Roundup Issue Tracker version 1.6.0 released

John P. Rouillard rouilj at
Fri Jul 13 07:45:22 EDT 2018

Hello all:

After two and half years of work by the Roundup Team, I'm proud to
release version 1.6.0 of Roundup which has been possible due to the
help of several contributors.  This release contains important
security enhancements, so make sure to read `docs/upgrading.txt
<>`_ to bring your
tracker up to date. Other changes, as usual, include some new features
and many bug fixes.

If you're upgrading from an older version of Roundup you *must* follow
the "Software Upgrade" guidelines given in the maintenance documentation.

Roundup requires python 2.7 or later (but not 3+) for correct operation.

To give Roundup a try, just download (see below), unpack and run:


Release info and download page:
Source and documentation is available at the website:
Mailing lists - the place to ask questions:

About Roundup

Roundup is a simple-to-use and -install issue-tracking system with
command-line, web and e-mail interfaces. It is based on the winning design
from Ka-Ping Yee in the Software Carpentry "Track" design competition.

Roundup manages a number of issues (with flexible properties such as
"description", "priority", and so on) and provides the ability to:

(a) submit new issues,
(b) find and edit existing issues, and
(c) discuss issues with other participants.

The system facilitates communication among the participants by managing
discussions and notifying interested parties when issues are edited. One of
the major design goals for Roundup that it be simple to get going. Roundup
is therefore usable "out of the box" with any python 2.7+ (but not 3+)
installation. It doesn't even need to be "installed" to be operational,
though an install script is provided.

It comes with five issue tracker templates

* a classic bug/feature tracker
* a minimal skeleton;
* a more extensive devel tracker for bug/features etc.
* a responsive version of the devel tracker
* a jinja2 based template based on devel

and four database back-ends (anydbm, sqlite, mysql and postgresql).

New Features in 1.6.0 (ordered by implementation date):

- issue2550894: migrate test suite and to py.test (John Kristensen)
- issue2550880: Ability to choose password store scheme and SSHA
  support. Discussion on devel list is tending in favor of this patch.
  Embedded test works, my manual test with a SSHA password
  assigned to a user allowed the user to log in.   Ran the test suite
  and the tests that were not skipped passed. (applied by John Rouillard)
- New Link/Multilink property attribute 'msg_header_property', can be
  used to configure additional headers in outgoing emails. See
  documentation in ``doc/customizing.txt``. (Ralf Schlatterbeck)
- Allow multiple file uploads: If the html template specifies
  multiple="multiple" for a file upload the user can attach multiple
  files and the form parser now handles this. (Ralf Schlatterbeck)
- issue2550886: Add support for an integer type to join the existing
  number type. This can be used for properties used for ordering,
  counts etc. where a decimal point isn't needed. Developed by
  Anthony (antmail). Doc updates written by John Rouillard. (applied
  by John Rouillard)
- Updated html/_generic.404.html to use the page template. So 404
  errors now include the left hand menu, a proper page title and
  body content. Note added to doc/upgrading.txt on how to add it to
  deployed trackers. (John Rouillard)
- issue2109308 - Allow subject of nosy messages be changed from reactor
  Adds a subject parameter to nosymessage function. Patch initally
  generated by Frank Niessink. Tests, adaptation by John Rouillard.
- issue2550683 Allow indexargs_form filter variable exclusion.
  Patch generated by Bruce Tulloch (bruce). Applied and docstring for
  indexargs_form updated by John Rouillard. Patch description is:
  This is required to allow indexargs_form to be used in conjunction with
  other form variables which *replace* some filterspec parameters.

  One must exclude all variables from the indexargs_form call which are to
  be replaced with values that are derived from other form input elements,
  otherwise they will clash with the "hidden" input elements generated by
  indexargs_form itself.

  For example::

    <tal:block replace="structure python:request.indexargs_form(
  where the variables type, status and assignedto are supplied via other
  form input elements. Without the new exclude argument to indexargs_form,
  all hidden input elements otherwise generated by this call would need to
  be manually added to the template code. Further, given that the template
  may not know what other variables may be defined, it may not even be
  possible to code this without some python helpers.
  [rouilj I think this is an example usecase. Possible assignedto
  users need to have a specific role. Create TAL that
  filters the users to the select few. Defines a select list for
  assignedto. Use exclude=['assignedto'] to prevent the
  indexargs_form from generating a confliciting assignedto field
  which lists all users regardless of the role.]
- allow user to recover account password using an entry in the
  Alternate E-mail addresses list. See::
  for description. Merge request at::
  Patch supplied by kinggreedy. Applied/tested by John Rouillard
- issue2550636, issue2550909: Added support for Whoosh indexer.
  Also adds new config.ini setting called indexer to select
  indexer. See ``doc/upgrading.txt`` for details. Initial patch
  done by David Wolever. Patch modified, docs added and committed
  by John Rouillard.
- issue2550803: Replying to NOSY mail goes to the tracker through
  reply-to, not original message author.
  Created new [tracker] replyto_address config.ini option to allow:
  1) setting reply-to header to the tracker
  2) setting reply-to header to the address of the author of the change
  3) setting it to a fixed address (like noreply at
  Done by John Rouillard from proposal by Peter Funk (pefu)
  in discussion with Tom Ekberg (tekberg). See doc/upgrading.txt.
- issue1714899: Feature Request: Optional Change Note. Added a new
  quiet=True/False option for all property types. When quiet=True
  changes to the property will not be displayed in the::

    * confirmation banner (shown in green) when a change is made
    * property change section of change note (nosy emails)
    * web history display for an item.

  Note that this may confuse users if used on a property that is
  meant to be changed by a user. It is most useful on administrative
  properties that are changed by an auditor as part of a user
  generated change. Original patch by Daniel Diniz (ajaksu2)
  discussed also at:

  Support for setting quiet when calling the class specifiers.
  E.G. prop=String(quiet=True) rather than::


  support for anydb backend, added tests, doc updates, support for
  ignoring quiet setting using showall=True in call to history()
  function in templates by (John Rouillard). (Note implementation
  changed while implementing fix for issue2550864. Filtering of
  quiet properties pushed down to the
  function. This fixes a small bug in the implementation that caused
  a limiting the templating history call to display fewer than
  the requested number of items if some were quiet.)
- issue2550767: Add detector to notify users of new
  items.  Added to detectors directory and a README.txt generated to
  describe the purpose of the directory. It also says the detectors
  are provided on an as-is basis and may not work. Detector by W.
  Trevor King (wking), rest by John Rouillard.
- issue934009: Have New Issues Submitted By Email *Not* Change Body!
  The mailgw config options: keep_quoted_text and leave_body_unchanged
  can now have a new values: new. If set to new, keep_quoted_text acts
  like yes if the message is starting a new issue. Otherise it strips
  quoted text. This allows somebody to start a new issue by forwarding
  a threaded email (with multiple quoted parts) into roundup and
  keeping all the quoted parts.  If leave_body_unchanged is set to
  new, even the signature on the email that starts a new issue will be
- New cgi action restore (RestoreAction) which reverses the effects of
  the retire action. Created while implementing fix for
  issue2550831. Requires restore permission in the schema. See
  upgrading.txt for migrating to 1.6.0 for details. (John Rouillard)
- issue2550751: Email Header Issue. Noel Garces requested the ability
  to suppress email headers like "x-roundup-issue-files". With Ralf's
  addition of the Link/Multilink property attribute
  'msg_header_property' we can do this easily. Setting the
  'msg_header_property' to the empty string '' (not to None) will
  suppress the header for that property. (John Rouillard)
- issue2550891: Allow subdir in template value. Anthony (antmail)
  requested the ability to put templates into subdirectories. So
  the issue class can accept @template=issues/item to get the
  html/issues/issue.item.html template. See ``doc/upgrading.txt``.
- issue1842687: Keywords: After creating, stay in "Create New" mode.
  Change to classic tracker template to provide a check box (checked
  by default) that keeps the user on the "Add new keyword" page after
  submitting a new keyword. Usually after submission, you will see the
  page for the new keyword to allow you to change the name of the
  keyword. (John Rouillard)
- issue2550757 - internal restructuring to allow to be tested
  more easily. W. Trevor King (wking)/ John Rouillard.
- When storing user-defined queries we now store the template with the
  query if the template name is different from 'index'. This allows
  stored queries for templates different from the default 'index'
  template. (Ralf Schlatterbeck)
- Number properties now have an optional attribute use_double to request
  double precision float as the storage type for this property. (Ralf
- issue2550796: Calendar and Classhelp selection tools don't cause
  onchange event to be triggered.
  Using the helper popups for modifying lists of users, lists of
  issues, dates etc.. now trigger the change event on the form's
  field. This allows onchange javascript to trigger to highlight
  changes, recalculate other form values etc.  See ``upgrading.txt``
  for details on applying these changes to your tracker. (John Rouillard)
- menu template function has a new parameter "showdef". When set to a
  string, the string is appended to the displayed option value. This
  allows the user to reset the value for the menu (select) to the
  original value. (John Rouillard)
- @template html url parameter can be set to "oktmpl|errortmpl". When
  a form is submitted, if the form passes validation the oktmpl is
  used for the resulting page. If the form fails submission the
  errortmpl page is used to display the form. The errortmpl will
  usually be the same template used to edit the form. See the section
  on "Implementing Modal Editing Using @template" in
  ``customizing.txt``. (John Rouillard)
- New form of check function is permitted in permission definitions.
  If the check function is defined as::

      check(db, userid, itemid, **ctx)

  the ctx variable will have::

     ctx['property'] the name of the property being checked or None
     ctx['classname'] the class that is being checked or None
     ctx['permission'] the name of the permission (e.g. View, Edit)

  At some future date the older 3 argument style check command will
  be deprecated. See ``upgrading.txt`` for details.
- New property for permissions added to simplify the model. See
  ``customizing.txt`` and search for props_only and
  set_props_only_default in the section 'Adding a new Permission'.
  (John Rouillard)
- issue2550690 - Inadequate CSRF protection. Improvements in
  Cross Site Request Forgery protection to check HTTP headers
  and nonces. If the header/nonce is present, they are
  validated. But if headers or nonces are missing access is
  granted. The enforcement policy can be set in config.ini.
  Requiring enforcement will need some changes to
  templates. Support for protecting xmlrpc endpoint not well
  tested.  See ``upgrading.txt``. (John Rouillard)
- Added support for using the SameSite cookie option on the
  session cookie. Default is lax, but there is a settable
  option in config.ini file to change to strict or
  suppress it entirely. See ``upgrading.txt``. (John Rouillard)
- Added a new roundup-admin command: updateconfig. Similar to
  genconfig but it uses values from an existing config.ini
  rather than default values. Use to update an existing
  config.ini with new options and help text. (John Rouillard)
- issue2550864: Potential information leakage via journal/history
  Hyperdb history function now only returns properties that the user
  can View or Edit and links to objects the user can see. Can be
  overridden by setting a parameter when calling the method.
  Also restructured code that implemented issue1714899 moving it
  from the templating class to the hyperdb. (John Rouillard)
- Improves diagnostics for mail processing: When using logging level = DEBUG,
  bounces and bounce problems are logged. (Bernhard Reiter)
- In roundup-server, pass X-Forwarded-For and X-Forwarded-Proto
  headers as the environment variables: HTTP_X-FORWARDED-FOR and
  HTTP_X_FORWARDED_PROTO. If the user is running roundup server behind
  a proxy, these headers allow the user to write extensions that can
  figure out the original client ip and protocol. None of the core
  roundup code uses these headers/env vars. These headers can be
  spoofed by bad proxies etc. so you have been warned.
- issue2550799: provide basic support for handling html only emails
  Emails missing text/plain parts but with text/html parts can be
  converted into text. If this is done the email will no longer be
  bounced back to the sender with an error. Enable by configuring the
  convert_htmltotext option in your upgraded config.ini. (Initial
  patch by Igor Ippolitov merged with changes by John Rouillard.)
- Add a 'retired' parameter to Class.filter to allow searching for
  retired, non-retired or all (retired and non-retired) items similar
  to the argument of the same name to Class.getnodeids. This is 'False'
  by default (finding only non-retired items for backwards
  compatibility) and can be set to None (for finding retired and
  non-retired items) or True (for finding only retired items).
- Requires Python 2.7 now, indicated in
  and doc/installation.txt. (Bernhard Reiter)
- New -L flag to roundup-server to send http/https request logs
  through the python logger module (using roundup.http). This allows
  automatic log rotation. Without it, log file rotation requires restarting
  the server. (John Rouillard)
- Part of issue2550960. Applied patch 0038 to upgrade documentation
  code examples to support both python 2 and 3. (Joseph Myers)

Bugs fixed in 1.6.0:

- issue1615201: Optionally restore the original (version 0.6) mailgw 
  behaviour of ignoring a Resent-From:-header and using the real 
  From-header instead: new configuration option EMAIL_KEEP_REAL_FROM 
  (Peter Funk aka Pefu).
- issue2550717: Changed a couple of residual email references into
  E-Mail in German translation (John Rouillard)
- issue2550669: Adding documentation for csv_field_size to the
  customizing tracker section of doc/customizing.txt (John Rouillard)
- issue2550601: gsoc-2009 "bug" class doesn't have "patches" property
  Added multilink to patches to the bug schema in the devel template.
  (applied by John Rouillard)
- issue2550748: Crash when creating new issues with non-existing
  multilink values (in classic template). Applied patch so it
  now errors the same way as an update does. (applied by John Rouillard)
- issue2550757: one bug raised by issue fixed. Patch created by
  W. Trevor King (wking) for documentation of mailgw applied by 
  John Rouillard.
- Fix processing of additional arguments to cgi method 'menu': This
  would not work if more than one additional argument is used.
  (Ralf Schlatterbeck)
- Update documentation of some existing property attributes (like
  'do_journal' for Link/Multilink properties), this also adds missing
  documentation for issue1444214. (Ralf Schlatterbeck)
- issue2550763 Strip whitespace from Multilink values after + or -.
  (W. Trevor King) Test heavily modified by John Rouillard. (applied
  by John Rouillard)
- issue2550907 Fix errors when creating documentation. Work done by
  Peter Funk (pefu). (Applied by John Rouillard with small change
  omitting obsolete security.txt.)
- issue2550826 Capture some exceptions from auditors/reactors and
  raise a DetectorError instead. This allows failures like IOErrors
  from the detectors (e.g. unable to access files) to be handled.
  Previously an IOError just resulted in no output (premature end of
  headers under apache). Problem diagnosed and initial patch created by
  Tom Ekberg (tekberg). Further testing and patch change done by
  John Rouillard.
- issue2550851 in installation doc removed directions for
  installing additional codecs for Asian languages. They
  they appear to be part of the standard python since at least 2.6.
  Also the quoted url is obsolete. See ticket if you think you need
  the codecs.
- issue2550823 improve mailgw logging for node creation errors.
  Patch by r.david.murray (applied by John Rouillard).
- issue2550549 Postgres error on message templating
  Exception gets thrown and not captured if nodeid is too large
  on postgres. Added a check in rdbms_common layer that max nodeid
  is < 2^31 -1. Large nodeid now return no such id error upstream.
  Patch idea from: martin.v.loewis. (John Rouillard)
- issue2550723 Fix propagation of @pagesize
  When @pagesize=0 is specified (indicating show all), the value of
  pagesize is not propigated to the prev link. This patch fixes that.
  Patch provided by John Kristensen. (Applied, light testing by John
- issue2550850 anypy/email\ uses BSPACE which is not defined in python 2.7
  Supplied a definition for BSPACE since it seems to not be defined
  anywhere. Reported by Dennis Boone. (John Rouillard)
- Validate properties specified for sorting and grouping in index
  views. Original patch from martin.v.loewis via:
  Applied by John Rouillard with some modification to properly
  identify if the bad property is a sort or grouping property. Tests
- Validate Integer and Numeric type filter parameters rather than
  passing output down to db level. Initial patch at: by
  Martin.V.Loewis. Numeric test patch applied, Integer code and tests
  developed by John Rouillard.
- issue1926124: fix crash in roundup_admin migrate option.
  Patch submitted by Henry (henryl), modified value to False
  since this produces the correct "No migration action required"
  output from the migrate command.
- issue2161722: oudated docs (sic)
  Fix old entry in FAQ, update roundup-server config docs and
  example file from current roundup-server output. Update
  some typos in .py files. John Rouillard.
- issue2550572: setting nosy=+foo on multiple issues gives them all
  the same exact nosy list. Fixed a missing reinitialization that has
  to occur every time though the loop in do_set. Manual tests work.
  (John Rouillard)
- issue2550653: xapian search, stemming is not working
  This is a partial fix for the issue. It does make stemming work
  (so searching for silent will also return docs with silently in
  them). However to do this we need to lowercase the text so the
  porter stemmer will work. This means capitalization is not
  preserved. Fix done by David Wolever (wolever). Committed and doc
  updates John Rouillard.
- issue2550855: "show unassigned" link shows all open issues if not
  logged in. This adds permission for the anonymous user to search
  the users class. Without this the unassigned search can't see if
  there is a user assigned to an issue, so it acts like all open
  issues. Patch supplied by Stuart McGraw (smcgraw). For caveats
  see ``upgrading.txt`` and the comments in the default templates.
  (Docs created and applcation by John Rouillard)
- issue2550854: including new field in All text* search.
  Fixed documentation in customizing.txt. The default for indexme on
  String fileds is 'no' not 'yes'. So to get a new string field into
  the full text/all text index you need to use String(indexme='yes').
  Reported by Michael Belleville. (John Rouillard)
- issue2550853 - better error handling and cleanup on some postgres
  tests by Stuart McGraw.
- issue2086536 - back_postgresql: fixing pg_command and prefering
  psycopg2. Patch done by Philipp Gortan (mephinet). His patch
  also improves handling of retryable errors. Applied and
  edited by John Rouillard. Edits included removing support for
  psycopg1. See:

  for rational for dropping it.
- issue2550831: Make the classic template query.edit page work.
  Many fixes and improvements. See ``upgrading.txt`` for details.
  Diagnosis and fix with patch by R David Murray. Support for
  restoring retired but active queries, html layout changes and doc
  by John Rouillard.
- issue2550785: Using login from search (or logout) fails.  When
  logging in from a search page or after a logout it fails with an
  error. These failures have been fixed. The fix also keeps the user
  on the same page they started from before the login. There are two
  parts to this: 1) changes to the templates to properly define the
  __came_from form element. See ``upgrading.txt``. 2) code changes
  to the LoginAction code in roundup/cgi/  (John Rouillard)
- issue2550648 - partial fix for problem in this issue. Ezio Melotti
  reported that the expression editor allowed the user to generate an
  expression using retired values. To align the expression editor with
  the simple dropdown search item, retired values are now removed from
  the expression editor. (We have an open question as to whether this
  is desirable.)
- issue2550743 - Reindex with MySQL Server failed. It looks like
  indexing large documents may require increasing mysql's
  max_allowed_packet setting. Documented the issue in doc/mysql.txt.
  Possible solutions include: increasing value of MySQL parameter,
  changing the full text search engine to whoosh or xapian. Problem
  report by telsch. Analysis/doc by John Rouillard.
- issue2550882. Reported by Karl-Philipp Richter. Fixed
  installation.txt documentation to include better directions on
  starting roundup-server on different ports/ip addresses. Also
  updated man page to include default use of localhost for -n and use
  of -n to bind to all addresses on the host. (John Rouillard)
- issue2550827, issue2550718. Doc additions so people know that a
  python 32 bit installation may be required for windows. Additional
  documentation on the requirement of pywin32 for running roundup as a
  windows service. Also the windows installer must be run as
  administrator and strong encouragement for installing the pytz
  module added to ``doc/installation.txt``.
- issue2550776: problem. Fixed a missing initialization of the
  logging level if no logging level option is supplied. (John Rouillard)
- issue2550839: Xapian, DatabaseLockError: Unable to get write lock on
  db/text-index: already locked. Put in a retry loop that will attempt
  to get the lock. Total delay approx 4.5 seconds. (John Rouillard)
- issue2550727: db.newid is broken with sqlite. Added proper transaction
  lock around the sql code to get a new id. The locking
  that pysqlite attempts had to be defeated because it is broken.
  Had to explicitly manage transactions with BEGIN IMMEDIATE and call
  sql_commit. Note that this reduces performance in return for accuracy.
  Problem reported by Matt Mackall (mpm) (John Rouillard).
- issue2550701: Path traversal from template names. This affects the
  tal based template engines (zopetal, chameleon). If a directory
  with a specific name is created in the html subdirectory, the
  template name in the url can be used to get access to files outside
  of the tracker html directory. This has been fixed by normalizing
  the path and comparing to the normalized path for the html
  directory. See ``doc/upgrading.txt``. (John Rouillard)
- Fix subject parsing in mail gateway. The previous parsing routine
  would not ensure that arguments are at the end of the subject and when
  subject_suffix_parsing was configured to be 'loose' it would truncate
  the subject when encountering a double prefix, e.g.
  Subject: [frobulated] [frobulatedagain] this part would be lost
  (Ralf Schlatterbeck)
- issue2550795: @dispname query args in page.html search links
  not valid html. Some queries with names that include spaces are not
  properly url encoded/quoted. I.E. a space should be replaced with
  %20. Fixes to allow a url_query method to be applied to
  HTMLStringProperty to properly quote string values passed as part of
  a url.
- issue2550755: exceptions.NotFound(msg) msg is not reported to user
  in cgi. When an invalid column is specified return error code 400
  rather than 404. Make error code 400 also return an error message to
  the user. Reported by: Bernhard Reiter, analysis, fix by John Rouillard.
- issue1408570: Finally fix that form values are lost on edit
  exceptions. This occured for example if editing an issue with the
  classic template and setting 'superseder' to a non-existing issue
  number. All changes to the form where the original field was non-empty
  were lost. (Ralf Schlatterbeck)
- Fix submit_once Javascript function: This needs to return a boolean
  value (not and integer like 0 or 1). And the work-around for an
  ancient version of Internet Explorer would make it break for a recent
  Firefox. The old version would show the popup but after clicking away
  the alert it would load the page. The new version (tested with
  Chromium and Firefox) doesn't load the page. (Ralf Schlatterbeck)
- Fix Traceback in backends/ on windows due to missing
  windll import, thanks to Heiko Stegmann for suggesting a first fix.
  (Ralf Schlatterbeck)
- issue2550933 - Fix Traceback in cgi/ when a string is
  passed to PasswordHTMLProperty::plain. (John Rouillard)
- issue2550934 - returns id's as
  space separated list not comma separated. This fixes the format of
  the id url parameter when generated by indexargs_form. (John
- issue2550932 - html_calendar produces templating errors for bad date
  strings. Fixed to ignore bad date and highlight todays date in the
  calendar popup.
- Query handling requires that query names for a user are unique.
  Different users are allowed to use the same query name. Under some
  circumstances a user could generate a second query with the same
  name. The SearchAction function has been corrected to report this
  error. Also the template in the classic tracker
  and corresponding templates in the other example trackers
  has been modified to include::

    <input type="hidden" name="@template" value="index|search"/>

  so an error from SearchAction will display an error message and keep
  the user on the search page so they can correct the error. See
  ``doc/upgrading.txt``. (John Rouillard)
- When a new named search is created, the index page that is displayed
  doesn't show the name. This has been fixed by setting the @dispname
  to the query's name. (John Rouillard)
- Passing args into indexargs_url(..,{'@queryname': request/dispname
  or None, 'Title': 'some' }) where the value of the arg is None
  will not add the arg to the url. In the example above @queryname
  will only be in the url if dispname is set in the request.
  (John Rouillard)
- The HTMLClass::properties() method produced a list of properties
  that the user could not search. As a result these properties can not
  be used for sorting or grouping index pages. This patch eliminates
  the confusion that results from this mismatch by verifying that all
  properties returned are searchable. (John Rouillard)
- Mutilinks can be displayed with their labelprop using the plain()
  method, but they can not be looped over using tal:repeat if the user
  doesn't have view access to the class the multilink represents. The
  permissions check was changed to require that the user have View
  access to the labelprop for the class rather than View access to the
  class. (John Rouillard)
- issue2550937: fix crash by verifying that sendto is not null before
  calling mailer.smtp_send. Discovered and patched by Trent Gamblin.
  Applied by John Rouillard.
- removed old code from roundup-admin that implemented the obsolete
  config (do_config) command. (John Rouillard)
- Modified configuration option static_files to be a space separated
  list of directories to search for static files in the web interface.
  If one of the elements is -, the search stops and the TEMPLATES
  directory is not searched. See:

  subject is "showing template sources to all".
- issue2550945: OpenPGP: Extends to encrypt if configured.
  (Bernhard Reiter)
- CSRF protection broke the retire function for query edit. Fix
  javascript and make sure csrf tokens are provided in the right
  places. (John Rouillard)
- query.item.html was missing checks to verify that a query should
  be visible to the user. This is fixed and users can only view
  queries that they own or that are not private. (John Rouillard)
- issue2550953: Patch: fix for context.is_view_ok check in jinja2 template
  Form controls are displayed when anonymous views indexes but is
  denied access. (patch by Anton Schur applied by John Rouillard)
- issue2550957: Duplicate emails (with patch).
  Bcc and cc users passed to nosymessage are not properly recorded.
  This results in duplicate emails. (patch by Trent Gamblin (trentgg)
  applied by John Rouillard).
- issue2550954: History display breaks on removed properties
  Now changes to removed properties, and link/unlink events from
  non-existing properties or classes no longer trigger a traceback.
  Concerning the visibility: We have a new config-item
  obsolete_history_roles in the main section that defines which roles
  may see removed properties. By default only role Admin is allowed to
  see these.
- Fix issue2550955: Roundup commits although a Reject exception is raised
  Fix the problem that changes are committed to the database (due to 
  commits to otk handling) even when a Reject exception occurs. The fix 
  implements separate database connections for otk/session handling and
  normal database operation.
- Allow empty content property for file and message via xmlrpc
  interface. This used to raise a traceback in the (sql) backend.
- Work around a limitation in python2.7 implementation of poplib (for
  the pop3 protocol for fetching emails): It seems poplib applies a
  line-length limit not just to the lines involving the pop3 protocol
  but to any email content, too. This sometimes leads to tracebacks
  whenever an email exceeding this limit is encountered. We "fix" this
  by monkey-patching poplib with a larger line-limit. Thanks to Heiko
  Stegmann for discovering this.

				-- rouilj
John Rouillard
My employers don't acknowledge my existence much less my opinions.

More information about the Python-announce-list mailing list