From 5a19cb2588d1cdf5a32d6b38d2dee3a42fefbcd1 Mon Sep 17 00:00:00 2001 From: Tibor Simko Date: Fri, 17 Apr 2015 15:25:27 +0200 Subject: [PATCH] Invenio v2.0.2 Signed-off-by: Tibor Simko --- AUTHORS | 4 + NEWS | 191 +++++++++++++++++++++++++++++++++++++++++++++ RELEASE-NOTES | 185 +++++++++++++++++++++++++++++++++++++------ RELEASE-NOTES.rst | 185 +++++++++++++++++++++++++++++++++++++------ invenio/version.py | 2 +- 5 files changed, 522 insertions(+), 45 deletions(-) diff --git a/AUTHORS b/AUTHORS index aa8c3d9699..dcf34790f1 100644 --- a/AUTHORS +++ b/AUTHORS @@ -22,7 +22,9 @@ Active contributors: * Guillaume Lastecoueres * Harris Tzovanakis * Ivan Masár +* Jacopo Notarstefano * Jan Aage Lavik +* Jan Stypka * Javier Martin * Jiri Kuncar * Jocelyne Jerdelet @@ -34,6 +36,8 @@ Active contributors: * Laura Rueda * Leonardo Rossi * Ludmila Marian +* Marco Neumann +* Marios Kogias * Mateusz Susik * Miguel Martín * Mike Sullivan diff --git a/NEWS b/NEWS index d82df02f59..08cef5be08 100644 --- a/NEWS +++ b/NEWS @@ -6,6 +6,197 @@ releases. For more information about the current release, please consult RELEASE-NOTES. For more information about changes, please consult ChangeLog. +Invenio v2.0.2 -- released 2015-04-17 +------------------------------------- + +Security fixes +~~~~~~~~~~~~~~ + ++ celery: + + - Forces Celery to only accept msgpack content when using standard + configuration. This disallows pickle messages which can be used + for remote code execution. (#3003) + ++ global: + + - Disables all attempts to serve directory listings for directories + found under static root. + +Incompatible changes +~~~~~~~~~~~~~~~~~~~~ + ++ celery: + + - If you use any Celery serializer other than msgpack, you must + update configuration variable CELERY_ACCEPT_CONTENT to include + that serializer. + ++ pidstore: + + - Refactors DataCite provider to use the new external DataCite API + client. + + - Removes DataCite API client from Invenio. + +New features +~~~~~~~~~~~~ + ++ docs: + + - Adds "Code of Conduct" to the "Community" documentation. + + - Adds new fast track deprecation policy. + + - Documents commit message labels used by developers (such as NEW, + SECURITY, FIX, etc.) used in automatic generation of structured + release notes. (#2856) + ++ global: + + - Adds a `inveniomanage config locate` command to request the + location of the instance config file. + + - Adds new configurable variable `INVENIO_APP_CONFIG_ENVS` that can + be set both from `invenio.cfg` and OS environment. Application + factory iterates over comma separated list of configuration + variable names and updates application config with equivalent OS + environment value. (#2858) + ++ template: + + - Adds 'u' filter that converts str to unicode in Jinja2 templates + since support for str has been deprecated. Example: `{{ mystr|u + }}`. (#2862) + +Improved features +~~~~~~~~~~~~~~~~~ + ++ docs: + + - Adds example of how to deprecate a feature and includes + deprecation policy in documentation. + ++ global: + + - Moves datacite API wrapper to external package. + + - Escapes all unicode characters in Jinja2 templates. + ++ installation: + + - Apache virtual environments are now created with appropriate + `WSGIDaemonProcess` user value, taken from the configuration + variable `CFG_BIBSCHED_PROCESS_USER`, provided it is set. This + change makes it easier to run Invenio under non-Apache user + identity. + + - Apache virtual environments are now created with appropriate + `WSGIPythonHome` directive so that it would be easier to run + Invenio from within Python virtual environments. + ++ jsonalchemy: + + - Introduces support for accepting MARC fields having any + indicator. (#1722 #2075) + +Bug fixes +~~~~~~~~~ + ++ admin: + + - Adds `admin.js` bundle that loads `select2.js` library on `/admin` + pages. (#2690 #2781) + ++ assets: + + - Implements `__deepcopy__` method for `webassets.filter.option` in + order to fix unexpected behavior of the `option` class contructor. + (#2777 #2864 #2921) + ++ documents: + + - Flask-Login import in field definition. (#2905) + + - Safer upgrade recipe for migrations from the old document storage + model (used in v1.1) to the new document storage model (used in + v1.2). + ++ global: + + - Drops support for serving directories in Apache site configuration + to avoid problems with loading '/admin' url without trailing slash + that attempts to serve the static directory of the same + name. (#2470 #2943) + ++ installation: + + - Adds Babel as setup requirements for installing compile_catalog + command. + ++ jsonalchemy: + + - Fixes the definition of time_and_place_of_event_note, + series_statement and source_of_description fields. + ++ oairepository: + + - Switches keys in CFG_OAI_METADATA_FORMATS configuration mapping. + (#2962) + + - Amends bfe_oai_marcxml element since get_preformatted_record does + not return a tuple anymore. + ++ search: + + - Fixes portalbox text overflow and and syntax error in CSS. + (#3023) + + - Collection names containing slashes are now supported again. + However we recommend not to use slashes in collection names; if + slashes were wanted for aesthetic reasons, they can be added in + visible collection translations. (#2902) + ++ sorter: + + - Comparison function of record tags uses space concatened string + from list of all tags values. (#2750) + +Notes +~~~~~ + ++ assets: + + - Adds deprecation warning when LESS_RUN_IN_DEBUG is used. (#2923) + ++ global: + + - Deprecates use of invenio.utils.datacite:DataCite (to be removed + in Invenio 2.2). + + - External authentication methods are being deprecated. Please use + `invenio.modules.oauthclient` or Flask-SSO instead. (#1083) + + - Recreate Apache site configurations using new template. Run + following command: `inveniomanage apache create-config`. + + - Deprecates custom remote debuggers. Please use native Werkzeug + debugger or other (*)pdb equivalents. (#2945) + + - Adds deprecation warning for `invenio.ext.jinja2hacks` and all + detected non-ascii strings usage in templates mainly coming from + legacy (1.x) modules. (#2862) + ++ installation: + + - Limits version of SQLAlchemy<=1.0 and SQLAlchemy-Utils<=0.30. + ++ oairepository: + + - Changes current behavior of OAI-PMH server for logged in users to + take into account all records a user can view and not only public + records. + Invenio v2.0.1 -- released 2015-03-20 ------------------------------------- diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 6860ab3b62..153a926144 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -1,8 +1,8 @@ ============================ - Invenio v2.0.1 is released + Invenio v2.0.2 is released ============================ -Invenio v2.0.1 was released on March 20, 2015. +Invenio v2.0.2 was released on April 17, 2015. About ----- @@ -10,52 +10,193 @@ About Invenio is a digital library framework enabling you to build your own digital library or document repository on the web. +Security fixes +-------------- + ++ celery: + + - Forces Celery to only accept msgpack content when using standard + configuration. This disallows pickle messages which can be used + for remote code execution. (#3003) + ++ global: + + - Disables all attempts to serve directory listings for directories + found under static root. + +Incompatible changes +-------------------- + ++ celery: + + - If you use any Celery serializer other than msgpack, you must + update configuration variable CELERY_ACCEPT_CONTENT to include + that serializer. + ++ pidstore: + + - Refactors DataCite provider to use the new external DataCite API + client. + + - Removes DataCite API client from Invenio. + New features ------------ ++ docs: + + - Adds "Code of Conduct" to the "Community" documentation. + + - Adds new fast track deprecation policy. + + - Documents commit message labels used by developers (such as NEW, + SECURITY, FIX, etc.) used in automatic generation of structured + release notes. (#2856) + ++ global: + + - Adds a `inveniomanage config locate` command to request the + location of the instance config file. + + - Adds new configurable variable `INVENIO_APP_CONFIG_ENVS` that can + be set both from `invenio.cfg` and OS environment. Application + factory iterates over comma separated list of configuration + variable names and updates application config with equivalent OS + environment value. (#2858) + ++ template: + + - Adds 'u' filter that converts str to unicode in Jinja2 templates + since support for str has been deprecated. Example: `{{ mystr|u + }}`. (#2862) + +Improved features +----------------- + ++ docs: + + - Adds example of how to deprecate a feature and includes + deprecation policy in documentation. + + global: - - Deprecation policy comes with new deprecation warnings wrappers. - (#2875) + - Moves datacite API wrapper to external package. + + - Escapes all unicode characters in Jinja2 templates. + ++ installation: + + - Apache virtual environments are now created with appropriate + `WSGIDaemonProcess` user value, taken from the configuration + variable `CFG_BIBSCHED_PROCESS_USER`, provided it is set. This + change makes it easier to run Invenio under non-Apache user + identity. + + - Apache virtual environments are now created with appropriate + `WSGIPythonHome` directive so that it would be easier to run + Invenio from within Python virtual environments. + ++ jsonalchemy: + + - Introduces support for accepting MARC fields having any + indicator. (#1722 #2075) Bug fixes --------- ++ admin: + + - Adds `admin.js` bundle that loads `select2.js` library on `/admin` + pages. (#2690 #2781) + + assets: - - Avoids bundle changes to persist between requests in DEBUG mode, - which is not desired. (#2777) + - Implements `__deepcopy__` method for `webassets.filter.option` in + order to fix unexpected behavior of the `option` class contructor. + (#2777 #2864 #2921) -+ docs: ++ documents: - - Adds missing `invenio.base` package to the `config.py` file for a - custom overlay in the docs. + - Flask-Login import in field definition. (#2905) + + - Safer upgrade recipe for migrations from the old document storage + model (used in v1.1) to the new document storage model (used in + v1.2). + global: - - Replaces `invenio-demo.cern.ch` by `demo.invenio-software.org` - which is the new canonical URL of the demo site. (#2867) + - Drops support for serving directories in Apache site configuration + to avoid problems with loading '/admin' url without trailing slash + that attempts to serve the static directory of the same + name. (#2470 #2943) + installation: - - Reorders 'compile_catalog' and 'install' commands to fix - installation process from PyPI. + - Adds Babel as setup requirements for installing compile_catalog + command. - - Adds apache2 xsendfile package to installation script. (#2857) ++ jsonalchemy: -+ messages: + - Fixes the definition of time_and_place_of_event_note, + series_statement and source_of_description fields. - - Defines a path for jquery.ui required by jQuery-Timepicker-Addon - and sets an exact version for the plugin instead of latest. - (#2910) ++ oairepository: -+ records: + - Switches keys in CFG_OAI_METADATA_FORMATS configuration mapping. + (#2962) - - Changes creation_date field definition in tests. (#2214) + - Amends bfe_oai_marcxml element since get_preformatted_record does + not return a tuple anymore. + search: - - Generates correct url for `/collection` redirect. + - Fixes portalbox text overflow and and syntax error in CSS. + (#3023) + + - Collection names containing slashes are now supported again. + However we recommend not to use slashes in collection names; if + slashes were wanted for aesthetic reasons, they can be added in + visible collection translations. (#2902) + ++ sorter: + + - Comparison function of record tags uses space concatened string + from list of all tags values. (#2750) + +Notes +----- + ++ assets: + + - Adds deprecation warning when LESS_RUN_IN_DEBUG is used. (#2923) + ++ global: + + - Deprecates use of invenio.utils.datacite:DataCite (to be removed + in Invenio 2.2). + + - External authentication methods are being deprecated. Please use + `invenio.modules.oauthclient` or Flask-SSO instead. (#1083) + + - Recreate Apache site configurations using new template. Run + following command: `inveniomanage apache create-config`. + + - Deprecates custom remote debuggers. Please use native Werkzeug + debugger or other (*)pdb equivalents. (#2945) + + - Adds deprecation warning for `invenio.ext.jinja2hacks` and all + detected non-ascii strings usage in templates mainly coming from + legacy (1.x) modules. (#2862) + ++ installation: + + - Limits version of SQLAlchemy<=1.0 and SQLAlchemy-Utils<=0.30. + ++ oairepository: + + - Changes current behavior of OAI-PMH server for logged in users to + take into account all records a user can view and not only public + records. Installation ------------ @@ -65,7 +206,7 @@ Installation Documentation ------------- - http://invenio.readthedocs.org/en/v2.0.1 + http://invenio.readthedocs.org/en/v2.0.2 Homepage -------- diff --git a/RELEASE-NOTES.rst b/RELEASE-NOTES.rst index 6860ab3b62..153a926144 100644 --- a/RELEASE-NOTES.rst +++ b/RELEASE-NOTES.rst @@ -1,8 +1,8 @@ ============================ - Invenio v2.0.1 is released + Invenio v2.0.2 is released ============================ -Invenio v2.0.1 was released on March 20, 2015. +Invenio v2.0.2 was released on April 17, 2015. About ----- @@ -10,52 +10,193 @@ About Invenio is a digital library framework enabling you to build your own digital library or document repository on the web. +Security fixes +-------------- + ++ celery: + + - Forces Celery to only accept msgpack content when using standard + configuration. This disallows pickle messages which can be used + for remote code execution. (#3003) + ++ global: + + - Disables all attempts to serve directory listings for directories + found under static root. + +Incompatible changes +-------------------- + ++ celery: + + - If you use any Celery serializer other than msgpack, you must + update configuration variable CELERY_ACCEPT_CONTENT to include + that serializer. + ++ pidstore: + + - Refactors DataCite provider to use the new external DataCite API + client. + + - Removes DataCite API client from Invenio. + New features ------------ ++ docs: + + - Adds "Code of Conduct" to the "Community" documentation. + + - Adds new fast track deprecation policy. + + - Documents commit message labels used by developers (such as NEW, + SECURITY, FIX, etc.) used in automatic generation of structured + release notes. (#2856) + ++ global: + + - Adds a `inveniomanage config locate` command to request the + location of the instance config file. + + - Adds new configurable variable `INVENIO_APP_CONFIG_ENVS` that can + be set both from `invenio.cfg` and OS environment. Application + factory iterates over comma separated list of configuration + variable names and updates application config with equivalent OS + environment value. (#2858) + ++ template: + + - Adds 'u' filter that converts str to unicode in Jinja2 templates + since support for str has been deprecated. Example: `{{ mystr|u + }}`. (#2862) + +Improved features +----------------- + ++ docs: + + - Adds example of how to deprecate a feature and includes + deprecation policy in documentation. + + global: - - Deprecation policy comes with new deprecation warnings wrappers. - (#2875) + - Moves datacite API wrapper to external package. + + - Escapes all unicode characters in Jinja2 templates. + ++ installation: + + - Apache virtual environments are now created with appropriate + `WSGIDaemonProcess` user value, taken from the configuration + variable `CFG_BIBSCHED_PROCESS_USER`, provided it is set. This + change makes it easier to run Invenio under non-Apache user + identity. + + - Apache virtual environments are now created with appropriate + `WSGIPythonHome` directive so that it would be easier to run + Invenio from within Python virtual environments. + ++ jsonalchemy: + + - Introduces support for accepting MARC fields having any + indicator. (#1722 #2075) Bug fixes --------- ++ admin: + + - Adds `admin.js` bundle that loads `select2.js` library on `/admin` + pages. (#2690 #2781) + + assets: - - Avoids bundle changes to persist between requests in DEBUG mode, - which is not desired. (#2777) + - Implements `__deepcopy__` method for `webassets.filter.option` in + order to fix unexpected behavior of the `option` class contructor. + (#2777 #2864 #2921) -+ docs: ++ documents: - - Adds missing `invenio.base` package to the `config.py` file for a - custom overlay in the docs. + - Flask-Login import in field definition. (#2905) + + - Safer upgrade recipe for migrations from the old document storage + model (used in v1.1) to the new document storage model (used in + v1.2). + global: - - Replaces `invenio-demo.cern.ch` by `demo.invenio-software.org` - which is the new canonical URL of the demo site. (#2867) + - Drops support for serving directories in Apache site configuration + to avoid problems with loading '/admin' url without trailing slash + that attempts to serve the static directory of the same + name. (#2470 #2943) + installation: - - Reorders 'compile_catalog' and 'install' commands to fix - installation process from PyPI. + - Adds Babel as setup requirements for installing compile_catalog + command. - - Adds apache2 xsendfile package to installation script. (#2857) ++ jsonalchemy: -+ messages: + - Fixes the definition of time_and_place_of_event_note, + series_statement and source_of_description fields. - - Defines a path for jquery.ui required by jQuery-Timepicker-Addon - and sets an exact version for the plugin instead of latest. - (#2910) ++ oairepository: -+ records: + - Switches keys in CFG_OAI_METADATA_FORMATS configuration mapping. + (#2962) - - Changes creation_date field definition in tests. (#2214) + - Amends bfe_oai_marcxml element since get_preformatted_record does + not return a tuple anymore. + search: - - Generates correct url for `/collection` redirect. + - Fixes portalbox text overflow and and syntax error in CSS. + (#3023) + + - Collection names containing slashes are now supported again. + However we recommend not to use slashes in collection names; if + slashes were wanted for aesthetic reasons, they can be added in + visible collection translations. (#2902) + ++ sorter: + + - Comparison function of record tags uses space concatened string + from list of all tags values. (#2750) + +Notes +----- + ++ assets: + + - Adds deprecation warning when LESS_RUN_IN_DEBUG is used. (#2923) + ++ global: + + - Deprecates use of invenio.utils.datacite:DataCite (to be removed + in Invenio 2.2). + + - External authentication methods are being deprecated. Please use + `invenio.modules.oauthclient` or Flask-SSO instead. (#1083) + + - Recreate Apache site configurations using new template. Run + following command: `inveniomanage apache create-config`. + + - Deprecates custom remote debuggers. Please use native Werkzeug + debugger or other (*)pdb equivalents. (#2945) + + - Adds deprecation warning for `invenio.ext.jinja2hacks` and all + detected non-ascii strings usage in templates mainly coming from + legacy (1.x) modules. (#2862) + ++ installation: + + - Limits version of SQLAlchemy<=1.0 and SQLAlchemy-Utils<=0.30. + ++ oairepository: + + - Changes current behavior of OAI-PMH server for logged in users to + take into account all records a user can view and not only public + records. Installation ------------ @@ -65,7 +206,7 @@ Installation Documentation ------------- - http://invenio.readthedocs.org/en/v2.0.1 + http://invenio.readthedocs.org/en/v2.0.2 Homepage -------- diff --git a/invenio/version.py b/invenio/version.py index f1a5044b81..6a8607f844 100644 --- a/invenio/version.py +++ b/invenio/version.py @@ -30,7 +30,7 @@ # - revision can be set if you want to override the date coming from git. # # See the doctest below. -version = (2, 0, 2, 'dev', 20150320) +version = (2, 0, 2) def build_version(*args):