Show More
| @@ -0,0 +1,103 b'' | |||||
|
|
1 | |RCE| 4.8.0 |RNS| | |||
|
|
2 | ----------------- | |||
|
|
3 | ||||
|
|
4 | Release Date | |||
|
|
5 | ^^^^^^^^^^^^ | |||
|
|
6 | ||||
|
|
7 | - 2017-06-30 | |||
|
|
8 | ||||
|
|
9 | ||||
|
|
10 | New Features | |||
|
|
11 | ^^^^^^^^^^^^ | |||
|
|
12 | ||||
|
|
13 | - Code Review: added new reviewers logic. This features now is Common Criteria | |||
|
|
14 | compatible and allows to define Mandatory (non-removable) reviewers. | |||
|
|
15 | In addition new options were added to forbid adding new reviewers or forbid | |||
|
|
16 | author of commits or the pull request itself to be a reviewer of the code. | |||
|
|
17 | - Audit logs: introducing new audit logs tracking most important actions in | |||
|
|
18 | the system. Admins can track important events such as deletion of resources, | |||
|
|
19 | permissions changes, user groups changes. Each event tracks users with his | |||
|
|
20 | IP and user agent. | |||
|
|
21 | - Mercurial: enabled evolve extensions. Each repository can be now configured | |||
|
|
22 | to support evolve, commit phases, and evolve state are also shown in | |||
|
|
23 | commit and changelog views. | |||
|
|
24 | - VCS: expose newly pushed bookmarks or branches as quick links to open a | |||
|
|
25 | pull request on client output. Allows easier pull request creation via CLI. | |||
|
|
26 | ||||
|
|
27 | ||||
|
|
28 | General | |||
|
|
29 | ^^^^^^^ | |||
|
|
30 | ||||
|
|
31 | - Core: ported many views into pure pyramid code with python3.6 compatibility. | |||
|
|
32 | Now almost 80% of the code is ported, and future ready. It's our ongoing | |||
|
|
33 | effort to allow support for modern python version. | |||
|
|
34 | - Comments: show author tag in pull request comments to easily | |||
|
|
35 | discover the author of changes in discussions. | |||
|
|
36 | - Files: allow specifying custom filename for uploaded files via web interface. | |||
|
|
37 | - Pull requests: changed who is allowed to close a pull request. Now it's only | |||
|
|
38 | super-admin, owner or person who can merge. | |||
|
|
39 | Before it was every reviewer can close. Which really doesn't make sense. | |||
|
|
40 | - Users: show that user is disabled when editing his properties. | |||
|
|
41 | - Integrations: expose user_id, and username in Webhook integration | |||
|
|
42 | templates arguments. | |||
|
|
43 | - Integrations: exposed extra repo variables in template arguments of | |||
|
|
44 | Webhook integration. | |||
|
|
45 | - Login: add link when using external auth to make it easier to login | |||
|
|
46 | using oauth providers, such as Google or Github. | |||
|
|
47 | - Maintenance: added svn verify command to tasks to be able to verify the | |||
|
|
48 | filesystem and repo formats from web interface. Allows much easier tracking | |||
|
|
49 | of incompatible filesystem storage of subversion repositories. | |||
|
|
50 | - Events: expose permalink urls for pull requests, and repositories. | |||
|
|
51 | Permalink url should provide a non-changeable url that can be used in | |||
|
|
52 | external system. | |||
|
|
53 | - Svn: increase possibility to specify compatibility to pre 1.9 version. | |||
|
|
54 | ||||
|
|
55 | ||||
|
|
56 | Security | |||
|
|
57 | ^^^^^^^^ | |||
|
|
58 | ||||
|
|
59 | - security(high): fixed possibility to delete other users inline comments | |||
|
|
60 | for users who were repository admins. | |||
|
|
61 | - security(med): fixed XSS inside the tooltip for author string. | |||
|
|
62 | - security(med): fixed stored XSS in notifications inbox. | |||
|
|
63 | - security(med): use custom writer for RST rendering to prevent injection of javascript: tags. | |||
|
|
64 | - security(med): escape flash messaged VCS errors to prevent reflected XSS attacks. | |||
|
|
65 | - security(low): use 404 instead of 403 code on permission decorator to | |||
|
|
66 | prevent brute force resource discovery attacks. | |||
|
|
67 | - security(low): fixed self XSS inside autocomplete files view. | |||
|
|
68 | - security(low): fixed self Xss inside repo strip view. | |||
|
|
69 | - security(low): fixed self Xss inside the email add functionality. | |||
|
|
70 | - security(none): use new safe escaped user attributes across the application. | |||
|
|
71 | Will prevent all possible XSS attack vectors from user stored attributes. | |||
|
|
72 | This specially can come from external authentication systems which doesn't | |||
|
|
73 | validate the data. | |||
|
|
74 | ||||
|
|
75 | ||||
|
|
76 | Performance | |||
|
|
77 | ^^^^^^^^^^^ | |||
|
|
78 | ||||
|
|
79 | ||||
|
|
80 | ||||
|
|
81 | ||||
|
|
82 | Fixes | |||
|
|
83 | ^^^^^ | |||
|
|
84 | ||||
|
|
85 | - Pull requests: make sure we process comments in the order of IDS when | |||
|
|
86 | linking them. In some edge cases it could lead to comments not displaying | |||
|
|
87 | correctly. | |||
|
|
88 | - Emails: fixed newlines in email templates that can break email sending code. | |||
|
|
89 | - Markdown: fixed hr and strong tags styling. | |||
|
|
90 | - Notifications: fixed problem with 500 errors on non-numeric entries in url. | |||
|
|
91 | - API: use simple schema validator to be consistent how we validate between | |||
|
|
92 | API and web views for create user and create user_group calls. | |||
|
|
93 | - Users: fixed problem with personal repo group wasn't shown for disabled users. | |||
|
|
94 | - Oauth: improve Google extraction of first/last name from returned data. | |||
|
|
95 | ||||
|
|
96 | ||||
|
|
97 | Upgrade notes | |||
|
|
98 | ^^^^^^^^^^^^^ | |||
|
|
99 | ||||
|
|
100 | ||||
|
|
101 | - API: the `update_pull_request` method will no longer support a close action. | |||
|
|
102 | Users should use the existing `close_pull_request` method which allows | |||
|
|
103 | specifying a message and status while closing a pull request. No newline at end of file | |||
General Comments 0
You need to be logged in to leave comments.
Login now