summaryrefslogtreecommitdiffstats
path: root/CHANGES.txt
blob: 44baff580ff2f024ce428957c44f9578678f595e (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
Changelog for the JTracker product
==================================

1.17 (unreleased)
-----------------


1.16 (2008-10-07)
-----------------

- added an external method to go through and convert all those
  test files in issues and replies to UTF-8 which may be Latin-1

- updated and fixed the BTree converter script

- updated the documentation files


1.15 (2008-01-10)
-----------------

- Continuing the work on spam prevention, three new properties have 
  been added so the admin can specify lists of words to look for in
  the subject, email and description of an incoming issue or issue
  reply. If one of the specified terms is found, Unauthorized is 
  raised and all further processing is stopped.


1.14 (2006-07-31)
-----------------

- The Spam prevention was improved to ensure replies to existing
  issues will never cause spam to be sent to existing subscribers 
  and the spammer address will not be added to the subscriber list
  until explicitly unrestricted.

- Admin users are now able to circumvent Spam protection.


1.13 (2006-06-22)
-----------------

- The introduction of the email module in version 1.12 caused 
  backwards incompatibilities with Python 2.1 - Python 2.2 or 
  higher is required now. This is now mentioned in the INSTALL
  and README files. (http://www.dataflake.org/tracker/issue_00458
  by Deb Lewis)

- The website spam prevention has been tightened down a lot. If you
  select the "review_issues" property on the JTracker property
  view, the following will happen:

  New issues will receive restricted permissions so that trying
  to view them as Anonymous will raise Unauthorized. Issues in the
  Private state will not be cataloged at all, so they cannot be
  found using searches, either.

  The tracker administrator will have two links at the bottom of
  new issue notification emails to quickly and easily delete or
  unrestrict a new issue with a single click. Unrestricting an
  issue will fix the permissions to inherit the defaults from the
  JTracker and also reindex it.

  New replies will be invisible for anonymous visitors. They are
  not indexed so their text cannot be found using searches.

  The tracker administrator will have two links at the bottom of
  new reply notification messages to either delete or make a reply
  visible in one single click, which will also trigger a reindex.


1.12 (2005-05-05)
-----------------

- To prevent website spam by anonymous posters a very simplistic
  mechanism will prevent newly posted issues from being visible, 
  if the admin enables the "review_issues" property on the 
  JTracker object. If "review_issues" is active, new issues will
  not go into "Pending" but into "Private" stage. The web forms
  then ensure that only tracker supporters can search for items
  in "Private" stage. This is not some super-secure solution, but
  it puts the bar higher and, even more important, Google and 
  other crawlers will not find the spam by themselves.
  (http://www.dataflake.org/tracker/issue_00440)

  If you have modified the forms please review the default search
  form and the default JTracker main view to see the change and
  apply it to your setup.

  **IMPORTANT**: Since this change included adding another 
  property to the JTracker class you must run the updater. See 
  the section "Updating existing JTrackers" in the README.

- The Python email module is now used to handle incoming 
  email interaction. This complicates the code but it also 
  reduces the garbage showing when people send
  HTML-formatted email from Microsofts's junk email clients.
  (http://www.dataflake.org/tracker/issue_00397/)

- To ease deployment of JTracker in non-English environments
  a simple way to translate English phrases sent by the 
  JTracker has been added. A new "translate" method can be
  used to pull the translated value into your view templates.

- Along with the internal phrases the templates used to generate
  email notices are fully customizable, too.

- Worked around a bug in Zope 2.7.1 and up by removing the
  ability to select a MaildropHost or MailHost object from the
  "Add"-form. The call to superValues on the dispatcher is
  now disallowed due to the security changes in Zope.
  (http://www.dataflake.org/tracker/issue_00412 by Olavo Santos)

1.11 (2004-05-16)
-----------------

- Changed the license used for this product to the new 
  ZPL 2.1 which is also used for all future Zope releases.

- Adapt to the fact that PropertyManagers store sequences
  as tuples and not lists anymore (JTracker issue 377 by
  Ulrich Goertz).


1.10 (2004-04-15)
-----------------

- New issues only triggered email notifications to the 
  JTracker admin, but not to those accounts defined as 
  supporters on the "Advanced" tab. Thanks go to Phil
  Schumm for pointing out this (mis)behavior.

- Added Zope 2.7.x as "tested platform" in the README.

- Noted potential pitfalls with the "mailhost" path in the
  JTracker in the face of virtual hosting in the README.


1.9 (2003-09-28)
----------------

- Show a little more information on the reply form.

- Zope 2.7 does not like tal:content on singleton tags, so
  the reply form blew up (pointed out by Eugene Morozov in
  issue 321).


1.8 (2003-02-23)
----------------

- The list of items that can be added to a JTracker from the
  ZMI is now mor intelligent. It will allow adding a ZCatalog
  if there is no object named 'catalog' contained in it and
  it will allow adding a Mail Host (and Maildrop Host if the
  product is installed) if no object named 'MailHost' is
  in the JTracker (Tracker issue 243).

- Eliminated all cases where a mutable type was used as the
  default value in a function's argument list. This should
  fix the mysterious subscriber multiplication (Tracker issue
  241)

- Worked around a IE/Windoze dumbness where file uploads 
  would end up with a file name equal to the full path of the
  uploaded file on the uploader's system. Normal browsers 
  provide a correct file name. (Tracker issue 238 posted by
  Jim Harrison)


1.7 (2003-02-02)
----------------

- Searches can be re-executed from an issue view page. Once
  a custom search has been run the search terms are saved 
  using the built-in sessioning in Zope and can be re-called
  from an issue view. This follows the typical use case of
  going through several issues that were found via a search.
  (Tracker issue 223 by myself)

- Added id attributes to several places like tracker title 
  and issue title displays to enable some style customizations
  (tracker issue 217 by Dave Lehman).

- The JTracker administrator's full name is now editable. This
  change requires that the updater script be run before or after
  applying the new software. (Tracker issue 218 by Dave Lehman)

- Worked over the way subscriber addresses are handled to try
  and pin down the mysterious addition of subscribers (Tracker
  issue 230, added by myself).


1.6 (2002-12-20)
----------------

- A missed wrong indentation in the email processing code
  led to replies to issues that would also create brand new
  issues at the same time.

- A missing import would prevent an error message to be sent
  to the JTracker administrator if there was an error 
  sending email during normal operation of the JTracker.
  (Tracker issue 213, thanks go to Eugene Morozow)

- Completed the "hookup" of account settings to all those
  forms where names or emails are needed. If the currently
  logged-in user has an account (see "Advanced" tab in the
  ZMI) then these values will be pre-filled with the correct
  email address and full name. (Tracker issue 212, thanks to
  Alan Milligan for reminding me that this piece was not filled
  in completely)

- The addIssue method can now be scripted better because 
  it does not require REQUEST to be passed in anymore 
  (Tracker issue 211 by Alan Milligan).


1.5 (2002-12-13)
----------------

- Better error handling for the mail handler: If something
  goes awry during message reception a error report is sent 
  to the email address set as the admin email. Furthermore,
  there is now some tests to see if an incoming message is
  just a bounce message so that infinite mail loops are 
  avoided. Removed all such tests from the email accepter
  standalone script to simplify it.

- An incoming message subject line is now always mime-decoded
  so that it does not show up with garbage mime code. (Tracker
  issue 205, thanks go to Alan Milligan)


1.4 (2002-12-09)
----------------

- A property on the Properties tab (accept_email) lets the 
  administrator turn the email processing for emails put into
  the JTracker viw the receiveEmail method on or off.

- A permissions problem crept into version 1.3 that had to do
  with the (very unintuitive) way permissions are initialized
  on base classes. The problem would have the "Support 
  JTracker Issues" permission disappear and only allow true
  Manager users do issue support work.

- Added a (really lame) attempt to detect if an incoming email
  message is actually a bounce from dumb mail servers that do
  not complain about non-existing recipients but accept mail
  like everything is alright and then send a separate bounce
  message (to the JTracker address) later. As to be expected, 
  this weird and unintuitive behavior only shows up on Micro$haft
  wannabe-email servers so far ("Exchange").


1.3 (2002-12-07)
----------------

- Email subscriber handling has been simplified. Now the 
  JTracker admin and the issue poster are just entries in the 
  issue subscriber list, which also means they can be
  removed from it if so desired.

- The issue numbering scheme has been changed to pad the issue
  number with zeros. This scheme allows getting rid of the
  issue_number method/index kludge that was put in to allow 
  correct sorting in the views.

- If the BTreeFolder2 package is installed it will be used
  for all newly instantiated JTrackers. A script is provided
  that allows upgrading existing JTracker instances to use
  the BTreeFolder2-based version. See README.txt for details
  on how to upgrade. Installing the BTreeFolder2 product
  and upgrading your JTracker to use it is the recommended
  configuration.

- An updater script is included that allows reasonably safe
  updates in place so that the user can install the latest
  software release, run the updater and the existing JTracker
  instances will be updated to work with the new code if they
  need updating. See README.txt for how to use the updater 
  script.

- Add support for uploading files. The upload capability
  can be switched on and off by the administrator and a 
  specific kilobyte limit for allowable file sizes can be
  set. A single file can be uploaded per issue entry. The
  administrator user can add or delete these files from the
  Zope Management Interface, regardless of filesize limit
  settings on the JTracker. This feature introduced in response 
  to Tracker issue 196 by Jim Harrison.

- Issue descriptions and issue reply bodies were not HTML-encoded
  in the JTracker Issue view. This is a security risk that can
  allow someone to insert malicious HTML or client-side scripting
  into an issue or a followup. All these text fields are quoted
  now. Thanks to Artur Zaprzala for the heads-up on this.


1.2 (2002-12-03)
----------------

- The Mail Host to be used for mail handling can now be
  selected upon instantiation and changed in the JTracker
  properties view.

- You can now talk to the JTracker using email. How to set
  it up and what it is that you can do via email is explained
  in the README.


1.1 (2002-11-30)
----------------

- Replies could get a wrong date attached to them because
  of the way default arguments were handled

- Overriding manage_editProperties so that editing an issue 
  on its Property tab will now recatalog as well. This 
  allowed me to remove the "Advanced" tab in the ZMI.

- Replies can now be deleted or their text body edited via
  the ZMI.

- the view form for issues had a couple convenience links 
  added, one of them to the issue itself and another one,
  if the current user has the permission to manage this 
  JTracker, that links directly to the ZMI.


1.0 (2002-11-27)
----------------

- Text searches now find text in replies as well, whereas it used
  to be limited for the issue title and description before.

- Better issue sorting in search results views with the help of 
  another catalog index and a helper variable.

- JTracker issue searches can now be bookmarked because it will
  show the full search criteria in the URL query string.


0.9 (2002-11-20)
----------------

First official release


0.5 (2002-10-15)
----------------

First version