newsSavane - News: Release 1.0.4: new features, bugfixes, cosmetics

Show feedback again
Latest News
Security fix: scp restricted shell bypass posted by beuc, Thu Feb 2 22:02:09 2017 - 0 replies
New Savane release fixes symlink attack and privilege escalation posted by beuc, Wed Dec 2 22:24:18 2009 - 0 replies
Release 3.0: markup language and anti-spam tools posted by yeupou, Mon Dec 4 09:38:30 2006 - 2 replies
Release 2.0: interface heavy improvements, bugfixes and cosmetics posted by yeupou, Tue Oct 3 08:06:29 2006 - 2 replies
We need packagers! posted by yeupou, Tue Sep 19 18:09:45 2006 - 2 replies
[Submit News]
[23 news in archive]

Release 1.0.4: new features, bugfixes, cosmetics

Item posted by Mathieu Roy <yeupou> on Fri Sep 24 09:49:40 2004.


I'm glad to announce 1.0.4 release. Thanks a lot to everybody involved in this release, in particular Alberto Aimar from CERN LCG/SPI.

The release tracking has been made with the task #736

Obtaining it:

- GPG-signed tarball is available at <>
- It is downloadable via CVS, with the tag REL_1-0-4-1

Installing it:

If you are running Savane < 1.0.4, you should run sql scripts included in savane/update/1.0.4, as described in savane/update/README.
These scripts will handle the trivial changes on the database needed.
WARNING: do not run savane/update/1.0.4/clean-usertable.sql

Also, take care to the section [SITE SPECIFIC CONTENT] of the
ChangeLog below, it will tells you which files should be added in your site specific content directory.

Otherwise, just follow INSTALL, or INSTALL.verbose if it not enough.

Reporting bugs:

Same place as usual, go at <>



  • Valid HTML link is now part of the site specific content
  • people/editprofile removed h2 section, useless, design-breaker.


* SV_LOCAL_INC_PREFIX is replaced by SAVANE_CONF. This is the value you should put in Apache conf. Exporting SAVANE_CONF in a terminal will also make backend script taking it into account.



  • Fix html_image() so it can really guess images width and

height, if not passed as argument.

  • Fix to the Submit a task link on project homepage (closes: #663).
  • Fix attached file url in email notification (closes: bug #662).
  • Show "Originator Email" field only if an item was posted anonymously (closes: bug #666).
  • Fix extra "," added in the To: field when sending a request for inclusing (closes: bug #660).
  • Feedback the exact size of an attachment in case of failure, mentionning the use of addslashes() (closes: bug #678).
  • Do a first check with filesize() before strlen() when

attaching file, working better with big files (closes: bug #678).

  • Fix sql for category specific notification (closes: bug #668)
  • Fix notification not sent on new submissions if

'send on updates' not checked (closes: bug #673)

  • Fix notifications after posting followup comments

(closes: bug #679).

  • Bugs related to notifications no longer reproducible, probably due to others Yves Perrin's bugfixes on the same code part (closes: bug #273, bug #354, bug #399).
  • During the installation process, give some advices when starting the frontend (tell to register a project, etc), autodefine the unix group name of the registered project (according to the configuration), deactivate tests on the group name (that would lead to a refusal of "admin" for instance).
  • Implement a Posting Restriction model, following the

permission model. Projects admins can forbid posting item to users depending on their authentication level (member, logged in, anonymous). It works exactly like others permissions (configuration at the same places, possibility to rely on group type setting...) -- as a matter of fact, in does not really work like the current implementation running at CERN, but the spirit is the same and it offers the same possibilities, and even more. It applies to the usual trackers (task, support...) and news tracker (closes: bug #664, bug #665).

  • Links to unavailable action are now printed, but in a specific manner. utils_link() has been added for that purpose (closes: bug #685).
  • Inform user when he's using a theme non-compliant to latest Savane CSS Guidelines. If the theme is the default theme, even tell user to submit a support request for the installation he's using.
  • Switch to XHTML, use CSS more extensively. Some pages may be non-compliant, feel free to submit bug reports. Some <tables> should still be replaced by <div> and most forms are not XHTML standard valid. Apart from the "cleaning" side of the task, it gives themes more freedom (closes: bug #683).
  • New theme added, called "right", that specifically print the main menu on the right of the page
  • Savane CSS Guidelines 1.10 comes with a, special CSS file that have no purpose apart being imported by others themes, providing the basic needed classes required for minimal layout lisibility.
  • Now superuser are considered as normal users as long as they do not click on the menu link "Become superuser". This is like "su" principle on unix systems: no need to be root everytime, it can lead to mistakes and misunderstandings; you just become root when you need to (closes: task #347).
  • After login, always get back we're you were. Do the same in case of su logout.
  • Feedback now pop-up in fixed-position boxes. As result, their visibility should be greatly improved.
  • Session management: users can see remaining open sessions and trash them if obsolete (closes: task #112).
  • Incorporate CERN field values transitions: projects admins can determine whether it is possible to change a specific field from a value to another. For instance, you can force technician to pass a specific "status" stage wheee the item got reassigned to someone else (closes: bug #677).
  • Add the possibility to set multiple transition "from value any to this value" (closes: task #749).
  • Allow site admin to allow project admin to define their filelist directory, specifically the field groups.dir_download (closes: bug #669, bug #670, bug #671).
  • Update French i18n.

* Change wording in "My" area, using more frequently "I", since the area is called "My" -- we'll have to study the impact of this change on users.

  • Now locale textdomain is "savane", no longer "savannah".
  • "Secure" groups set active feature page. It avoids project admin to play will post variables to eventually activate tools the local admin did not activate. This change was made necessary by the addition of the possibility for project to configure dir_download,

if the local admin allowed it.

  • Allow users to get a daily/weekly/monthly reminder of item assigned to them of priority > 5. Allow admin to send a daily/weekly/monthly reminder of item assigned to project members of priority > 5 (closes: task #209, task #750).
  • Headers automatically added in sent mails changed a little bit. Now, they are X-Savane-Server, X-Savane-Project, X-Savane-Tracker, X-Savane-Item-ID.
  • Add a test on items commenters and do not try to send notification if the post was anonymous (closes: bug #696).
  • Users can configure the subject line of messages sent by trackers (closes: task #751).

* Cc notification list now not accept ; as separator (closes: support #111).

  • Make sure news summaries can be viewed in any cases (bug #703).
  • On news item site administration, highlight items posted by the administration group, also provide groups name in any news item lists (closes: bug #222).
  • On news item site administration, allows to edit content of posted items (closes: bug #223).
  • Projects can now configure a notification list for approved news items (closes: bug #234).
  • Distinguish status with a different set of colors (closes: bug #535).
  • Limit item history size by printing at maximum the 15 latest changes (closes: bug #688)
  • Clean date related functions, avoiding some bugs due to unix timestamp and date translations (closes: bug #694).

Note: this bug caused "planned close date" and "planned starting date" to be stored with a timestamp -1 day.

  • Add direct pointer to the currently shown item in the headers where item #nnnn is printed. Sometimes, you may want to refresh the page, for whatever reason, without doing reload.
  • In select boxes, when using trackers, field value are sorted by label, if the rank is not enough. This is interesting if you have several values with the same rank (closes: bug #526).
  • Ignore incomplete registration when testing if a sys group name already exists in the database, during project registration. Risks of a name clash seems near 0, while not doing that require maintainance, since some people interrupt registration and try to redoit later with the same name. And even if a name clash happens, admins should notice it during approval (closes: bug #332).
  • Give some tips after login failure.
  • Filelist allow subdirectories listing.
  • Cookies always include the full sysdomain; this make possible concurrent sessions on different servers that got the same main domain. However, it makes impossible to share cookie between http://www.domain and domain.
  • Number of latest group approved by per group type now depends on how many groups type you have. If you have more than 25 group types, no more than 2 groups per type will be showned on the front page. If you have less than 3 group types, 25 groups will be shown per group type.
  • Print 9 latest news on front page instead of 7.


  • Remove logo size (height, width) configuration options

(close: bug #680)

  • Remove useless configuration settings: sys_nglists_domain, sys_default_dir, sys_shell_host, sys_users_host, sys_docs_host, sys_dns1_host, sys_dns2_host, sys_lists_host, sys_server, sys_themeroot.
  • Configuration tool: ignore by default questions related to webalizer and mrtg integration. These are nowadays useless, since apache is no longer supposed to be able to this kind of data, for security reasons, on most installations.

* Add cron mailman parameter in conffile.

  • Install default crontab and logrotate file during install process.
  • Add, similar to sendmail.php. Now sv_mailman rely on it.
  • sv_mailman now understand --cron option.
  • Add sv_reminder, a script that send reminders to users about open items (closes: task #209, task #750).
  • sv_cleaner now deletes user account unconfirmed after two days (closes: bug #318).


  • Add Operating Sytem initvalues, activate the field Platform Version by default for support trackers.


Message: 141 released (posted by yeupou, Wed Sep 29 13:42:48 2004)

Savane subrelease is out: it fixes one bug that block password update during lost password procedure, if update/1.0.4/clean-usertable.sql was run (no effect on fresh install).

Thread Author Date releasedyeupouWed Sep 29 13:42:48 2004


Post a followup to this message

You could post if you were logged in
Show feedback again

Back to the top

Powered by Savane 3.1-cleanup