diff --git a/MANIFEST.in b/MANIFEST.in index 9ade313429..10be388509 100644 --- a/MANIFEST.in +++ b/MANIFEST.in @@ -5,6 +5,7 @@ include *.txt include *.yml include .bowerrc include .dockerignore +include .editorconfig include ABOUT-NLS include AUTHORS include COPYING diff --git a/NEWS b/NEWS index 0e91021439..5a7c2c9eab 100644 --- a/NEWS +++ b/NEWS @@ -6,6 +6,82 @@ releases. For more information about the current release, please consult RELEASE-NOTES. For more information about changes, please consult ChangeLog. +Invenio v2.0.6 -- released 2015-09-01 +------------------------------------- + +Security fixes +~~~~~~~~~~~~~~ + ++ global + + - Fixes potential XSS issues by changing main flash messages + template so that they are not displayed as safe HTML by default. + ++ search + + - Fixes potential XSS issues by changing search flash messages + template so that they are not displayed as safe HTML by default. + + +Improved features +~~~~~~~~~~~~~~~~~ + ++ I18N + + - Completes Italian translation. + - Completes French translation. + ++ global + + - Adds super(SmartDict, self).__init__ call in the __init__ method + in SmartDict to be able to make multiple inheritance in Record + class in invenio-records and be able to call both parent's + __init__. + + +Bug fixes +~~~~~~~~~ + ++ OAIHarvest + + - Fixes the parsing of resumptiontoken in incoming OAI-PMH XML which + could fail when the resumptiontoken was empty. + ++ i18n + + - Updates PO message catalogues and cleans them of duplicated + messages. (#3455) + ++ installation + + - Fixes database creation and upgrading by limiting Alembic version + to <0.7. + ++ legacy + + - Addresses an issue with calling six urllib.parse in a wrong way, + making users unable to harvest manually from the command line. + + +Notes +~~~~~ + ++ global + + - Displaying HTML safe flash messages can be done by using one of + these flash contexts: '(html_safe)', 'info(html_safe)', + 'danger(html_safe)', 'error(html_safe)', 'warning(html_safe)', + 'success(html_safe)' instead of the standard ones (which are the + same without '(html safe)' at the end). + ++ search + + - Displaying HTML safe flash messages can be done by using one of + these flash contexts: 'search-results-after(html_safe)', + 'websearch-after-search-form(html_safe)' instead of the standard + ones (which are the same without '(html safe)' at the end). + + Invenio v2.0.5 -- released 2015-07-17 ------------------------------------- diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 165ff8ae52..b9eca6c584 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -1,8 +1,8 @@ ============================ - Invenio v2.0.5 is released + Invenio v2.0.6 is released ============================ -Invenio v2.0.5 was released on July 17, 2015. +Invenio v2.0.6 was released on September 1, 2015. About ----- @@ -13,96 +13,86 @@ digital library or document repository on the web. Security fixes -------------- -+ docker: ++ global - - Disables debug mode when using standard Docker image. Uses docker - compose to set the variable instead. + - Fixes potential XSS issues by changing main flash messages + template so that they are not displayed as safe HTML by default. -Improved features ------------------ - -+ deposit: ++ search - - Improves handling of large files in deposit. + - Fixes potential XSS issues by changing search flash messages + template so that they are not displayed as safe HTML by default. -+ docker: - - Improves Docker documentation notably related to how to work with - Invenio site overlays. - - - Changes port number exposed by docker to non-reserved ones to - avoid conflicts with local installations. Webport is now 28080, - Redis 26379 and MySQL is 23306, which is a simple +20000 shift - from the standard ports. +Improved features +----------------- - - Integrates docker boot script into docker image. ++ I18N - - Changes docker boot script to use `exec`. This ensure signal - forwarding and reduces the overhead by one process. As a result - container shutdown is faster now. + - Completes Italian translation. + - Completes French translation. - - Changes manual master/slave configuration of Docker devboot script - to automatic solution using file locks. ++ global -+ jasmine: + - Adds super(SmartDict, self).__init__ call in the __init__ method + in SmartDict to be able to make multiple inheritance in Record + class in invenio-records and be able to call both parent's + __init__. - - Allows using variables from application config for building asset - bundles. Bug fixes --------- -+ deposit: ++ OAIHarvest - - Fixes issue with PLUpload chunking not being enabled. + - Fixes the parsing of resumptiontoken in incoming OAI-PMH XML which + could fail when the resumptiontoken was empty. -+ encoder: ++ i18n - - Corrects the `compose_file` function call in `process_batch_job` - to produce `/content.` instead of - `/content.content;`. (#3354) + - Updates PO message catalogues and cleans them of duplicated + messages. (#3455) -+ global: ++ installation - - Fixes the way configuration variables are parsed from ENV. It now - uses the same method we are using in `inveniomanage config set`. - This fixes the problem that `False` is not parsed correctly. + - Fixes database creation and upgrading by limiting Alembic version + to <0.7. -+ installation: ++ legacy - - Fixes capitalization of package names. + - Addresses an issue with calling six urllib.parse in a wrong way, + making users unable to harvest manually from the command line. -+ legacy: - - - Fixes inveniogc crash when mysql is NOT used to store sessions. - (#3205) - -+ login: - - - Provides flash message to indicate that an email with password - recovery could not be sent. (#3309) Notes ----- -+ global: ++ global + + - Displaying HTML safe flash messages can be done by using one of + these flash contexts: '(html_safe)', 'info(html_safe)', + 'danger(html_safe)', 'error(html_safe)', 'warning(html_safe)', + 'success(html_safe)' instead of the standard ones (which are the + same without '(html safe)' at the end). + ++ search - - Backports Flask-IIIF extension from original commit - 213b6f1144734c9ecf425a1bc7b78e56ee5e4e3e. The extension is not - enabled by default in order to avoid feature addition to existing - minor release. + - Displaying HTML safe flash messages can be done by using one of + these flash contexts: 'search-results-after(html_safe)', + 'websearch-after-search-form(html_safe)' instead of the standard + ones (which are the same without '(html safe)' at the end). Installation ------------ - $ pip install invenio==2.0.5 + $ pip install invenio==2.0.6 Upgrade ------- $ bibsched stop $ sudo systemctl stop apache2 - $ pip install --upgrade invenio==2.0.5 + $ pip install --upgrade invenio==2.0.6 $ inveniomanage upgrader check $ inveniomanage upgrader run $ sudo systemctl start apache2 @@ -111,7 +101,7 @@ Upgrade Documentation ------------- - http://invenio.readthedocs.org/en/v2.0.5 + http://invenio.readthedocs.org/en/v2.0.6 Happy hacking and thanks for flying Invenio. diff --git a/RELEASE-NOTES.rst b/RELEASE-NOTES.rst index 165ff8ae52..b9eca6c584 100644 --- a/RELEASE-NOTES.rst +++ b/RELEASE-NOTES.rst @@ -1,8 +1,8 @@ ============================ - Invenio v2.0.5 is released + Invenio v2.0.6 is released ============================ -Invenio v2.0.5 was released on July 17, 2015. +Invenio v2.0.6 was released on September 1, 2015. About ----- @@ -13,96 +13,86 @@ digital library or document repository on the web. Security fixes -------------- -+ docker: ++ global - - Disables debug mode when using standard Docker image. Uses docker - compose to set the variable instead. + - Fixes potential XSS issues by changing main flash messages + template so that they are not displayed as safe HTML by default. -Improved features ------------------ - -+ deposit: ++ search - - Improves handling of large files in deposit. + - Fixes potential XSS issues by changing search flash messages + template so that they are not displayed as safe HTML by default. -+ docker: - - Improves Docker documentation notably related to how to work with - Invenio site overlays. - - - Changes port number exposed by docker to non-reserved ones to - avoid conflicts with local installations. Webport is now 28080, - Redis 26379 and MySQL is 23306, which is a simple +20000 shift - from the standard ports. +Improved features +----------------- - - Integrates docker boot script into docker image. ++ I18N - - Changes docker boot script to use `exec`. This ensure signal - forwarding and reduces the overhead by one process. As a result - container shutdown is faster now. + - Completes Italian translation. + - Completes French translation. - - Changes manual master/slave configuration of Docker devboot script - to automatic solution using file locks. ++ global -+ jasmine: + - Adds super(SmartDict, self).__init__ call in the __init__ method + in SmartDict to be able to make multiple inheritance in Record + class in invenio-records and be able to call both parent's + __init__. - - Allows using variables from application config for building asset - bundles. Bug fixes --------- -+ deposit: ++ OAIHarvest - - Fixes issue with PLUpload chunking not being enabled. + - Fixes the parsing of resumptiontoken in incoming OAI-PMH XML which + could fail when the resumptiontoken was empty. -+ encoder: ++ i18n - - Corrects the `compose_file` function call in `process_batch_job` - to produce `/content.` instead of - `/content.content;`. (#3354) + - Updates PO message catalogues and cleans them of duplicated + messages. (#3455) -+ global: ++ installation - - Fixes the way configuration variables are parsed from ENV. It now - uses the same method we are using in `inveniomanage config set`. - This fixes the problem that `False` is not parsed correctly. + - Fixes database creation and upgrading by limiting Alembic version + to <0.7. -+ installation: ++ legacy - - Fixes capitalization of package names. + - Addresses an issue with calling six urllib.parse in a wrong way, + making users unable to harvest manually from the command line. -+ legacy: - - - Fixes inveniogc crash when mysql is NOT used to store sessions. - (#3205) - -+ login: - - - Provides flash message to indicate that an email with password - recovery could not be sent. (#3309) Notes ----- -+ global: ++ global + + - Displaying HTML safe flash messages can be done by using one of + these flash contexts: '(html_safe)', 'info(html_safe)', + 'danger(html_safe)', 'error(html_safe)', 'warning(html_safe)', + 'success(html_safe)' instead of the standard ones (which are the + same without '(html safe)' at the end). + ++ search - - Backports Flask-IIIF extension from original commit - 213b6f1144734c9ecf425a1bc7b78e56ee5e4e3e. The extension is not - enabled by default in order to avoid feature addition to existing - minor release. + - Displaying HTML safe flash messages can be done by using one of + these flash contexts: 'search-results-after(html_safe)', + 'websearch-after-search-form(html_safe)' instead of the standard + ones (which are the same without '(html safe)' at the end). Installation ------------ - $ pip install invenio==2.0.5 + $ pip install invenio==2.0.6 Upgrade ------- $ bibsched stop $ sudo systemctl stop apache2 - $ pip install --upgrade invenio==2.0.5 + $ pip install --upgrade invenio==2.0.6 $ inveniomanage upgrader check $ inveniomanage upgrader run $ sudo systemctl start apache2 @@ -111,7 +101,7 @@ Upgrade Documentation ------------- - http://invenio.readthedocs.org/en/v2.0.5 + http://invenio.readthedocs.org/en/v2.0.6 Happy hacking and thanks for flying Invenio. diff --git a/invenio/version.py b/invenio/version.py index 3fd11b25d4..ec18ce89f3 100644 --- a/invenio/version.py +++ b/invenio/version.py @@ -30,7 +30,7 @@ # - revision can be set if you want to override the date coming from git. # # See the doctest below. -version = (2, 0, 6, 'dev', 20150717) +version = (2, 0, 6) def build_version(*args):