============================
Invenio v2.1.0 is released
============================
Invenio v2.1.0 was released on June 16, 2015.
About
-----
Invenio is a digital library framework enabling you to build your own
digital library or document repository on the web.
Security fixes
--------------
+ docker:
- Disables debug mode when using standard Docker image. Uses docker
compose to set the variable instead.
Incompatible changes
--------------------
+ access:
- Removes proprietary authentication protocol for robotlogin.
(#2972)
- Removes external authentication engines. Please use
`invenio.modules.oauthclient` or Flask-SSO instead. (#1083)
+ assets:
- Removes support for runtime compiling of less files in debug mode
when option LESS_RUN_IN_DEBUG is enabled. (#2923)
- Requires update of bootstrap version of overlays.
+ collections:
- Collection reclist is not populated anymore. Use collection phrase
index using query matcher based on record data, hence no second
order operator will work in collection query definition.
+ communities:
- Removes 'communities' module that has been externalised to
separate Python package called 'invenio_communities'. Migration
can be done by running `pip install invenio_communities` and
adding 'invenio_communites' to PACKAGES. (#3008)
+ formatter:
- Database table 'format' and 'formatname' have been dropped and
foreign keys in other tables has been changed to use lower case
version of output format base filename without extension name.
- Output formats are no longer modifiable from web interface as they
syntax has been changed from custom "bfo" to "yml". (#2662)
- Custom output formats from the database needs to by merged with
`bfo` files to new `yml` files. Please follow instructions when
running `python scripts/output_format_migration_kit.py`.
+ global:
- Removes old URL handlers for `/search` and `/record`. (#2958)
- Enables 'sql_mode' as 'ansi_quotes' for quotes compatibility for
MySQL.
- Drops all active sessions during upgrade. Might result in log
entries about non-restorable sessions.
- Drops all active sessions during upgrade. Might result in log
entries about non-restorable sessions.
- Moves `deprecated` decorator under `invenio/utils/deprecation.py`
- Changes url_for behaviour to return always a unicode string.
(#2967)
- Deprecates invenio.config hack for legacy code. (#3106)
- Deprecates use of invenio.utils.redis in favor of
invenio.ext.cache. (#2885)
- Removes support for custom remote debuggers. (#2945)
+ installation:
- Upgrades minimum SQLAlchemy version to resolve Enum life cycle
problems on PostgreSQL. (#2351)
+ legacy:
- Specifies deprecation warnings for all remaining legacy modules
according to the latest Invenio 3 road map.
- Specifies deprecation warnings for legacy modules bibcirculation,
bibdocfile, bibedit, elmsubmit, websearch_external_collections,
and websubmit.
- Enables 'sql_mode' as 'ansi_quotes' for quotes compatibility for
MySQL.
- Removes deprecated bibknowledge module.
- Removes deprecated `inveniocfg` command line interface.
+ multimedia:
- Depreactes multimedia module.
+ search:
- Removes support for legacy `perform_request_search` and
`search_unit` API functions.
- Removes support for specific Aleph idendifiers from search engine.
New features
------------
+ access:
- Adds 'usedeposit' action which enables per user access
restrictions for different deposit types. (#2724)
- Adds the ability to restrict access per object independently from
the parent.
+ accounts:
- Adds support for allowing users to update their profile (nickname,
email, family name and given name).
- Adds support for users to re-request an verification email to be
sent.
- Adds new Passlib Flask extension to support configurable password
contexts in Invenio. (#2874)
- Adds panel blocks to settings templates.
+ babel:
- Adds datetime localization template filters.
+ collections:
- Adds new calculated field '_collections' to records from which the
'collection' index is created. (#2638)
+ deposit:
- Adds generic JinjaField and JinjaWidget to render templates as
form fields. This might be used in case longer explainations are
required for forms or to add pictures and other material that may
increase usability.
+ global:
- Uses Flask-IIIF extension providing various image manipulation
capabilities.
- Adds possibility to refer to documents and legacy BibDocFiles via
special path such as `/api/multimedia/image/recid:{recid}` or
`/api/multimedia/image/recid:{recid}-{filename}` or
`/api/multimedia/image/uuid` with proper permission checking.
(#3080) (#3084)
- Adds general pagination macro for Flask-SQLAlchemy Pagination
object. (PR #3006)
- Adds 'noscript' block to the page template to warn users with
disabled JavaScript on their browser. (#1039)
+ knowledge:
- Adds manager to knowledge with a command to load mappings into an
existing knowledge base from a file. E.g. `inveniomanage knowledge
load kb_name /path/to/file.kb`
+ oauthclient:
- Adds support for CERN OAuth authentication.
+ records:
- Adds support for granting author/viewer rights to records via tags
by specifying CFG_ACC_GRANT_AUTHOR_RIGHTS_TO_USERIDS_IN_TAGS
and/or CFG_ACC_GRANT_VIEWER_RIGHTS_TO_USERIDS_IN_TAGS. (#2873)
+ script:
- Implements optional TLS encryption directly by Werkzeug. Adds many
configuration variables (`SERVER_TLS_*`) to control the behaviour.
- Adds support for PostgreSQL database initialization.
+ search:
- Implements a mechanism that enhances user queries. The enhancer
functions are specified in the 'SEARCH_QUERY_ENHANCERS' and later
they are applied to the query AST one after the other in the
search method. (#2987)
- Adds new API for querying records.
- Adds new configuration option SEARCH_WALKERS which specifies
visitor classes that should be applied to a search query.
- Adds additional search units for the auxiliary author fields
`firstauthor`, `exactauthor`, `exactfirstauthor` and
`authorityauthor`.
- Adds missing operator handling of greater than (>) queries.
- Adds new configuration varibles `SEARCH_QUERY_PARSER` and
`SEARCH_QUERY_WALKERS` for query parser.
- Adds new API for record matching againts given query.
+ template:
- Adds bootstrap scrollspy to the base template so it can be used by
all modules.
+ workflows:
- Adds new buttons to the Holding Pen details pages to delete and
restart current task.
Improved features
-----------------
+ accounts:
- Improves legend alignment in login form.
+ classifier:
- Improves the stripping of reference section when extracting text
from PDF by using a more appropriate refextract API.
+ deposit:
- Corrects reflow on narrow screens and removes misused classes for
labels.
- Adds sticky navigation item to the deposit page to simplify
overview on larger forms. Works well with collapsed elements. On
narrow screens the navigation gets pushed in front of all other
form elements.
- Improves handling of large files in deposit.
- Fixes problem with misaligned checkbox and radio list items. They
are produced because wtforms does not wrap input elements into
labels as it is intended by the bootstrap framework.
+ docker:
- Changes port number exposed by docker to non-reserved ones to
avoid conflicts with local installations. Webport is now 28080,
Redis 26379 and MySQL is 23306, which is a simple +20000 shift
from the standard ports.
- Integrates docker boot script into docker image.
- Changes docker boot script to use `exec`. This ensure signal
forwarding and reduces the overhead by one process. As a result
container shutdown is faster now.
- Changes manual master/slave configuration of Docker devboot script
to automatic solution using file locks.
+ formatter:
- Improves support for translated output format names on search
results page. (#2429)
+ global:
- Supports database creation on PostgreSQL server.
- Implements session signing. This avoids cache request for invalid
sessions and reduces the DDoS attack surface.
- Removes IP address storage+checks. This avoids data privacy issues
and enables users with multiple connections (e.g. WIFI+LTE,
multiple WIFI connections on trains+stations) to stay signed in.
- Enhances `run_py_func` to be able to print both to some StringIO
and to the terminal at the same time. This is enabled with the
`passthrough` argument. It now also always returns stderr,
deprecating the `capture_stderr` argument. The return value is now
a namedtuple so that one can easily fetch the required value. Its
arguments to a more natural order (name of the executable first
and arguments afterwards.
- Supports database creation on PostgreSQL server.
- Improves compatibility of Text fields in PostrgeSQL by changing
Text in models and removes Invenio hacks on MySQL Index and
Primary Key creation because starting from SQLAlchemy>=1.0 it
arises an exception if the length is specified. (#3037)
+ knowledge:
- Relaxes constraints on dynamic search function that used to force
us to create temporary knowledge base. (#698)
+ legacy:
- Supports database creation on PostgreSQL server.
+ oauthclient:
- Extra template block addition.
+ refextract:
- Replaces usage of 'urllib' by 'requests' library and improves
manipulation with temporary file used for extraction of
references.
+ script:
- Uses SQLAlchemy and SQLAlchemy-Utils to initialize the database
instead of executing mysql in a python subshell. (#2846) (#2844)
+ search:
- The search results pages emits proper Cache and TTL information in
its HTTP headers, so that any eventual external cachers (such as
varnish) could act accordingly to invalidate their caches
automatically, without any configuration. (#2302)
- Collection filtering of search results no longer returns orphan
records.
- Improves native facet creations.
+ template:
- Replaces Invenio PNG logo with SVG version. This works better on
high resolution (retina) screens and it is supported by all
browers.
+ unapi:
- Separates UnAPI url handling to a new module.
+ upgrader:
- Clarifies that the upgrade dependency is only a best guess.
(#2561)
+ workflows:
- Updates the layout of the details pages in Holding Pen to display
at which step the object is in the workflow.
- When rendering the task results, the Holding Pen now passes a
dictionary instead of a list in order to allow finer grained
control in the template.
Bug fixes
---------
+ access:
- Sets the superadmin role ID properly when elaborating access
authorizations. Previously it was masked behind an application
context exception. (#3184)
+ accounts:
- Fixes invalid HTML of the 'remember me' login form checkbox.
- Corrects conditions on when to sent a notification email.
(addresses zenodo/zenodo#275) (#3163)
- Fixes issue that allowed blocked accounts to login.
+ classifier:
- Properly handles file paths containing a colon (:), avoiding bad
text extraction that causes (1) wrong results and (2) much slower
execution.
- Properly tags the execution of classifier as fast in the standard
workflow task when applicable.
+ deposit:
- Fixes issue with PLUpload chunking not being enabled.
- Fixes "both collapse arrows are shown" bug in deposit frontend.
+ formatter:
- Changes the mimetype of the `id` output format to application/json
and properly returns a JSON formatted list of results.
+ indexer:
- Avoids an exception from happening when passing a unicode string
to the BibIndex engine washer. (#2981)
+ installation:
- Fixes capitalization of package names.
+ legacy:
- Fixes inveniogc crash when mysql is NOT used to store sessions.
(#3205)
- Catches also any `MySQLdb.OperationalError` coming from legacy
MySQL queries using `run_sql()`. (#3089)
- Fixes an issue with outputting the post-process arguments when
adding or editing an OAI source.
+ oauthclient:
- Marks email address of users creating their account with oauth
process as invalid.
- Sends a validation email when users create their account with
oauth. (#2739)
- Improves security by leaving users' password uninitialized when
their account is created by the oauth module.
+ records:
- Improves type consistency of keys and values in JSON record
created from MARC and retrieved from storage engine. (#2772)
- Fixes double message flashing issues during 401 errors.
- Fixes issue with empty records not returning an 404 error.
- Fixes 500 error when record does not exist. (#2891)
+ search:
- Fixes an issue of returning the wrong results when searching for
single values in the author field (e.g. 'author:ellis').
+ submit:
- Fixes upgrade recipe for SbmCOLLECTION_SbmCOLLECTION table
introduced in commit @1021055. (#2954)
+ workflows:
- Fixes an issue where the workflow engine would try to save a
function reference in the extra_data task history, causing an
error when serializing extra_data.
Notes
-----
+ access:
- The default access role ID for the superadmin user is 1, but it
can be configured via CFG_SUPERADMINROLE_ID.
- Requires running `webaccessadmin -u admin -c -a -D` command.
+ accounts:
- Changes user model fields family name/given names to store empty
string as default instead of null.
- Adds support for users to change email address/nickname. If you
store email addresses in e.g. records or fireroles you are
responsible for propagating the users change of email address by
adding listeners to the 'profile-updated' signal. Alternatively
you can migrate records (using
CFG_ACC_GRANT_AUTHOR_RIGHTS_TO_USERIDS_IN_TAGS and
CFG_ACC_GRANT_VIEWER_RIGHTS_TO_USERIDS_IN_TAGS) and fireroles
(using "allow/deny uid <uid>") to restrict access based on user id
instead of user email address.
- Refactors password hashing to (a) explicitly specify password salt
instead of relying on the email address, since a change of email
would cause the password to be invalidated (b) support multiple
password hashing algorithms concurrently (c) automatic migration
of deprecated hashes when users log in (d) allows overlays to
specify their preferred hashing algorithms.
- Deprecates legacy Invenio's hashing algorithm based on AES
encryption of email address using the password as secret key in
favor of SHA512 using random salt and 100000 rounds.
+ assets:
- Updates Twitter Bootstrap to 3.3 to fix some issues, e.g. to low
colour contrast of navbar background<->font. Requires update of
Twitter Bootstrap version in Invenio overlays.
+ collections:
- The tag table now contains 'collection idetifier' with correct
'value' and 'recjson_value' ('' and '_collections').
+ formatter:
- Invenio 1.x BFT template language and BFE elements are being
deprecated. Please migrate overlay output formats to use Jinja2.
(#2662)
- Removes fallback template rendering and puts standard exception
logging in place. (#2958)
+ global:
- Removes unused legacy cascade style sheets. (#2040)
+ indexer:
- The lower_index_term() now returns the term as a Unicode string
which can have an impact on custom tokenizers and regular
indexing.
+ installation:
- Adds missing access rights for database user accessing server from
localhost. (#3146)
+ records:
- Ports basic BibDocFile serving including access right checks.
(#3160)
+ unapi:
- Add `invenio.modules.unapi` to PACKAGES if you would like to keep
the `/unapi` url.
Installation
------------
$ pip install invenio
Upgrade
-------
$ bibsched stop
$ sudo systemctl stop apache2
$ pip install --upgrade invenio==2.1.0
$ inveniomanage upgrader check
$ inveniomanage upgrader run
$ sudo systemctl start apache2
$ bibsched start
Documentation
-------------
http://invenio.readthedocs.org/en/v2.1.0
Happy hacking and thanks for flying Invenio.
| Invenio Development Team
| Email: i...@invenio-software.org
| IRC: #invenio on irc.freenode.net
| Twitter: http://twitter.com/inveniosoftware
| GitHub: http://github.com/inveniosoftware
| URL: http://invenio-software.org
