issues (CVE-2008-1474, CVE-2008-1475). Changes since 1.1.2:
- Make URL matching code less matchy.
- Try to clarify mail_domain config setting.
- Add use of username/password stored in ~/.netrc in mailgw.
- 'Make a Copy' failed with more than one person in nosy list.
- xml-rpc security checks and tests across all backends.
- Send a Precedence header in email so (well-written) autoresponders don't.
- Fix mailgw total failure bounce message generation (thanks Bradley Dean).
- Fix for postgres 8.3 compatibility (and bug).
- Fix for translations.
- Fire reactors after file storage is all done.
- Allow negative ids other than -1 for item generation.
- Better German translation for retiring users.
- More improvements to German translation.
- Add filter() to XML-RPC interface.
- Fix IndexError when there are no messages to an issue.
- Prevent broken pipe errors in csv export.
- New session API and cleanup thanks anatoly t.
- Make WSGI handler threadsafe.
- Improved URL matching RE.
- Allow binary file content submission via XML-RPC.
- Don't run old code on newer database.
- Fix HTML injection into page title
- Fix indexer handling of indexed Link properties.
- Security fixes (thanks Roland Meister).
- New config option in mail section: ignore_alternatives allows to
ignore alternatives besides the text/plain part used for the content
of a message in multipart/alternative attachments.
- Admin copy of error email from mailgw includes traceback (thanks Ulrik
Mikaelsson).
- Messages created through the web are now given an in-reply-to header
when email out to nosy (thanks Martin v. L�wis).
- Nosy messages now include more information about issues (all link
properties with a "name" attribute) (thanks Martin v. L�wis).
- Searching date range by supplying just a date as the filter spec.
- Handle no time.tzset under Windows.
- Fix race condition in file storage transaction commit.
- Make user utils JS work with firstname/lastname again.
- Fix ZRoundup to work with Zope 2.8.5.
- Fix race condition for key properties in rdbms backends.
- Handle Reject in mailgw final set/create.
- Removed some metakit references.
- Roundup has a new xmlrpc frontend that gives access to a tracker using
XMLRPC.
- Dates can now be in the year-range 1-9999.
- The metakit backend has been removed.
- Add simple anti-spam recipe to docs.
- Allow customisation of regular expressions used in email parsing, thanks
Bruno Damour.
- Italian translation by Marco Ghidinelli.
- Multilinks take any iterable.
- config option: specify port and local hostname for SMTP connections.
- Tracker index templating (i.e. when roundup_server is serving multiple
trackers).
- config option: Limit nosy attachments based on size (Philipp Gortan).
- roundup_server supports SSL via pyopenssl.
- templatable 404 not found messages.
- Unauthorized email includes a link to the registration page for
the tracker.
- config options: control whether author info/email is included in email
sent by roundup.
- support for receiving OpenPGP MIME messages (signed or encrypted).
- Handling of unset Link search in RDBMS backend.
- Journal export of anydbm didn't correctly export previously empty values.
- Fix handling of defaults for date fields.
- Fix <form> name in user editing to allow multilink popups to work.
- Fix form handling of editing existing hyperdb items from a new item page.
- Added new rdbms-indexes for full-text index which will speed up
reindexing.
- Turning off indexing for content properties of FileClass instance
(e.g., "file" and "msg") now works for SQL backends.
- Enabled over-riding of content-type in web interface (thanks
John Mitchell).
- Validate user timezones to filter bad entries.
- Classic template allows searching for issues with no topic set.
- xapian_indexer uses current API for stemming (Rick Benavidez).
- Ensure email addresses are unique.
- roundup_admin tracks uncommitted changes in interactive mode
for all backends.
- add template search path for easy_install (Marek Kubica).
- don't spam the roundup admin on client shutdowns (Ulrik Mikaelsson).
- respect umask on filestorage backends (Ulrik Mikaelsson).
- cope with spam robots posting multiple instances of the same form.
- include the author of property-only changes in generated messages.
- fuller email validation in templates.
- cope with bad cookies from other apps on same domain.
- updated Spanish translation from Ramiro Morales.
- clean up query display of "Private to you items".
- use local timezone for mail date header.
- allow CSV export of queries on selected issues.
- remove blobfiles on destroy.
- handle postgres exceptions during session cleanup.
- update Xapian indexer to use current API.
- handle export and import of old trackers that have data attached to
journal "create" events.
- fix a couple more old instances of "type" instead of "ENGINE" for mysql
backend.
- make LinkHTMLProperty handle non-existing keys.
- If-Modified-Since handling was broken.
- Updated documentation for customising hard-coded searches in page.html.
- Updated Windows installation docs (thanks Bo Berglund).
- Handle rounding of seconds generating invalid date values.
- Handle 8-bit untranslateable messages from database properties.
- Fix scripts/roundup-reminder date calculation.
- Improved due_date and timelog customisation docs.
- relax rules for required fields in form_parser.py.
- documentation cleanup from Luke Ross.
- updated Spanish translation from Ramiro Morales.
- handle 8-bit untranslateable messages in tracker templates.
- handling of required for boolean False and numeric 0.
- removed bogus args attr of ConfigurationError.
- implemented start_response in roundup.cgi.
- clarified windows service documentation.
- HTMLClass fixed to work with new item permissions check.
- support POP over SSL.
- clean up input field generation and quoting of values.
- allow use of roundup-server pidfile without forking.
- allow translation of status/priority menu options.
- setup.py had broken reference to roundup.cgi.
- full-text search wasn't coping with multiple multilinks to the same class.
- unicode / sqlite 3 problem.
- WSGI support via roundup.cgi.wsgi_handler.
- sqlite module detection was broken for python 2.5 compiled without sqlite
support.
- fixed support for pysqlite2 (version 2.1.0 is the minimum version
supported).
- roundup-server called setuid when run by non-root user.
- fix sort/group direction checkbox in issue.index.html.
- fix error detection for non-EN locales of postgres.
- fix email change note rendering of multiline properties.
- fix sidebar search links.
- nicer "permission required" messages.
- fix unstable ordering of detectors.
- E-mail subject line prefix delimiter configuration was being ignored.
- Password confirm field in user editing.
- supports Python 2.5, including the sqlite3 module.
- full timezone support.
- handle connection loss when responding to web requests.
- match incoming mail In-Reply-To against existing messages when no issue
id is specified in the Subject.
- added StringHTMLProperty wrapped() method to wrap long lines in issue
display.
- include the popcal in Date field editing and search fields by default.
- @required in forms may now specify properties of linked items.
- update for latest version of pysqlite.
- update for latest version of psycopg2.
- new "exporttables" command in roundup-admin.
- roundup-admin "export" may specify classes to exclude.
- sorting and grouping by multiple properties is now supported by the
backends *and* the classic template.
- sorting, grouping, and searching by transitive properties (e.g.,
messages.author.supervisor) is now supported in all backends.
- added filter_sql to SQL backends which takes an arbitrary SQL statement
and returns a list of item ids.
- Verbose option for import and export.
- -c option for roundup-mailgw won't accept parameter.
- '?' in rfc2822-encoded header isn't quoted.
- fix error message in form parser.
- updated ZRoundup for Zope 2.9.
- fix timelog example in customisation doc to mention permissions.
- nicer listing of Superseder links.
- include roundup-server.ini.example.
- dumb bug in cgi templating utils.
- handle unicode in query names.
- fix error during mailgw bouncing message.
- hyperdb handling of empty raw values for Multilink and Password.
- don't int() ids.
- fix importing into anydbm backend.
- fix help message for roundup-admin install.
- removed traceback with OTK is used multiple times.
- metakit backend was indexing FileClass content even when asked not to.
- anydbm backend will finally sort numerically by ID.
- problem with string sorting in anydbm backend fixed: If a string was
fully numeric it was sorted as a number.
- Multilink-sorting now sorts by orderprop not by ID and works for all
backends.
- Bug with name-collisions in sorted classes when sorting by Link
properties in metakit backend fixed.
- Postgres backend allows transaction collisions to be ignored when
committing cleanup in the sessions database.
- translate titles of "show all" and "unassigned" issue lists
in classic template.
- "as" is a keyword in Python 2.6.
- "from __future__" statments need to be first line of file in Python 2.6.
- better conflict retry in postgresql backend.
- fix time log example.
74404e4b81