front end email address validation: #513
  * Improve repository organization: #503, #488
  * As part of above and in prep for #460 - all processes (browserid, verifier, etc) are now always run separately (never combined into the same express instance)
  * Test improvements: #520, #530, #531
  * Fix undefined reference (crash) in verifier after verification failure: #523 (hot-fixed in production: https://github.com/mozilla/browserid/commit/ba3c53)
  * Remove UI that corresponds to unimplemented features: #519
  * Handle upper case letters in domain part of email addresses properly: #501
  * Use a more conventional log format that includes time-stamps when logging to file: #234
  * Shutdown gracefully whenever possible, and always log why we go down: #529
  * 'LOG_TO_CONSOLE' env var for verbose console output during tests: #530
  * more checks around '/code_update' URL invocation: bug #699171
  * Many minor bug-fixes: #497, #532
  * (2011.11.08) don't crash on mysql connection timeout: #540

train-2011.10.27:
  * link fixing ('need help?' to point to SUMO): #378
  * unit tests repaired: #469 (broken in fix to #82)
  * improve handling of network errors: #448
  * improve styling and language of email confirmation page: #349
  * logging improvements: #455
  * RPM generation script created (for installation of browserid on redhat [moz prod] boxes): #478
  * SCHEMA CHANGES to improve database performance and scalability: #480
  * change the health check call from '/ping.txt' to '/__heartbeat__': #481
  * remove application level network timeouts (let the network stack do its job, the user can cancel if they get sick of it): #485
  * improve messaging for unsupported browsers: #273, #484
  * developer documentation improvements: #496

train-2011.10.20:
  * android < 3.0 now supported: #461
  * properly set assertion expiration time to when they expire, not when they're issued: #433, #457, #458
  * update privacy policy language to jive with new UI: #381
  * add redirects for old URLs that no longer exist with the new UI: #376
  * inside the minified include.js, link to uncompressed version for developer convenience and discovery: #432
  * language tweaks: #437, #444
  * improve button UI appearance on opera and IE: #435
  * improve visual feedback for links: #440
  * UI fixes for > 2 email addresses on iOS: #417
  * smooth out screen transitions in dialog: #369
  * improved "check your email" screen on mobile: #462
  * no auto-caps nor auto-correct for iOS in add email field: #464
  * improve event listening on input fields: #406
  * remember email when moving user from signup to sign-in for known email address: #108
  * don't call sync_emails more than necessary: #434
  * assertions now include full origin (scheme+host+port). verifier accepts only host+port OR full origin, and returns whatever RP sends for back compat: #82

train-2011.10.13:
  * fix verification of email in different browser than where verification is initiated: #336
  * Android < 3.0 (browsers that can't handle JSON.parse("null")) now blocked explicitly (until we complete support)
  * textual fixes to about page: #350
  * 'cancel account' link added to manage page: #405
  * warn user that removing last email address effectively cancels account: #394, #404, #137
  * fixed signing dialog hang when you delete an email on manage page while dialog is open (now that's not obscure :P): #401
  * Optimize UI in case where user has only 1 email address: #412
  * smooth out transition from pick email to add new email pages: #410
  * reposition remove buttons on manage page: #409
  * identity and labs links open in new tabs: #380
  * fix innocuous (but ugly) error in firefox error console: #390
  * implement dynamic bcrypt work factor update: #204
  * default work factor is now at 12 (NOTE: [re]authentication now takes 6x longer - ~600ms on our current hardware): #212
  * many test fixes, and code refactoring, cleanup, and reorganization
  * accept SMTP parameters from the environment: #214 (not yet closed)
  * WSAPI CHANGES (https://github.com/mozilla/browserid/commit/511b56): all server responses are now objects: #217, #325

train-2011.10.06:
  * full site & dialog redesign: (many, many closed issues are related to this, including #269, #343, #342, #347, #354, #356, #357, #350, #349, #364, #346, #336)
  * improved debugging, all network callbacks are invoked asynchronously: #276
  * MYSQL SCHEMA CHANGE: passwd field no longer in staged table (password is now set after verify link clickthrough)
  * MYSQL SCHEMA CHANGE: add index to emails table: #209
  * WSAPI CHANGES (to support new UI): https://github.com/mozilla/browserid/commit/b6ee51
  * WSAPI CHANGES: a mis-set client clock no longer causes invalid assertions to be issued (wsapi changed to minimize network requests): #329
  * disallow re-registration of existing account: #333
  * (non-visible) namespacing in dialog code: #275
  * API BREAKING CHANGE: verifier no longer supports GET requests: #98
  * significant performance / UX improvement - keys are generated and certified when needed, not all upfront at sign-in: #278
  * remove 'download printable format' language from privacy policy: #280
  * faster keygen via crypto optimizations: https://github.com/mozilla/browserid/commit/778433
  * improvements to mobile layout & usability (specific to the new UI)
  * more user visible error messages to improve community sourced problem reports: #335
  * IE8 improvements (still not fully supported): #246, #361, #346
  * cookie fixes revisited, now on upstream version of connect-cookie-session: #310
  * (merged 2011.10.07) fix unstyled flash at first dialog display: #365

train-2011.09.29:
  * shortly after dialog is spawned, we remove the four random chars in the fragment (aesthetic)
  * fix bug where session duration had an upper bound of 7 days - the time the server was running: #310
  * fix bug where a user could go longer than 1 week without re-authenticating: #309
  * fix link on /developers page to verfier source: #326
  * (merged 2011.10.04) fix issue where a wrong-set client clock could prevent login: #329
  * (external fix in myfavoritebeer) IE9 support: #240

train-2011.09.22:
  * migrate to browserid signed certificates rather than keypairs where browserid hosts the public key: https://github.com/mozilla/browserid/issues?milestone=6
  * IE9 support
  * partial IE8 support (not yet usable, several small remaining bugs, and abysmal performance)
  * development harness (./run.js) now respects an IP_ADDRESS env var to bind to a specific address (other than 127.0.0.1)
  * improved first-time development experience: `git clone && cd browserid && npm install && npm run`
  * initial support for running locally under virtualbox via vagrant: #261 (thanks ozten!)
  * (fix 2011.09.23) fix race condition between relay iframe and window introduced with IE9 support: #287
  * (fix 2011.09.23) fix blank popup on second signin invocation in same session in Firefox: #286
  * (fix 2011.09.23) explicitly disable caching for /wsapi calls, prevents unwanted caching of CSRF and friends: #294

train-2011.09.01:
  * /ws_api/set_key always returns returns value instead of HTTP 204 response: #219
  * update javascript mvc to 3.1.0.
  * major interframe/window communication change using a hidden relay iframe to facilitate IE: #97 (still open)
  * link colors on browserid.org are consistent: #227

train-2011.08.25:
  * created command line load generation tool and performance analysis work: #125
  * beginning unit/functional tests for front end: #183
  * front end refactor to facilitate unit/functional tests and UX iteration: #183
  * error messages are shown on front end: #184
  * users must now verify account ownership before attempting a key sync.
  * manage page date format: #191
  * manage page button only displayed if user is currently authenticated: #195
  * manage page emails are synced on page open: #181
  * wsapi_client created for clients needing programatic access to wsapi.
  * harden set_key against duplicate keys.
  * fix new email addresses added not being synced on client: #199
  * upgrade to bcrypt 0.2.4.
  * minify include.js by default: #206
  * more than one email address can be added per dialog lifespan: #215
  * verifyier no longer verifies assertions issued by another server.
  * (2011.08.31) no error message displayed if you try to authenticate with an invalid u/p: #222

train-2011.08.18:
  * upon clickthrough of the email link, don't have the browser window close itself: #162
  * passwords must be between 8 and 80 chars: #155
  * improved handling of emailing & verification urls during local development & testing: #88
  * language changes in dialog: #150
  * many improvements to unit tests: #171
  * forgotten password flow was broken with port to mysql, fixed: #170
  * improved metrics reporting abstraction: #168
  * moved all server logging into a single file: #169
  * all files created at execution time are now in one location: #172
  * developer ergonomics - improved colorized logging with terse webserver output to console
  * always require a user to authenticate if they don't have an active session: #74
  * improved CSRF protection to fix race conditions in previous train: #173

train-2011.08.12:
  * massive zero-user-visibile refactoring of dialog javascript.
  * fix cancel button in "waiting for verification state": #147
  * all browserid source is now tri-licensed (MPL1.1/GPL/LGPL): #141
  * fixes for mobile firefox (fennec): #140
  * mysql support implemented for browserid (default persistence production): #71
  * json persistence support added - a standalone dead simple persistence layer which is the default for local development and requires no external software.
  * email secrets are now persisted in the database, so upon server restart outstanding verification links are no longer invalidated: #91
  * (website) styling changes - like fix issues where links on dev page were being displayed white on white.

train-2011.08.04:
  * when user closes dialog without clicking "cancel", properly return 'null' to the webpage (via getVerifiedEmail callback): #107
  * improve checks to warn developer that prerequisite software is missing: #110
  * parameterize software to support multiple deployment environments (dev/beta/prod): #102, #52
  * documentation updates.
  * improved logging (using the winston logging framework for node.js)
  * [website] fixed inclusion of youtube video (now over https to keep browsers from getting scared about mixed mode resource inclusion)

train-1:
  * beginning of time, everything is new.
  * (2011.08.03) include youtube video embedding over https: #112
  * (2011.08.04) fix mozillalabs.com link in dialog: #116
Something went wrong with that request. Please try again.