diff --git a/NEWS.rst b/NEWS.rst index 703828a..29a2cda 100644 --- a/NEWS.rst +++ b/NEWS.rst @@ -3,8 +3,38 @@ ====== -1.0.1 -===== +1.1 - Law of Nature +=================== + +One feature in this release is **not backward compatible**: + +* Use the first matching section for rights (inspired from daald) + +Now, the first section matching the path and current user in your custom rights +file is used. In the previous versions, the most permissive rights of all the +matching sections were applied. This new behaviour gives a simple way to make +specific rules at the top of the file independant from the generic ones. + +Many **improvements in this release are related to security**, you should +upgrade Radicale as soon as possible: + +* Improve the regex used for well-known URIs (by Unrud) +* Prevent regex injection in rights management (by Unrud) +* Prevent crafted HTTP request from calling arbitrary functions (by Unrud) +* Improve URI sanitation and conversion to filesystem path (by Unrud) +* Decouple the daemon from its parent environment (by Unrud) + +Some bugs have been fixed and little enhancements have been added: + +* Assign new items to corret key (by Unrud) +* Avoid race condition in PID file creation (by Unrud) +* Improve the docker version (by cdpb) +* Encode message and commiter for git commits +* Test with Python 3.5 + + +1.0.1 - Sunflower Again +======================= * Update the version because of a **stupid** "feature"™ of PyPI @@ -15,8 +45,8 @@ * Enhanced performances (by Mathieu Dupuy) * Add MD5-APR1 and BCRYPT for htpasswd-based authentication (by Jan-Philip Gehrcke) * Use PAM service (by Stephen Paul Weber) -* Don't discard PROPPATCH on empty collections (Markus Unterwaditzer) -* Write the path of the collection in the git message (Matthew Monaco) +* Don't discard PROPPATCH on empty collections (by Markus Unterwaditzer) +* Write the path of the collection in the git message (by Matthew Monaco) * Tests launched on Travis diff --git a/radicale/__init__.py b/radicale/__init__.py index 8ded6d1..13cb713 100644 --- a/radicale/__init__.py +++ b/radicale/__init__.py @@ -50,7 +50,7 @@ except ImportError: from . import auth, config, ical, log, pathutils, rights, storage, xmlutils -VERSION = "1.0.1" +VERSION = "1.1" # Standard "not allowed" response that is returned when an authenticated user # tries to access information they don't have rights to diff --git a/setup.py b/setup.py index d1833f2..66e894e 100755 --- a/setup.py +++ b/setup.py @@ -71,8 +71,8 @@ setup( "Programming Language :: Python :: 2.6", "Programming Language :: Python :: 2.7", "Programming Language :: Python :: 3", - "Programming Language :: Python :: 3.1", "Programming Language :: Python :: 3.2", "Programming Language :: Python :: 3.3", "Programming Language :: Python :: 3.4", + "Programming Language :: Python :: 3.5", "Topic :: Office/Business :: Groupware"])