Home Explore Help
Sign In
mirrors
/
Radicale
mirror of https://github.com/Kozea/Radicale
1
0
Fork 0
Files Issues 0 Wiki
Tree: 011bf1e5a7
Branches Tags
Radicale
/
NEWS.rst

NEWS.rst 8.3 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296 
  1. ======
    2. 

  2.  News
    3. 

  3. ======
    4. 

  4. 

  5. 

  6. 2.1.0rc1
    7. 

  7. ========
    8. 

  8. 

  9. This release is compatible with version 2.0.0.
    10. 

  10. 

  11. * Built-in web interface for creating and managing address books and calendars
    12. 

  12. 

  13.   * can be extended with web plugins
    14. 

  14. 

  15. * Much faster storage backend
    16. 

  16. * Significant reduction in memory usage
    17. 

  17. * Improved logging
    18. 

  18. 

  19.   * Include paths (of invalid items / requests) in log messages
    20. 

  20.   * Include configuration values causing problems in log messages
    21. 

  21.   * Log warning message for invalid requests by clients
    22. 

  22.   * Log error message for invalid files in the storage backend
    23. 

  23.   * No stack traces unless debugging is enabled
    24. 

  24. 

  25. * Time range filter also regards overwritten recurrences
    26. 

  26. * Items that couldn't be filtered because of bugs in VObject are always
    27. 

  27.   returned (and a warning message is logged)
    28. 

  28. * Basic error checking of configuration files
    29. 

  29. * File system locking isn't disabled implicitly anymore, instead a new
    30. 

  30.   configuration option gets introduced
    31. 

  31. * The permissions of the lock file are not changed anymore
    32. 

  32. * Support for sync-token
    33. 

  33. * Support for client-side SSL certificates
    34. 

  34. * Rights plugins can decide if access to an item is granted explicitly
    35. 

  35. 

  36.   * Respond with 403 instead of 404 for principal collections of non-existing
    37. 

  37.     users when ``owner_only`` plugin is used (information leakage)
    38. 

  38. 

  39. * Authentication plugins can provide login and password from environment
    40. 

  40. 

  41.   * new ``remote_user`` plugin, that gets login from the ``REMOTE_USER``
    42. 

  42.     environment variable (for WSGI server)
    43. 

  43.   * new ``http_x_remote_user`` plugin, that gets login from the
    44. 

  44.     ``X-Remote-User`` HTTP header (for reverse proxies)
    45. 

  45. 

  46. 

  47. 2.0.0 - Little Big Radish
    48. 

  48. =========================
    49. 

  49. 

  50. This feature is not compatible with the 1.x.x versions. See
    51. 

  51. http://radicale.org/1to2/ if you want to switch from 1.x.x to
    52. 

  52. 2.0.0.
    53. 

  53. 

  54. * Support Python 3.3+ only, Python 2 is not supported anymore
    55. 

  55. * Keep only one simple filesystem-based storage system
    56. 

  56. * Remove built-in Git support
    57. 

  57. * Remove built-in authentication modules
    58. 

  58. * Keep the WSGI interface, use Python HTTP server by default
    59. 

  59. * Use a real iCal parser, rely on the "vobject" external module
    60. 

  60. * Add a solid calendar discovery
    61. 

  61. * Respect the difference between "files" and "folders", don't rely on slashes
    62. 

  62. * Remove the calendar creation with GET requests
    63. 

  63. * Be stateless
    64. 

  64. * Use a file locker
    65. 

  65. * Add threading
    66. 

  66. * Get atomic writes
    67. 

  67. * Support new filters
    68. 

  68. * Support read-only permissions
    69. 

  69. * Allow External plugins for authentication, rights management, storage and
    70. 

  70.   version control
    71. 

  71. 

  72. 

  73. 1.1.3 - Fourth Law of Nature
    74. 

  74. ============================
    75. 

  75. 

  76. * Add a ``--export-storage=FOLDER`` command-line argument (by Unrud, see #606)
    77. 

  77. 

  78. 

  79. 1.1.2 - Third Law of Nature
    80. 

  80. ===========================
    81. 

  81. 

  82. * **Security fix**: Add a random timer to avoid timing oracles and simple
    83. 

  83.   bruteforce attacks when using the htpasswd authentication method.
    84. 

  84. * Various minor fixes.
    85. 

  85. 

  86. 

  87. 1.1.1 - Second Law of Nature
    88. 

  88. ============================
    89. 

  89. 

  90. * Fix the owner_write rights rule
    91. 

  91. 

  92. 

  93. 1.1 - Law of Nature
    94. 

  94. ===================
    95. 

  95. 

  96. One feature in this release is **not backward compatible**:
    97. 

  97. 

  98. * Use the first matching section for rights (inspired from daald)
    99. 

  99. 

  100. Now, the first section matching the path and current user in your custom rights
    101. 

  101. file is used. In the previous versions, the most permissive rights of all the
    102. 

  102. matching sections were applied. This new behaviour gives a simple way to make
    103. 

  103. specific rules at the top of the file independant from the generic ones.
    104. 

  104. 

  105. Many **improvements in this release are related to security**, you should
    106. 

  106. upgrade Radicale as soon as possible:
    107. 

  107. 

  108. * Improve the regex used for well-known URIs (by Unrud)
    109. 

  109. * Prevent regex injection in rights management (by Unrud)
    110. 

  110. * Prevent crafted HTTP request from calling arbitrary functions (by Unrud)
    111. 

  111. * Improve URI sanitation and conversion to filesystem path (by Unrud)
    112. 

  112. * Decouple the daemon from its parent environment (by Unrud)
    113. 

  113. 

  114. Some bugs have been fixed and little enhancements have been added:
    115. 

  115. 

  116. * Assign new items to corret key (by Unrud)
    117. 

  117. * Avoid race condition in PID file creation (by Unrud)
    118. 

  118. * Improve the docker version (by cdpb)
    119. 

  119. * Encode message and commiter for git commits
    120. 

  120. * Test with Python 3.5
    121. 

  121. 

  122. 

  123. 1.0.1 - Sunflower Again
    124. 

  124. =======================
    125. 

  125. 

  126. * Update the version because of a **stupid** "feature"™ of PyPI
    127. 

  127. 

  128. 

  129. 1.0 - Sunflower
    130. 

  130. ===============
    131. 

  131. 

  132. * Enhanced performances (by Mathieu Dupuy)
    133. 

  133. * Add MD5-APR1 and BCRYPT for htpasswd-based authentication (by Jan-Philip Gehrcke)
    134. 

  134. * Use PAM service (by Stephen Paul Weber)
    135. 

  135. * Don't discard PROPPATCH on empty collections (by Markus Unterwaditzer)
    136. 

  136. * Write the path of the collection in the git message (by Matthew Monaco)
    137. 

  137. * Tests launched on Travis
    138. 

  138. 

  139. 

  140. 0.10 - Lovely Endless Grass
    141. 

  141. ===========================
    142. 

  142. 

  143. * Support well-known URLs (by Mathieu Dupuy)
    144. 

  144. * Fix collection discovery (by Markus Unterwaditzer)
    145. 

  145. * Reload logger config on SIGHUP (by Élie Bouttier)
    146. 

  146. * Remove props files when deleting a collection (by Vincent Untz)
    147. 

  147. * Support salted SHA1 passwords (by Marc Kleine-Budde)
    148. 

  148. * Don't spam the logs about non-SSL IMAP connections to localhost (by Giel van Schijndel)
    149. 

  149. 

  150. 

  151. 0.9 - Rivers
    152. 

  152. ============
    153. 

  153. 

  154. * Custom handlers for auth, storage and rights (by Sergey Fursov)
    155. 

  155. * 1-file-per-event storage (by Jean-Marc Martins)
    156. 

  156. * Git support for filesystem storages (by Jean-Marc Martins)
    157. 

  157. * DB storage working with PostgreSQL, MariaDB and SQLite (by Jean-Marc Martins)
    158. 

  158. * Clean rights manager based on regular expressions (by Sweil)
    159. 

  159. * Support of contacts for Apple's clients
    160. 

  160. * Support colors (by Jochen Sprickerhof)
    161. 

  161. * Decode URLs in XML (by Jean-Marc Martins)
    162. 

  162. * Fix PAM authentication (by Stepan Henek)
    163. 

  163. * Use consistent etags (by 9m66p93w)
    164. 

  164. * Use consistent sorting order (by Daniel Danner)
    165. 

  165. * Return 401 on unauthorized DELETE requests (by Eduard Braun)
    166. 

  166. * Move pid file creation in child process (by Mathieu Dupuy)
    167. 

  167. * Allow requests without base_prefix (by jheidemann)
    168. 

  168. 

  169. 

  170. 0.8 - Rainbow
    171. 

  171. =============
    172. 

  172. 

  173. * New authentication and rights management modules (by Matthias Jordan)
    174. 

  174. * Experimental database storage
    175. 

  175. * Command-line option for custom configuration file (by Mark Adams)
    176. 

  176. * Root URL not at the root of a domain (by Clint Adams, Fabrice Bellet, Vincent Untz)
    177. 

  177. * Improved support for iCal, CalDAVSync, CardDAVSync, CalDavZAP and CardDavMATE
    178. 

  178. * Empty PROPFIND requests handled (by Christoph Polcin)
    179. 

  179. * Colon allowed in passwords
    180. 

  180. * Configurable realm message
    181. 

  181. 

  182. 

  183. 0.7.1 - Waterfalls
    184. 

  184. ==================
    185. 

  185. 

  186. * Many address books fixes
    187. 

  187. * New IMAP ACL (by Daniel Aleksandersen)
    188. 

  188. * PAM ACL fixed (by Daniel Aleksandersen)
    189. 

  189. * Courier ACL fixed (by Benjamin Frank)
    190. 

  190. * Always set display name to collections (by Oskari Timperi)
    191. 

  191. * Various DELETE responses fixed
    192. 

  192. 

  193. 

  194. 0.7 - Eternal Sunshine
    195. 

  195. ======================
    196. 

  196. 

  197. * Repeating events
    198. 

  198. * Collection deletion
    199. 

  199. * Courier and PAM authentication methods
    200. 

  200. * CardDAV support
    201. 

  201. * Custom LDAP filters supported
    202. 

  202. 

  203. 

  204. 0.6.4 - Tulips
    205. 

  205. ==============
    206. 

  206. 

  207. * Fix the installation with Python 3.1
    208. 

  208. 

  209. 

  210. 0.6.3 - Red Roses
    211. 

  211. =================
    212. 

  212. 

  213. * MOVE requests fixed
    214. 

  214. * Faster REPORT answers
    215. 

  215. * Executable script moved into the package
    216. 

  216. 

  217. 

  218. 0.6.2 - Seeds
    219. 

  219. =============
    220. 

  220. 

  221. * iPhone and iPad support fixed
    222. 

  222. * Backslashes replaced by slashes in PROPFIND answers on Windows
    223. 

  223. * PyPI archive set as default download URL
    224. 

  224. 

  225. 

  226. 0.6.1 - Growing Up
    227. 

  227. ==================
    228. 

  228. 

  229. * Example files included in the tarball
    230. 

  230. * htpasswd support fixed
    231. 

  231. * Redirection loop bug fixed
    232. 

  232. * Testing message on GET requests
    233. 

  233. 

  234. 

  235. 0.6 - Sapling
    236. 

  236. =============
    237. 

  237. 

  238. * WSGI support
    239. 

  239. * IPv6 support
    240. 

  240. * Smart, verbose and configurable logs
    241. 

  241. * Apple iCal 4 and iPhone support (by Łukasz Langa)
    242. 

  242. * KDE KOrganizer support
    243. 

  243. * LDAP auth backend (by Corentin Le Bail)
    244. 

  244. * Public and private calendars (by René Neumann)
    245. 

  245. * PID file
    246. 

  246. * MOVE requests management
    247. 

  247. * Journal entries support
    248. 

  248. * Drop Python 2.5 support
    249. 

  249. 

  250. 

  251. 0.5 - Historical Artifacts
    252. 

  252. ==========================
    253. 

  253. 

  254. * Calendar depth
    255. 

  255. * MacOS and Windows support
    256. 

  256. * HEAD requests management
    257. 

  257. * htpasswd user from calendar path
    258. 

  258. 

  259. 

  260. 0.4 - Hot Days Back
    261. 

  261. ===================
    262. 

  262. 

  263. * Personal calendars
    264. 

  264. * Last-Modified HTTP header
    265. 

  265. * ``no-ssl`` and ``foreground`` options
    266. 

  266. * Default configuration file
    267. 

  267. 

  268. 

  269. 0.3 - Dancing Flowers
    270. 

  270. =====================
    271. 

  271. 

  272. * Evolution support
    273. 

  273. * Version management
    274. 

  274. 

  275. 

  276. 0.2 - Snowflakes
    277. 

  277. ================
    278. 

  278. 

  279. * Sunbird pre-1.0 support
    280. 

  280. * SSL connection
    281. 

  281. * Htpasswd authentication
    282. 

  282. * Daemon mode
    283. 

  283. * User configuration
    284. 

  284. * Twisted dependency removed
    285. 

  285. * Python 3 support
    286. 

  286. * Real URLs for PUT and DELETE
    287. 

  287. * Concurrent modification reported to users
    288. 

  288. * Many bugs fixed (by Roger Wenham)
    289. 

  289. 

  290. 

  291. 0.1 - Crazy Vegetables
    292. 

  292. ======================
    293. 

  293. 

  294. * First release
    295. 

  295. * Lightning/Sunbird 0.9 compatibility
    296. 

  296. * Easy installer
    297.