Recent Releases
2.4.013 Jul 2024 13:13
minor bugfix:
This release is a bugfix and feature release, so make sure to read https://www.roundup-tracker.org/docs/upgrading.html to bring your tracker up to date.
The 79 changes, as usual, include some new features and many
bug fixes.
Version 2.4.0 is the last release to support Python 2.
Among the notable improvements in 2.4.0 from the 2.3.0
release are:
* three CVE's have been fixed. One requires changes to your
tracker's home directory. The other two are fixed by
installing 2.4.0. See
https://www.roundup-tracker.org/docs/security.html for
details and instructions on how to fix these in 2.4.0 and
earlier releases.
* new classhelper component thanks to a team of students
from CS682 at U-Mass Boston. This fixes many issues with
the old classhelper. It is implemented as a web-component
and needs REST interface access. It will fall back to the
classic classhelper if REST is not available or if the
browser does not support web-components.
* fix Windows Python installation using pip. It used to go
into an infinite loop during install or download. Also fix
installation of shared files (templates) so roundup-admin
can find them.
* using ``@current_user`` as a value in a search URL for a
user property will use the current logged in user. Now you
can share searches like: "My issues" as "my" will become
the current logged in user.
* login failures to the REST/XML-RPC interfaces are now rate
limited to limit password guessing attacks.
* utf8mb4 is the default charset for MySQL. This requires
migrating your database using the mysql client. You can
choose to keep the older character set in config.ini.
The file CHANGES.txt
(https://sourceforge.net/p/roundup/code/ci/tip/tree/CHANGES.txt) has a
detailed list of feature additions and bug fixes for each
release. Also see the information in doc/upgrading.txt.
2.3.013 Jul 2023 04:24
minor bugfix:
This release is a bugfix and minor feature
release. The changes, as usual, include some new features and many bug fixes.
You can download it with:
pip download roundup
then unpack and test/install the tarball. Also::
pip install roundup
(preferably in a virtual environment) can be used.
Among the notable improvements from the 2.2.0 release are:
* Dockerfile demo mode implemented. This allows quick evaluation as
well as the ability to spin up a configured tracker to customise.
* SQLite backends can use WAL mode to reduce blocking between readers
and writers improving concurrent use.
* Redis can be used for session database with SQLite and dbm
backends. Provides a major performance improvement.
* roundup-mailgw can use OAUTH authentication to SMTP
server. (roundup-mailgw command line options changed as a result.)
* Postgres full text index can now be enabled.
* Modifications to in-reply-to threading when there are multiple
matches resulting in more predictable handling of messages.
* Many updates to documentation to make it scannable, useful and
work on mobile.
* Admin documentation includes a section on setting up Content
Security Policy (CSP) to better secure your Roundup trackers.
* REST now allows rate limiting headers to be accessed by client
JavaScript.
* Default number of rounds for PBKDF2 updated to 2M to account for
improvements in password crackers and CPU power.
* Support PBKDF2 with SHA512 for password storage to improve
resistance to password crackers.
* Deprecate SSHA password hash function.
* roundup-admin reindex can be done in batches to manage load
incurred by reindexing.
* roundup-admin can list available templates and their installed
locations. This is useful when installing via pip or in a docker
container as supporting files are not stored in
The file CHANGES.txt has a detailed list of feature additions and bug fixes (53) for each release.
2.2.013 Jul 2022 06:07
minor bugfix:
This release is a bugfix and minor feature
release. The changes, as usual, include some new features and many
bug fixes.
You can download it with:
pip download roundup
then unpack and test/install the tarball. Also::
pip install roundup
(preferably in a virtual environment) can be used.
Among the notable improvements from the 2.1.0 release are:
- Dynamic and static compression of http responses. This
improves performance when a front end web server isn't
serving compressed assets.
- REST interface supports CORS allowing Roundup to be used
by third party web sites. Can specify origins allowed to
use the REST interface. OpenAPI (SWagger) docs can be
added. Error handling/reporting improved.
- Dockerfile to build a containerized Roundup instance. A
docker-compose configuration to deploy a a mysql based
tracker is also supplied.
- New full text search methods. SQLite FTS and PostgreSQL
full text search are supported. These allow search
expressions in addition to simple word based searches.
- Secret values in config.ini can be stored in external
files. This allows config.ini to be stored in a VCS
without exposing secrets.
- Translation object added to internal database handle. This
allows auditors and extensions to provide efficient
translations.
- MySQL database creation uses COLLATE utf8_general_ci
- Wsgi startup improvements (must be enabled by setting
feature flag).
- Fix crash when importing legacy Roundup tracker with long
integers.
- Fix issues with Roundup unable to find supporting files
when installed via pip.
The file CHANGES.txt has a detailed list of feature additions and bug fixes (57) for each release.
2.1.013 Jul 2021 05:20
minor bugfix:
This 20th anniversary edition has been possible due to the help of
several contributors. This release is a bugfix and minor feature
release, so make sure to read https://www.roundup-tracker.org/docs/upgrading.html
to bring your tracker up to date.
2.1.0 builds on the 2.0.0 major release that introduced:
* Python 2 and Python 3 support
* a new REST interface
* updates to jinja2 templates including security improvements
The changes, as usual, include some new features and many bug fixes.
Note that you should run ``roundup-admin ... migrate`` to update the
database schema version. Do this before you use the web, command-line
or mail interface and before any users access the tracker.
You can download it with:
pip download roundup
then unpack and test/install the tarball.
Among the notable improvements from the 2.0.0 release are:
Mysql backend now uses an index to make sure that key values are not
duplicated when two roundup processes run in parallel. (Hence the
need for ``roundup-admin ... migrate``.)
Postgres back end uses a server side cursor. This reduces the memory
use of the roundup process on large queries.
Fix sorting of multilinks in templating code. Sorting by a link
without a value no longer generates a traceback. Sorting now works
as documented by the spec.
If ``roundup-admin security`` finds an invalid property, it exits
with a non-zero status. It can be used as part of a CI/CD pipeline
to validate schema security.
Security fixes for jQuery, markdown handling.
Fixes to markdown handling if using the jinja2 template.
Keyword editing in jinja2 template improved.
Fix a number of tracebacks.
Installation uses setuptools not distutils.
Valid class names are documented and enforced. All class names now
match `` A-z A-z0-9_ + A-z_ ``.
Replace a number of deprecated/missing functions in newer pythons.
...
2.0.013 Jul 2020 13:26
major feature:
This
release contains some major changes, so make sure to read
to bring your tracker up to date.
There are special directions for those using the mysql backend.
You can download it with:
pip download roundup
then unpack and test/install the tarball.
Among the notable improvements from the 1.6.1 release are:
Roundup is multilingual and will run under either Python 3 or
Python 2. If you want to use Python 3, you *must read* the Python 3
Support section in the upgrading doc. Depending on the database
backend you may have to export/import the tracker. Also you will
need to make sure your tracker's Python code is Python 3
compliant. Thanks to Joseph Myers with help from Christof Meerwald.
Roundup has a rest API to go along with the existing xmlrpc
API. See doc/rest.txt for details on configuring, authorizing
access (per role) and making a request. Thanks to Ralf
Schlatterbeck who integrated and updated Chau Nguyen's GSOC code.
PGP encryption is now done using the gpg module and not the
obsolete pyme library. Thanks to Christof Meerwald.
Use of mod_python is deprecated. Apache mod_wsgi documentation
has been updated along with gunicorn and uwsgi and is the
preferred mechanism.
jinja templates updated to bootstrap 4.4.1. Templates use
autoescape and translation library. Support for messages
written in markdown added. SimpleMDE used as markdown editor to
provide preview features. Thanks to Christof Meerwald.
Fixes to mysql indexing may require a database dump/restore.
The file CHANGES.txt has a detailed list of feature additions and bug
fixes for each release. Also see the information in
doc/upgrading.txt.
2.0.0beta006 Apr 2020 13:22
major feature:
This release contains some major changes, so make sure to read
`docs/upgrading.txt
`_ to bring
your tracker up to date. The changes, as usual, include some new
features and many bug fixes.
You can download it with:
pip download roundup==2.0.0beta0
then unpack and test/install the tarball.
Among the notable improvements from the 1.6.1 release are:
Roundup is multilingual and will run under either Python 3 or
Python 2. If you want to use Python 3, you *must read* the Python 3
Support section in the upgrading doc. Depending on the database
backend you may have to export/import the tracker. Also you will
need to make sure your tracker's Python code is Python 3
compliant. Thanks to Joseph Myers with help from Christof Meerwald.
Roundup has a rest API to go along with the existing xmlrpc
API. See doc/rest.txt for details on configuring, authorizing
access (per role) and making a request. Thanks to Ralf
Schlatterbeck who integrated and updated Chau Nguyen's GSOC code.
PGP encryption is now done using the gpg module and not the
obsolete pyme library. Thanks to Christof Meerwald.
Use of mod_python is deprecated. Apache mod_wsgi documentation
has been updated along with gunicorn and uwsgi and is the
preferred mechanism.
jinja templates updated to bootstrap 4.4.1. Templates use
autoescape and translation library. Support for messages
written in markdown added. SimpleMDE used as markdown editor to
provide preview features. Thanks to Christof Meerwald.
The file CHANGES.txt has a detailed list of feature additions and bug fixes for each release. Also see the information in doc/upgrading.txt.
2.0.0alpha023 Oct 2019 18:50
major feature:
This release contains some major changes, so make sure to read
`docs/upgrading.txt
`_ to bring
your tracker up to date. The changes, as usual, include some new
features and many bug fixes.
You can download it with:
pip download roundup==2.0.0beta0
then unpack and test/install the tarball.
Among the notable improvements from the 1.6.1 release are:
Roundup is multilingual and will run under either Python 3 or
Python 2. If you want to use Python 3, you *must read* the Python 3
Support section in the upgrading doc. Depending on the database
backend you may have to export/import the tracker. Also you will
need to make sure your tracker's Python code is Python 3
compliant. Thanks to Joseph Myers with help from Christof Meerwald.
Roundup has a rest API to go along with the existing xmlrpc
API. See doc/rest.txt for details on configuring, authorizing
access (per role) and making a request. Thanks to Ralf
Schlatterbeck who integrated and updated Chau Nguyen's GSOC code.
PGP encryption is now done using the gpg module and not the
obsolete pyme library. Thanks to Christof Meerwald.
Use of mod_python is deprecated. Apache mod_wsgi documentation
has been updated along with gunicorn and uwsgi and is the
preferred mechanism.
The file CHANGES.txt has a detailed list of feature additions and bug fixes for each release. Also see the information in doc/upgrading.txt.
1.6.113 Jul 2019 13:27
minor bugfix:
Features:
- doc updates. Link rot fixed and some grammar changes.
'Provisional User' config example fixed. Issue tracker is
now https. (John Rouillard)
Fixed:
- issue2550994: avoid breakage caused by use of backports of Python 3
configparser module to Python 2. (Joseph Myers)
- issue2551023: Fix CSRF headers for use with wsgi and cgi. The
env variable array used - separators rather than _. Compare:
HTTP_X-REQUESTED-WITH to HTTP_X_REQUESTED_WITH. The last is
correct. Also fix roundup-server to produce the latter form. (Patch
by Cedric Krier, reviewed/applied John Rouillard.)
- issue2551035 - fix XSS issue in wsgi and cgi when handing url not
found/404. Reported by hannob at
https://github.com/python/bugs.python.org/issues/34, issue opened by
JulienPalard.
- issue2551029: Jinja2 template install error. Remove config.ini
from templates to make sure that roundup-admin install writes a new
default config.ini based on configuration.py.
- issue2551029: Jinja2 template install error. Handle issue with
template's config.ini not getting updated. Provide an alternate
file: config_ini.ini for required config settings that are merged
into the default values producing an up to date config.ini on
install.
1.6.009 Jun 2019 23:39
major feature:
Requires Python 2.7 now
issue2550690 - CSRF protection improved
issue2550799: provide basic support for handling html only emails
issue2550880: Ability to choose password store scheme and SSHA support.
Allow multiple file uploads: If the html template specifies
multiple="multiple" for a file upload the user can attach multiple files
issue2550886: Add support for an integer type to join the existing number type.
issue2550636, issue2550909: Added support for Whoosh fill text indexer.
issue2550767: Add newitemcopy.py detector to notify users of new items.
Many more feature and bug fixes.
Homepage
Download
John Rouillard