~loggerhead-team/loggerhead/trunk-rich

« back to all changes in this revision

Viewing changes to NEWS

Committer: William Grant
Date: 2011-03-24 03:38:27 UTC
mfrom: (422.4.1 1.18-bug-740142)
mto: (456.1.1 trunk)
mto: This revision was merged to the branch mainline in revision 457.
Revision ID: william.grant@canonical.com-20110324033827-ritg1b8t75tg7a10

https://launchpad.net/bugs/740142

Improve escaping of filenames in revision views. Fixes a couple of XSS holes.

files added:
docs/start-loggerhead.rst

docs/stop-loggerhead.rst

loggerhead.conf.example

loggerhead/apps/config.py

loggerhead/templates/browse.pt

loggerhead/trace.py

start-loggerhead

start-loggerhead.1

stop-loggerhead

stop-loggerhead.1

files removed:
HACKING

apache-loggerhead.conf

bazaar.conf

load_test_scripts

load_test_scripts/multiple_instances.script

load_test_scripts/simple.script

loggerhead.wsgi

loggerhead/apps/http_head.py

loggerhead/controllers/annotate_ui.py

loggerhead/exporter.py

loggerhead/load_test.py

loggerhead/static/downloads

loggerhead/static/images/favicon.png

loggerhead/static/images/notification-private.png

loggerhead/tests/fixtures.py

loggerhead/tests/test_history.py

loggerhead/tests/test_http_head.py

loggerhead/tests/test_load_test.py

loggerhead/tests/test_revision_ui.py

files renamed:
loggerhead/controllers/view_ui.py => loggerhead/controllers/annotate_ui.py

loggerhead/static/css/view.css => loggerhead/static/css/annotate.css

loggerhead/templates/view.pt => loggerhead/templates/annotate.pt

files modified:
.bzrignore

MANIFEST.in

Makefile

NEWS

__init__.py

docs/index.rst

info.py

loggerhead/__init__.py

loggerhead/apps/branch.py

loggerhead/apps/transport.py

loggerhead/changecache.py

loggerhead/config.py

loggerhead/controllers/__init__.py

loggerhead/controllers/changelog_ui.py

loggerhead/controllers/diff_ui.py

loggerhead/controllers/directory_ui.py

loggerhead/controllers/download_ui.py

loggerhead/controllers/filediff_ui.py

loggerhead/controllers/inventory_ui.py

loggerhead/controllers/revision_ui.py

loggerhead/controllers/revlog_ui.py

loggerhead/highlight.py

loggerhead/history.py

loggerhead/main.py

loggerhead/static/css/diff.css

loggerhead/static/css/files.css

loggerhead/static/css/global.css

loggerhead/static/images/bg_Tabs.gif

loggerhead/static/images/bg_menuTabs.gif

loggerhead/static/images/bg_submenuTabs.gif

loggerhead/static/javascript/custom.js

loggerhead/templatefunctions.py

loggerhead/templates/branchinfo.pt

loggerhead/templates/breadcrumbs.pt

loggerhead/templates/changelog.pt

loggerhead/templates/directory.pt

loggerhead/templates/inventory.pt

loggerhead/templates/macros.pt

loggerhead/templates/revision.pt

loggerhead/templates/revisionfilechanges.pt

loggerhead/templates/revisioninfo.pt

loggerhead/tests/__init__.py

loggerhead/tests/test_controllers.py

loggerhead/tests/test_simple.py

loggerhead/util.py

loggerhead/wholehistory.py

loggerhead/zptsupport.py

setup.py

Show diffs side-by-side

added added

removed removed

NEWS

What's changed in loggerhead?

=============================

----

- Add ``bzr load-test-loggerhead`` as a way to make sure loggerhead can

handle concurrent requests, etc. Scripts can be written that spawn

multiple threads, and issue concurrent requests.

(John Arbash Meinel)

- HEAD requests should not return body content. This is done by adding

another wsgi middleware that strips the body when the REQUEST_METHOD is

HEAD. Note that you have to add the middleware into your pipeline, and

it does not decrease the actual work done.

(John Arbash Meinel, #716201)

- If we get a HEAD request, there is no reason to expand the template, we

shouldn't be returning body content anyway.

(John Arbash Meinel, #716201, #716217)

- Merge the pqm changes back into trunk, after trunk was reverted to an old

revision. (John Arbash Meinel, #716152)

- Redirect ``/files/file.txt`` to ``/view/file.txt`` and ``/view/dir`` to

``/files/dir``. (Jasper St. Pierre, #569358)

- Remove ``start-loggerhead`` and ``stop-loggerhead`` which were already

deprecated. (John Arbash Meinel)

- Show "Author(s)" as separate from "Committer". And label them

correctly. (John Arbash Meinel, #733015)

- The json module is no longer claimed to be supported as alternative for

simplejson. (Jelmer Vernooij, #586611)

- Viewing the ``/changes`` page only iterates enough of the history to show

the actual revisions displayed, rather than walking the whole mainline.

Improves performance on projects with long histories like emacs.

(John Arbash Meinel)

- Fix support for displaying foreign revision ids.

(Jelmer Vernooij, #736026)

- Add hook 'controller' to BranchWSGIApp, allowing other bzr plugins

to provide custom branch-specific controllers. (Jelmer Vernooij, #585822)

- Add privacy notification code to loggerhead, allowing branches to be

marked as private and a notification ribbon to be displayed via

javascript on the view pages. (JC Sackett, #823471)

- Add a script and documentation for running under mod_wsgi.

(Stuart Colville, Toshio Kuratomi)

- Make tz calculations consistent and use UTC in the UI everywhere we show

a precise timestamp. (Robert Collins, #594591)

- Avoid crashing when viewing or annotating a non-existent file.

(William Grant, #728209)

1.18.1 [24Mar2011]

------------------

- Fix escaping of filenames in revision views.

(William Grant, #740142)

- Add missing import to loggerhead.trace, allowing start-loggerhead

to run when a log.roll config option is set.

(Max Kanat-Alexander, #673999)

1.18 [10Nov2010]

----------------

103

- Fix bad redirect when visiting "/download" or "/download/".

104

(Matt Nordhoff, #247992)

105

106

1.17 [20Aug2009]

107

----------------

108

Older »