From 2da55baa5aeb1b0224530d24efe8fec979686c07 Mon Sep 17 00:00:00 2001 From: Unrud Date: Sun, 26 Apr 2020 16:33:01 +0200 Subject: [PATCH] Add changelog for next release --- NEWS.md | 76 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 76 insertions(+) diff --git a/NEWS.md b/NEWS.md index 027a055..3c78804 100644 --- a/NEWS.md +++ b/NEWS.md @@ -1,5 +1,81 @@ # News +## master + +This release is incompatible with previous releases. See the upgrade checklist below. + + * Common + * Parallel write requests + * Support PyPy + * Protect against XML denial-of-service attacks + * Check for duplicated UIDs in calendars/address books + * Only add missing UIDs for uploaded whole calendars/address books + * Switch from md5 to sha256 for UIDs and tokens + * Code cleanup: + * All plugin interfaces were simplified and are incompatible with old plugins + * Major refactor + * Never sanitize paths multiple times (check if they are sanitized) + * Config + * Multiple configuration files with the format /path/to/config1:/path/to/config2 + * Optional configuration files by prepending filepath with ``?` + * Check validity of every configuration file and command line arguments separately + * Report the source of invalid configuration parameters in error messages + * Code cleanup: + * Store configuration as parsed values + * Use Schema that describes configuration and allow plugins to apply their own schemas + * Mark internal settings with ``_` + * Internal server + * Bind to IPv4 and IPv6 address, when both are available for hostname + * Set default address to ``localhost:5232`` + * Remove settings for SSL ciphers and protocol versions (enforce safe defaults instead) + * Remove settings for file locking because they are of little use + * Remove daemonization (should be handled by service managers) + * Logging + * Replace complex Python logger configuration with simple logging.level setting + * Write PID and ``threadName`` instead of cryptic id's in log messages + * Use ``wsgi.errors`` for logging (as required by the WSGI spec) + * Code cleanup: + * Don't pass logger object around (use ``logging.getLogger()`` instead) + * Auth + * Use ``md5`` as default for ``htpasswd_encryption`` setting + * Move setting ``realm`` from section ``server`` to ``auth`` + * Rights + * Use permissions ``RW`` for non-leaf collections and ``rw`` for address books/calendars + * New permission ``i`` that only allows access with HTTP method GET + (CalDAV/CardDAV is susceptible to expensive search requests) + * Web + * Add upload dialog for calendars/address books from file + * Show startup loading message + * Show warning if JavaScript is disabled + * Pass HTML Validator + * Storage + * Check for missin UIDs in items + * Check for child collections in address books and calendars + * Code cleanup: + * Split BaseCollection in BaseStorage and BaseCollection + +## Upgrade checklist + + * Configuration + * Some settings were removed + * The default of ``auth.htpasswd_encryption`` changed to ``md5`` + * The settings ``server.realm`` moved to ``auth.realm`` + * The settings ``logging.debug`` was replaced by ``logging.level`` + * The format of the ``rights.file`` configuration file changed: + * Permission ``r` replaced by ``Rr`` + * Permission ``w` replaced by ``Ww`` + * New permission ``i` added as subset of ``r` + * Replaced variable ``%(login)s`` by ``{user}`` + * Removed variable ``%(path)s`` + * ``{` must be escaped as ``{{`` and ``}` as ``}}`` in regexes + * Filesystem storage + * The storage format is compatible with Radicale 2.x.x + * Run ``radiale --verify-storage`` to check for errors + * Custom plugins: + * ``auth`` and ``web`` plugins require minor adjustments + * ``rights`` plugins must be adapted to the new permission model + * ``storage`` plugins require major changes + ## 2.1.10 - Wild Radish This release is compatible with version 2.0.0.