This is an automated email from the ASF dual-hosted git repository.
brondsem pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/allura.git
The following commit(s) were added to refs/heads/master by this push:
new 3a72196e7 CHANGES updated for ASF release 1.17.0
3a72196e7 is described below
commit 3a72196e711051174bfad608e517e7161f496426
Author: Dave Brondsema <[email protected]>
AuthorDate: Wed Jun 5 17:25:57 2024 -0400
CHANGES updated for ASF release 1.17.0
---
CHANGES | 80 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 80 insertions(+)
diff --git a/CHANGES b/CHANGES
index 9aa253606..54a507069 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,83 @@
+Version 1.17.0 (June 2024)
+
+Upgrade Instructions
+
+ Run: `paster ensure_index development.ini` in Allura dir
+
+ To install updated dependencies, run:
+ pip install -r requirements.txt --no-deps --upgrade
--upgrade-strategy=only-if-needed
+
+ If using docker, rebuild the allura image and restart containers.
+
+ To enable OAuth 2 with an existing .ini file, add: auth.oauth2.enabled = true
+
+ To switch to the new session cookie handling:
+ - add `session.jwt_secret_keys` to your .ini file, with a value generated
by `python -c 'import secrets; print(secrets.token_hex());'`
+ - `session.type = cookie` is no longer used
+ - optionally `session.read_original_format = true` and rename
`session.validate_key` to `session.original_format_validate_key` for backwards
compatibility. Remove after a transition period
+ - optionally `session.write_original_format = true` if it takes a while to
deploy all your code to multiple hosts/procs. Then remove once all processes
have new code.
+
+Breaking Changes
+ * [#8556] deprecate has_access(..)() syntax. Custom extensions using this
syntax will need to remove the second ()
+
+Major Changes
+ * [#7272] Support for OAuth 2.0
+
+Security Improvements
+ * [#8526] improved session cookie handling security
+ * [#8536] improve |safe and Markup usage
+ * improve JS syntax and escaping
+ * [#8555] check blocked users better
+ * Python Package Upgrades
+
+SEO
+ * [#8527] discussion app display thread subject in header
+
+Code Repositories
+ * [#8529] support unicode in repo branch names
+
+Wiki
+ * [#8540] fix wiki page 'recent' sort
+
+Tickets
+ * [#8559] tickets API: better type handling
+ * fix username hover on ticket search results
+ * ticket's app titles should display current summary content
+
+General
+ * [#8533] switch python email 'policy' for better line length handling
+ * [#8537] a few JS performance improvements
+ * [#8558] user email changes not getting into solr
+ * keep flash messages more visible
+ * Hide activitystream entries whose corresponding object has been deleted
+ * fully delete history snapshots when deleting artifacts (incl remove from
solr)
+ * in password reset, also try lowercasing the email to see if that matches
+
+Admin
+ * support overlapping admin urls, if a tool is installed with "groups" mount
point
+ * make active notifications easier to see in the list
+
+Performance
+ * use $regex instead of re.compile in mongo queries, so it uses indexes
properly. Maybe fixed in current mongo versions
https://jira.mongodb.org/browse/SERVER-26991
+ * add user_id index to oauth collections
+
+For Developers
+ * [#8528] improve allura.command_init
+ * [#8532] [#8539] improve ruff checks
+ * [#8534] set up github codeql
+ * [#8538] Slight tweak to timeline helper methods
+ * code cleanup using autopep8
+ * Ignore .vscode settings folder
+ * make it easier to change order of sidebar items w/ the AdminExtension
+ * make ldap_conn() be a context manager, so unbind_s can be run automatically
+ * add conftest.py that mocks out tg context
+ * restore c.project.notifications_disabled after a task (can matter in tests)
+ * remove some old six.PY3 checks
+ * update RAT config to work with 0.16
+ * better --profile behavior for scripts, add option for outputfile
+ * remove i18n, only was used a tiny bit in templates
+
+
Version 1.16.0 (November 2023)
Upgrade Instructions
