Roundup Release 1.4.11

Richard Jones r1chardj0n3s at gmail.com
Mon Dec 21 03:41:51 CET 2009 

I'm proud to release version 1.4.11 of Roundup which fixes a number bugs
and closes a potential security hole.

ALL tracker maintainers MUST read the upgrading documentation to make sure
the hole is fixed in their tracker.

Other changes in this release:

- Generic class editor may now restore retired items (thanks Ralf Hemmecke)
- Fix security hole allowing user permission escalation (thanks Ralf
  Schlatterbeck)
- More SSL fixes. SSL wants the underlying socket non-blocking. So we
  don't call socket.setdefaulttimeout in case of SSL. This apparently
  never raises a WantReadError from SSL.
  This also fixes a case where a WantReadError is raised and apparently
  the bytes already read are dropped (seems the WantReadError is really
  an error, not just an indication to retry).
- Correct initial- and end-handshakes for SSL
- Update FAQ to mention infinite redirects with pathological settings of
  the tracker->web variable. Closes issue2537286, thanks to "stuidge"
  for reporting.
- Fix some format errors in italian translation file
- Some bugs issue classifiers were causing database lookup errors
- Fix security-problem: If user hasn't permission on a message (notably
  files and content properties) and is on the nosy list, the content was
  sent via email. We now check that user has permission on the message
  content and files properties. Thanks to Intevation for funding this
  fix.
- Fix traceback on .../msgN/ url, this requests the file content and for
  apache mod_wsgi produced a traceback because the mime type is None for
  messages, fixes issue2550586, thanks to Thomas Arendsen Hein for
  reporting and to Intevation for funding the fix.
- Handle OPTIONS http request method in wsgi handler, fixes issue2550587.
  Thanks to Thomas Arendsen Hein for reporting and to Intevation for
  funding the fix.
- Add documentation for migrating to the Register permission and
  fix mailgw to use Register permission, fixes issue2550599
- Fix styling of calendar to make it more usable, fixes issue2550608
- Fix typo in email section of user guide, fixes issue2550607
- Fix WSGI response code (thanks Peter Pöml)
- Fix linking of an existing item to a newly created item, e.g.
  edit action in web template is name="issue-1 at link@msg" value="msg1"
  would trigger a traceback about an unbound variable.
  Add new regression test for this case. May be related to (now closed)
  issue1177477. Thanks to Intevation for funding the fix.
- Clean up all the places where role processing occurs. This is now in a
  central place in hyperdb.Class and is used consistently throughout.
  This also means now a template can override the way role processing
  occurs (e.g. for elaborate permission schemes). Thanks to intevation
  for funding the change.
- Fix issue2550606 (german translation bug) "an hour" is only used in
  the context "in an hour" or "an hour ago" which translates to german
  "in einer Stunde" or "vor einer Stunde".  So "an hour" is translated
  "einer Stunde" (which sounds wrong at first).  Also note that date.py
  already has a comment saying "XXX this is internationally broken" --
  but at least there's a workaround for german :-) Thanks to Chris
  (radioking) for reporting.

If you're upgrading from an older version of Roundup you *must* follow
the "Software Upgrade" guidelines given in the maintenance documentation.

Roundup requires python 2.3 or later (but not 3+) for correct operation.

To give Roundup a try, just download (see below), unpack and run::

    roundup-demo

Release info and download page:
     http://cheeseshop.python.org/pypi/roundup
Source and documentation is available at the website:
     http://roundup.sourceforge.net/
Mailing lists - the place to ask questions:
     http://sourceforge.net/mail/?group_id=31577


About Roundup
=============

Roundup is a simple-to-use and -install issue-tracking system with
command-line, web and e-mail interfaces. It is based on the winning design
from Ka-Ping Yee in the Software Carpentry "Track" design competition.

Note: Ping is not responsible for this project. The contact for this
project is richard at users.sourceforge.net.

Roundup manages a number of issues (with flexible properties such as
"description", "priority", and so on) and provides the ability to:

(a) submit new issues,
(b) find and edit existing issues, and
(c) discuss issues with other participants.

The system will facilitate communication among the participants by managing
discussions and notifying interested parties when issues are edited. One of
the major design goals for Roundup that it be simple to get going. Roundup
is therefore usable "out of the box" with any python 2.3+ (but not 3+)
installation. It doesn't even need to be "installed" to be operational,
though an install script is provided.

It comes with two issue tracker templates (a classic bug/feature tracker and
a minimal skeleton) and four database back-ends (anydbm, sqlite, mysql
and postgresql).

More information about the Python-announce-list mailing list