|
|
@@ -1,5 +1,81 @@
|
|
|
# News
|
|
|
|
|
|
+## master
|
|
|
+
|
|
|
+This release is incompatible with previous releases. See the upgrade checklist below.
|
|
|
+
|
|
|
+ * Common
|
|
|
+ * Parallel write requests
|
|
|
+ * Support PyPy
|
|
|
+ * Protect against XML denial-of-service attacks
|
|
|
+ * Check for duplicated UIDs in calendars/address books
|
|
|
+ * Only add missing UIDs for uploaded whole calendars/address books
|
|
|
+ * Switch from md5 to sha256 for UIDs and tokens
|
|
|
+ * Code cleanup:
|
|
|
+ * All plugin interfaces were simplified and are incompatible with old plugins
|
|
|
+ * Major refactor
|
|
|
+ * Never sanitize paths multiple times (check if they are sanitized)
|
|
|
+ * Config
|
|
|
+ * Multiple configuration files with the format /path/to/config1:/path/to/config2
|
|
|
+ * Optional configuration files by prepending filepath with ``?`
|
|
|
+ * Check validity of every configuration file and command line arguments separately
|
|
|
+ * Report the source of invalid configuration parameters in error messages
|
|
|
+ * Code cleanup:
|
|
|
+ * Store configuration as parsed values
|
|
|
+ * Use Schema that describes configuration and allow plugins to apply their own schemas
|
|
|
+ * Mark internal settings with ``_`
|
|
|
+ * Internal server
|
|
|
+ * Bind to IPv4 and IPv6 address, when both are available for hostname
|
|
|
+ * Set default address to ``localhost:5232``
|
|
|
+ * Remove settings for SSL ciphers and protocol versions (enforce safe defaults instead)
|
|
|
+ * Remove settings for file locking because they are of little use
|
|
|
+ * Remove daemonization (should be handled by service managers)
|
|
|
+ * Logging
|
|
|
+ * Replace complex Python logger configuration with simple logging.level setting
|
|
|
+ * Write PID and ``threadName`` instead of cryptic id's in log messages
|
|
|
+ * Use ``wsgi.errors`` for logging (as required by the WSGI spec)
|
|
|
+ * Code cleanup:
|
|
|
+ * Don't pass logger object around (use ``logging.getLogger()`` instead)
|
|
|
+ * Auth
|
|
|
+ * Use ``md5`` as default for ``htpasswd_encryption`` setting
|
|
|
+ * Move setting ``realm`` from section ``server`` to ``auth``
|
|
|
+ * Rights
|
|
|
+ * Use permissions ``RW`` for non-leaf collections and ``rw`` for address books/calendars
|
|
|
+ * New permission ``i`` that only allows access with HTTP method GET
|
|
|
+ (CalDAV/CardDAV is susceptible to expensive search requests)
|
|
|
+ * Web
|
|
|
+ * Add upload dialog for calendars/address books from file
|
|
|
+ * Show startup loading message
|
|
|
+ * Show warning if JavaScript is disabled
|
|
|
+ * Pass HTML Validator
|
|
|
+ * Storage
|
|
|
+ * Check for missin UIDs in items
|
|
|
+ * Check for child collections in address books and calendars
|
|
|
+ * Code cleanup:
|
|
|
+ * Split BaseCollection in BaseStorage and BaseCollection
|
|
|
+
|
|
|
+## Upgrade checklist
|
|
|
+
|
|
|
+ * Configuration
|
|
|
+ * Some settings were removed
|
|
|
+ * The default of ``auth.htpasswd_encryption`` changed to ``md5``
|
|
|
+ * The settings ``server.realm`` moved to ``auth.realm``
|
|
|
+ * The settings ``logging.debug`` was replaced by ``logging.level``
|
|
|
+ * The format of the ``rights.file`` configuration file changed:
|
|
|
+ * Permission ``r` replaced by ``Rr``
|
|
|
+ * Permission ``w` replaced by ``Ww``
|
|
|
+ * New permission ``i` added as subset of ``r`
|
|
|
+ * Replaced variable ``%(login)s`` by ``{user}``
|
|
|
+ * Removed variable ``%(path)s``
|
|
|
+ * ``{` must be escaped as ``{{`` and ``}` as ``}}`` in regexes
|
|
|
+ * Filesystem storage
|
|
|
+ * The storage format is compatible with Radicale 2.x.x
|
|
|
+ * Run ``radiale --verify-storage`` to check for errors
|
|
|
+ * Custom plugins:
|
|
|
+ * ``auth`` and ``web`` plugins require minor adjustments
|
|
|
+ * ``rights`` plugins must be adapted to the new permission model
|
|
|
+ * ``storage`` plugins require major changes
|
|
|
+
|
|
|
## 2.1.10 - Wild Radish
|
|
|
|
|
|
This release is compatible with version 2.0.0.
|
Unrud