##// END OF EJS Templates
docs: added changelog for 4.8.0 release.
marcink -
r1848:6a5f62ae default
parent child Browse files
Show More
@@ -0,0 +1,103 b''
1 |RCE| 4.8.0 |RNS|
2 -----------------
3
4 Release Date
5 ^^^^^^^^^^^^
6
7 - 2017-06-30
8
9
10 New Features
11 ^^^^^^^^^^^^
12
13 - Code Review: added new reviewers logic. This features now is Common Criteria
14 compatible and allows to define Mandatory (non-removable) reviewers.
15 In addition new options were added to forbid adding new reviewers or forbid
16 author of commits or the pull request itself to be a reviewer of the code.
17 - Audit logs: introducing new audit logs tracking most important actions in
18 the system. Admins can track important events such as deletion of resources,
19 permissions changes, user groups changes. Each event tracks users with his
20 IP and user agent.
21 - Mercurial: enabled evolve extensions. Each repository can be now configured
22 to support evolve, commit phases, and evolve state are also shown in
23 commit and changelog views.
24 - VCS: expose newly pushed bookmarks or branches as quick links to open a
25 pull request on client output. Allows easier pull request creation via CLI.
26
27
28 General
29 ^^^^^^^
30
31 - Core: ported many views into pure pyramid code with python3.6 compatibility.
32 Now almost 80% of the code is ported, and future ready. It's our ongoing
33 effort to allow support for modern python version.
34 - Comments: show author tag in pull request comments to easily
35 discover the author of changes in discussions.
36 - Files: allow specifying custom filename for uploaded files via web interface.
37 - Pull requests: changed who is allowed to close a pull request. Now it's only
38 super-admin, owner or person who can merge.
39 Before it was every reviewer can close. Which really doesn't make sense.
40 - Users: show that user is disabled when editing his properties.
41 - Integrations: expose user_id, and username in Webhook integration
42 templates arguments.
43 - Integrations: exposed extra repo variables in template arguments of
44 Webhook integration.
45 - Login: add link when using external auth to make it easier to login
46 using oauth providers, such as Google or Github.
47 - Maintenance: added svn verify command to tasks to be able to verify the
48 filesystem and repo formats from web interface. Allows much easier tracking
49 of incompatible filesystem storage of subversion repositories.
50 - Events: expose permalink urls for pull requests, and repositories.
51 Permalink url should provide a non-changeable url that can be used in
52 external system.
53 - Svn: increase possibility to specify compatibility to pre 1.9 version.
54
55
56 Security
57 ^^^^^^^^
58
59 - security(high): fixed possibility to delete other users inline comments
60 for users who were repository admins.
61 - security(med): fixed XSS inside the tooltip for author string.
62 - security(med): fixed stored XSS in notifications inbox.
63 - security(med): use custom writer for RST rendering to prevent injection of javascript: tags.
64 - security(med): escape flash messaged VCS errors to prevent reflected XSS attacks.
65 - security(low): use 404 instead of 403 code on permission decorator to
66 prevent brute force resource discovery attacks.
67 - security(low): fixed self XSS inside autocomplete files view.
68 - security(low): fixed self Xss inside repo strip view.
69 - security(low): fixed self Xss inside the email add functionality.
70 - security(none): use new safe escaped user attributes across the application.
71 Will prevent all possible XSS attack vectors from user stored attributes.
72 This specially can come from external authentication systems which doesn't
73 validate the data.
74
75
76 Performance
77 ^^^^^^^^^^^
78
79
80
81
82 Fixes
83 ^^^^^
84
85 - Pull requests: make sure we process comments in the order of IDS when
86 linking them. In some edge cases it could lead to comments not displaying
87 correctly.
88 - Emails: fixed newlines in email templates that can break email sending code.
89 - Markdown: fixed hr and strong tags styling.
90 - Notifications: fixed problem with 500 errors on non-numeric entries in url.
91 - API: use simple schema validator to be consistent how we validate between
92 API and web views for create user and create user_group calls.
93 - Users: fixed problem with personal repo group wasn't shown for disabled users.
94 - Oauth: improve Google extraction of first/last name from returned data.
95
96
97 Upgrade notes
98 ^^^^^^^^^^^^^
99
100
101 - API: the `update_pull_request` method will no longer support a close action.
102 Users should use the existing `close_pull_request` method which allows
103 specifying a message and status while closing a pull request. No newline at end of file
@@ -9,6 +9,7 b' Release Notes'
9 9 .. toctree::
10 10 :maxdepth: 1
11 11
12 release-notes-4.8.0.rst
12 13 release-notes-4.7.2.rst
13 14 release-notes-4.7.1.rst
14 15 release-notes-4.7.0.rst
General Comments 0
You need to be logged in to leave comments. Login now