CHANGES.txt for the JTracker This file contains change information for the JTracker product. 1.14 (07/31/2006) Bugs fixed - The Spam prevention was improved to ensure replies to existing issues will never cause spam to be sent to existing subscribers and the spammer address will not be added to the subscriber list until explicitly unrestricted. - Admin users are now able to circumvent Spam protection. 1.13 (6/22/2006) Bugs fixed: - The introduction of the email module in version 1.12 caused backwards incompatibilities with Python 2.1 - Python 2.2 or higher is required now. This is now mentioned in the INSTALL and README files. (http://www.dataflake.org/tracker/issue_00458 by Deb Lewis) Features added: - The website spam prevention has been tightened down a lot. If you select the "review_issues" property on the JTracker property view, the following will happen: New issues will receive restricted permissions so that trying to view them as Anonymous will raise Unauthorized. Issues in the Private state will not be cataloged at all, so they cannot be found using searches, either. The tracker administrator will have two links at the bottom of new issue notification emails to quickly and easily delete or unrestrict a new issue with a single click. Unrestricting an issue will fix the permissions to inherit the defaults from the JTracker and also reindex it. New replies will be invisible for anonymous visitors. They are not indexed so their text cannot be found using searches. The tracker administrator will have two links at the bottom of new reply notification messages to either delete or make a reply visible in one single click, which will also trigger a reindex. 1.12 Features added: - To prevent website spam by anonymous posters a very simplistic mechanism will prevent newly posted issues from being visible, if the admin enables the "review_issues" property on the JTracker object. If "review_issues" is active, new issues will not go into "Pending" but into "Private" stage. The web forms then ensure that only tracker supporters can search for items in "Private" stage. This is not some super-secure solution, but it puts the bar higher and, even more important, Google and other crawlers will not find the spam by themselves. (http://www.dataflake.org/tracker/issue_00440) If you have modified the forms please review the default search form and the default JTracker main view to see the change and apply it to your setup. **IMPORTANT**: Since this change included adding another property to the JTracker class you must run the updater. See the section "Updating existing JTrackers" in the README. - The Python email module is now used to handle incoming email interaction. This complicates the code but it also reduces the garbage showing when people send HTML-formatted email from Microsofts's junk email clients. (http://www.dataflake.org/tracker/issue_00397/) - To ease deployment of JTracker in non-English environments a simple way to translate English phrases sent by the JTracker has been added. A new "translate" method can be used to pull the translated value into your view templates. - Along with the internal phrases the templates used to generate email notices are fully customizable, too. Bugs fixed: - Worked around a bug in Zope 2.7.1 and up by removing the ability to select a MaildropHost or MailHost object from the "Add"-form. The call to superValues on the dispatcher is now disallowed due to the security changes in Zope. (http://www.dataflake.org/tracker/issue_00412 by Olavo Santos) 1.11 Features added: - Changed the license used for this product to the new ZPL 2.1 which is also used for all future Zope releases. Bugs fixed: - Adapt to the fact that PropertyManagers store sequences as tuples and not lists anymore (JTracker issue 377 by Ulrich Goertz). 1.10 Bugs fixed: - New issues only triggered email notifications to the JTracker admin, but not to those accounts defined as supporters on the "Advanced" tab. Thanks go to Phil Schumm for pointing out this (mis)behavior. - Added Zope 2.7.x as "tested platform" in the README. - Noted potential pitfalls with the "mailhost" path in the JTracker in the face of virtual hosting in the README. 1.9 Features added: - Show a little more information on the reply form. Bugs fixed: - Zope 2.7 does not like tal:content on singleton tags, so the reply form blew up (pointed out by Eugene Morozov in issue 321). 1.8 Features added: - The list of items that can be added to a JTracker from the ZMI is now mor intelligent. It will allow adding a ZCatalog if there is no object named 'catalog' contained in it and it will allow adding a Mail Host (and Maildrop Host if the product is installed) if no object named 'MailHost' is in the JTracker (Tracker issue 243). Bugs fixed: - Eliminated all cases where a mutable type was used as the default value in a function's argument list. This should fix the mysterious subscriber multiplication (Tracker issue 241) - Worked around a IE/Windoze dumbness where file uploads would end up with a file name equal to the full path of the uploaded file on the uploader's system. Normal browsers provide a correct file name. (Tracker issue 238 posted by Jim Harrison) 1.7 Features added: - Searches can be re-executed from an issue view page. Once a custom search has been run the search terms are saved using the built-in sessioning in Zope and can be re-called from an issue view. This follows the typical use case of going through several issues that were found via a search. (Tracker issue 223 by myself) - Added id attributes to several places like tracker title and issue title displays to enable some style customizations (tracker issue 217 by Dave Lehman). - The JTracker administrator's full name is now editable. This change requires that the updater script be run before or after applying the new software. (Tracker issue 218 by Dave Lehman) Bugs fixed: - Worked over the way subscriber addresses are handled to try and pin down the mysterious addition of subscribers (Tracker issue 230, added by myself). 1.6 Bugs fixed: * A missed wrong indentation in the email processing code led to replies to issues that would also create brand new issues at the same time. * A missing import would prevent an error message to be sent to the JTracker administrator if there was an error sending email during normal operation of the JTracker. (Tracker issue 213, thanks go to Eugene Morozow) * Completed the "hookup" of account settings to all those forms where names or emails are needed. If the currently logged-in user has an account (see "Advanced" tab in the ZMI) then these values will be pre-filled with the correct email address and full name. (Tracker issue 212, thanks to Alan Milligan for reminding me that this piece was not filled in completely) Features added: * The addIssue method can now be scripted better because it does not require REQUEST to be passed in anymore (Tracker issue 211 by Alan Milligan). 1.5 Features added: * Better error handling for the mail handler: If something goes awry during message reception a error report is sent to the email address set as the admin email. Furthermore, there is now some tests to see if an incoming message is just a bounce message so that infinite mail loops are avoided. Removed all such tests from the email accepter standalone script to simplify it. Bugs fixed: * An incoming message subject line is now always mime-decoded so that it does not show up with garbage mime code. (Tracker issue 205, thanks go to Alan Milligan) 1.4 Features added: * A property on the Properties tab (accept_email) lets the administrator turn the email processing for emails put into the JTracker viw the receiveEmail method on or off. Bugs fixed: * A permissions problem crept into version 1.3 that had to do with the (very unintuitive) way permissions are initialized on base classes. The problem would have the "Support JTracker Issues" permission disappear and only allow true Manager users do issue support work. * Added a (really lame) attempt to detect if an incoming email message is actually a bounce from dumb mail servers that do not complain about non-existing recipients but accept mail like everything is alright and then send a separate bounce message (to the JTracker address) later. As to be expected, this weird and unintuitive behavior only shows up on Micro$haft wannabe-email servers so far ("Exchange"). 1.3 Features added: * Email subscriber handling has been simplified. Now the JTracker admin and the issue poster are just entries in the issue subscriber list, which also means they can be removed from it if so desired. * The issue numbering scheme has been changed to pad the issue number with zeros. This scheme allows getting rid of the issue_number method/index kludge that was put in to allow correct sorting in the views. * If the BTreeFolder2 package is installed it will be used for all newly instantiated JTrackers. A script is provided that allows upgrading existing JTracker instances to use the BTreeFolder2-based version. See README.txt for details on how to upgrade. Installing the BTreeFolder2 product and upgrading your JTracker to use it is the recommended configuration. * An updater script is included that allows reasonably safe updates in place so that the user can install the latest software release, run the updater and the existing JTracker instances will be updated to work with the new code if they need updating. See README.txt for how to use the updater script. * Add support for uploading files. The upload capability can be switched on and off by the administrator and a specific kilobyte limit for allowable file sizes can be set. A single file can be uploaded per issue entry. The administrator user can add or delete these files from the Zope Management Interface, regardless of filesize limit settings on the JTracker. This feature introduced in response to Tracker issue 196 by Jim Harrison. Bugs fixed: * Issue descriptions and issue reply bodies were not HTML-encoded in the JTracker Issue view. This is a security risk that can allow someone to insert malicious HTML or client-side scripting into an issue or a followup. All these text fields are quoted now. Thanks to Artur Zaprzala for the heads-up on this. 1.2 Features added: * The Mail Host to be used for mail handling can now be selected upon instantiation and changed in the JTracker properties view. * You can now talk to the JTracker using email. How to set it up and what it is that you can do via email is explained in the README. 1.1 Bugs fixed: * Replies could get a wrong date attached to them because of the way default arguments were handled Features added: * Overriding manage_editProperties so that editing an issue on its Property tab will now recatalog as well. This allowed me to remove the "Advanced" tab in the ZMI. * Replies can now be deleted or their text body edited via the ZMI. * the view form for issues had a couple convenience links added, one of them to the issue itself and another one, if the current user has the permission to manage this JTracker, that links directly to the ZMI. 1.0 Bugs fixed: * Text searches now find text in replies as well, whereas it used to be limited for the issue title and description before. * Better issue sorting in search results views with the help of another catalog index and a helper variable. Features added: * JTracker issue searches can now be bookmarked because it will show the full search criteria in the URL query string. 0.9 First official release 0.5 First version