# HG changeset patch # User Marcin Kuzminski # Date 2016-06-15 01:01:27 # Node ID a1dea1cb990263e325f13a0b9147e479a4a97870 # Parent bc4667ad5c9c5237fc2597ea9813d9bf96c277a8 # Parent a7d8006db9ca5b9c5d3ed995b0a8a92dde11fc63 release: Merge stable into default diff --git a/.hgtags b/.hgtags --- a/.hgtags +++ b/.hgtags @@ -1,3 +1,4 @@ 1bd3e92b7e2e2d2024152b34bb88dff1db544a71 v4.0.0 170c5398320ea6cddd50955e88d408794c21d43a v4.0.1 c3fe200198f5aa34cf2e4066df2881a9cefe3704 v4.1.0 +7fd5c850745e2ea821fb4406af5f4bff9b0a7526 v4.1.1 diff --git a/.release.cfg b/.release.cfg --- a/.release.cfg +++ b/.release.cfg @@ -1,27 +1,30 @@ [DEFAULT] done = false +[task:bump_version] +done = true + +[task:rc_tools_pinned] +done = true + [task:fixes_on_stable] done = true +[task:pip2nix_generated] +done = true + [task:changelog_updated] done = true -[task:nix_dependencies_moved] -done = true - -[task:bump_version] +[task:generate_api_docs] done = true [task:generate_js_routes] done = true -[task:generate_api_docs] -done = true - [release] state = prepared -version = 3.8.3 +version = 4.1.1 [task:updated_translation] diff --git a/docs/release-notes/release-notes-4.1.1.rst b/docs/release-notes/release-notes-4.1.1.rst new file mode 100644 --- /dev/null +++ b/docs/release-notes/release-notes-4.1.1.rst @@ -0,0 +1,15 @@ +|RCE| 4.1.1 |RNS| +----------------- + +Release Date +^^^^^^^^^^^^ + +- 2016-06-14 + +Fixes +^^^^^ + +- security: fixed permissions issues on pyramid auth-plugins views. + They no longer raise an internal server error page when accessed unauthorized. + +- search: use better ElasticSearch repo filters. (EE only) diff --git a/docs/release-notes/release-notes.rst b/docs/release-notes/release-notes.rst --- a/docs/release-notes/release-notes.rst +++ b/docs/release-notes/release-notes.rst @@ -9,6 +9,7 @@ Release Notes .. toctree:: :maxdepth: 1 + release-notes-4.1.1.rst release-notes-4.1.0.rst release-notes-4.0.1.rst release-notes-4.0.0.rst diff --git a/pkgs/python-packages.nix b/pkgs/python-packages.nix --- a/pkgs/python-packages.nix +++ b/pkgs/python-packages.nix @@ -950,13 +950,13 @@ }; }; python-editor = super.buildPythonPackage { - name = "python-editor-1.0"; + name = "python-editor-1.0.1"; buildInputs = with self; []; doCheck = false; propagatedBuildInputs = with self; []; src = fetchurl { - url = "https://pypi.python.org/packages/f5/d9/01eb441489c8bd2adb33ee4f3aea299a3db531a584cb39c57a0ecf516d9c/python-editor-1.0.tar.gz"; - md5 = "a5ead611360b17b52507297d8590b4e8"; + url = "https://pypi.python.org/packages/2b/c0/df7b87d5cf016f82eab3b05cd35f53287c1178ad8c42bfb6fa61b89b22f6/python-editor-1.0.1.tar.gz"; + md5 = "e1fa63535b40e022fa4fd646fd8b511a"; }; }; python-ldap = super.buildPythonPackage { @@ -1040,7 +1040,7 @@ }; }; rhodecode-enterprise-ce = super.buildPythonPackage { - name = "rhodecode-enterprise-ce-4.1.0"; + name = "rhodecode-enterprise-ce-4.1.1"; buildInputs = with self; [WebTest configobj cssselect flake8 lxml mock pytest pytest-cov pytest-runner]; doCheck = true; propagatedBuildInputs = with self; [Babel Beaker FormEncode Mako Markdown MarkupSafe MySQL-python Paste PasteDeploy PasteScript Pygments Pylons Pyro4 Routes SQLAlchemy Tempita URLObject WebError WebHelpers WebHelpers2 WebOb WebTest Whoosh alembic amqplib anyjson appenlight-client authomatic backport-ipaddress celery colander decorator docutils gunicorn infrae.cache ipython iso8601 kombu msgpack-python packaging psycopg2 pycrypto pycurl pyparsing pyramid pyramid-debugtoolbar pyramid-mako pyramid-beaker pysqlite python-dateutil python-ldap python-memcached python-pam recaptcha-client repoze.lru requests simplejson waitress zope.cachedescriptors psutil py-bcrypt]; @@ -1177,13 +1177,13 @@ }; }; urllib3 = super.buildPythonPackage { - name = "urllib3-1.15.1"; + name = "urllib3-1.16"; buildInputs = with self; []; doCheck = false; propagatedBuildInputs = with self; []; src = fetchurl { - url = "https://pypi.python.org/packages/49/26/a7d12ea00cb4b9fa1e13b5980e5a04a1fe7c477eb8f657ce0b757a7a497d/urllib3-1.15.1.tar.gz"; - md5 = "5be254b0dbb55d1307ede99e1895c8dd"; + url = "https://pypi.python.org/packages/3b/f0/e763169124e3f5db0926bc3dbfcd580a105f9ca44cf5d8e6c7a803c9f6b5/urllib3-1.16.tar.gz"; + md5 = "fcaab1c5385c57deeb7053d3d7d81d59"; }; }; venusian = super.buildPythonPackage { diff --git a/rhodecode/VERSION b/rhodecode/VERSION --- a/rhodecode/VERSION +++ b/rhodecode/VERSION @@ -1,1 +1,1 @@ -4.2.0 \ No newline at end of file +4.2.0 diff --git a/rhodecode/authentication/views.py b/rhodecode/authentication/views.py --- a/rhodecode/authentication/views.py +++ b/rhodecode/authentication/views.py @@ -44,7 +44,10 @@ class AuthnPluginViewBase(object): self.request = request self.context = context self.plugin = context.plugin + self._rhodecode_user = request.user + @LoginRequired() + @HasPermissionAllDecorator('hg.admin') def settings_get(self, defaults=None, errors=None): """ View that displays the plugin settings as a form. @@ -67,6 +70,9 @@ class AuthnPluginViewBase(object): return template_context + @LoginRequired() + @HasPermissionAllDecorator('hg.admin') + @auth.CSRFRequired() def settings_post(self): """ View that validates and stores the plugin settings. diff --git a/rhodecode/login/views.py b/rhodecode/login/views.py --- a/rhodecode/login/views.py +++ b/rhodecode/login/views.py @@ -208,6 +208,8 @@ class LoginView(object): }) return render_ctx + @HasPermissionAnyDecorator( + 'hg.admin', 'hg.register.auto_activate', 'hg.register.manual_activate') @view_config( route_name='register', request_method='POST', renderer='rhodecode:templates/register.html')