newsSavane - News: Release 3.0: markup language and anti-spam tools

 
 
Show feedback again
Latest News
New Savane release fixes symlink attack and privilege escalation posted by beuc, Wed 02 Dec 2009 10:24:18 PM UTC - 0 replies
Release 3.0: markup language and anti-spam tools posted by yeupou, Mon 04 Dec 2006 09:38:30 AM UTC - 2 replies
Release 2.0: interface heavy improvements, bugfixes and cosmetics posted by yeupou, Tue 03 Oct 2006 08:06:29 AM UTC - 2 replies
We need packagers! posted by yeupou, Tue 19 Sep 2006 06:09:45 PM UTC - 2 replies

Release 3.0: markup language and anti-spam tools

Item posted by Mathieu Roy <yeupou> on Mon 04 Dec 2006 09:38:30 AM UTC.

Here comes a new Savane release. This release brings many improvements. A markup language (inspired by the commonly used in wikis) enables users to format content, for instance in item reports. Numerous anti-spam tools are now available: DNSbl, SpamAssassin, ability to users to flags content as spam. The item page layout has been re-organized so that editing the item attributes or inserting a comment no longer require to scroll the window (especially when the item description is large) ; the various sections are folded (unfolded by a simple click) to provide a more condensed layout. It is possible to create squads, meta-users that allows a project to group small teams of members that must be assigned items together, etc. The notification management has be simplified and now people can always remove themselves from an item CC list.

I'd like to thanks anyone involved in this release, most notably Tobias Toedter, Yves Perrin (CERN, PH SFT) and Andreas Pfeiffer (CERN, PH SFT).

The release tracking has been made with the task #3633.

Get a copy

Check the download area for the GPG-signed tarball, or read recipe #204 if you want to use debian packages.

Upgrading a running installation

If you are running Savane 2.0, you should run SQL and Perl scripts included in savane/update/3.0, as described in savane/update/README (or shipped with the debian package savane-update).

If you are running an older version than 2.0, you should run the scripts in savane/update for each release you missed.

These scripts will handle the changes on the database needed. They are supposedly safe but you should, indeed, do a backup of your database first, just in case (using mysqldump, for instance).

You must also add the site-specific-content file named dnsbl.txt, using as template the one shipped in etc/site-specific-content.

See also

If you haven't before, we recommend that you also read:

Complete ChangeLog

SITE SPECIFIC CONTENT

  • dnsbl.txt added: allow the define the DNS Blacklist to use.

CONFIGURATION

  • If you intend to run SpamAssassin to filter spams posted on trackers, you must rebuild your conffile by running: `sv_update_conf --recreate`

FRONTEND

  • Now includes a Markup language to enable users to format text without allowing them to type in HTML for security reasons. It means that in places where HTML was allowed before (project description, users resume, trackers item posting preamble), the HTML must be removed (task #2874).
  • Access to files attached to private items is now restricted as the items.
  • Added Markup to allows users to format text (task #2874).
  • Added a preview of news content when approving new items (bug #2121).
  • Display jobs by project type.
  • Fix a bug causing the result bar, when browsing items, to show as number of results the number of "item to show per page", when using a "modified since" additional constraint, if the number of result was superior to the number of "item to show per page". As result, the links to items not shown on the page due to the number of "item to show per page limit" were missing (bug #7566).
  • In statistics page, fields are now listed in their configured order (task #3775).
  • Fix a bug that was making impossible to post comment on a private item to the person that submitted the item (unless he has rights on the relevant tracker due to group membership), while we actually wants to allow him to do so (bug #7524).
  • Fix a bug causing the user profile to show the user as member of groups on which is only requesting for inclusion, not yet approved.
  • Now projects can create Squads: Squads are meta-users that enable to share permissions, items assignation and notifications among several project members (task #3665).
  • User Carbon-Copy notification settings simplified and items Carbon-Copy list improved. Now users can always remove themselves from Carbon-Copy list of a given item (in the past, if you posted a comment on an item you could not remove you from the notification of this item in particular). Instead of determining from users actions on the items the notification, now users are simply added to the CC list of the item when they act on it. They can configure some notification to always ignore, for instance they can decide to skip all notifications of their own changes made on items, to skip all notifications unless the item is closed or its status changed (useful for someone that just want to know if item get closed but do not want to follow developers discussions). They can also configure the system not to add them in the Carbon-Copy list automatically, when they post a comment or when they update an item. Finally, they can configure the system to remove them from the Carbon-Copy list when an item assigned to them is reassigned to someone else (useful for people in charge of handle item submission sorting, that would not care about the item destiny once the item properly reassigned) (task #4080, task #3776).
  • Fix a bug causing email obsfucation to work anormally in item history (bug #7303).
  • Fix a bug causing "Member since info" to be missing from an user profile if he is member of a private group (bug #7644).
  • Make sure new project notification setup is not ignored when an item is reassigned to it.
  • Item pages heavily reorganized (task #3787, task #2887).
  • Fix a bug making impossible to change posting restriction if the news tracker was deactivated (bug #7653).
  • Remove, in fields usage configuration, inconsistant reference to transitions in the case of non selectbox field (bug #7654).
  • Allow multiple file upload at once. What was the file upload limit is not the total upload limit. Users can upload more files but the same amount of data (task #2392).
  • Detect MSIE 7 and deactivate MSIE 5/6 specific dirty hacks (bug #7688).
  • Make sure mailing-list reconfiguration process is not done before the mailing-list was actually created on the system (mailman-specific, bug #7689).
  • Fix a bug causing new CC to be lost if a mandatory field was not filled (bug #5658).
  • Very long links are cut to avoid them to break the page layout.
  • It is now possible to lock discussions: manager can decide to restrict items updates to managers and technicians (stop flamewars). It is a good idea on trackers that accept anonymous comment post to add this as automated transition on item closing, so spammers robots will have less items available to spam (task #4129).
  • Account name is no longer mention in the mail sent on account creation to prevent too easy account creation by robots (please read task #2876).
  • Shows only groups registered during the last trimester in the front page features boxes (bug #7743).
  • Add DNS blacklist checks (task #4127).
  • Log permissions denied and DNSbl rejections.
  • Allow an user to remove himself from all Carbon-Copy lists of a given group - useful when someone quit a group (task #4137).
  • Ban IPs of anonymous spammers for 6 hours (task #4141).
  • "Contributors Wanted" site menu entry moved from "Site Help" to "Hosted Project" submenu: it does not actually provide help to users but is interesting info about the groups hosted.
  • Fix a bug causing in My Items > Assigned to me groups to be missing after a click on (-) (bug #7760).
  • Rename "$sys_name Help" and "$sys_name Administration" in "Site Help" and "Site Administration". Looks less clumsy (to be consistent we should have repeated $sys_name in every menu title, like $sys_name hosted projects, etc), enlight that it is site wide.
  • Fix problems accessing attached files that contains a # in their name (bug #7796).
  • Put an invisible trap to spambots, a field unused that will be considered as bogus if filled (task #4151). This will not prevent tailored spambots to post, but this will definitely block the others. And it is common knowledge that even old spambots are still used nowadays, no matter how easy it is to catch them.

BACKEND

  • sv_extra_merge_projects is now able, when moving items from the source group, to assign items to a given category of the destination project (task #3830).
  • sv_extra_svn_postcommit_brigde added. Activated from SVN post-commit hooks, it will add a special comment if to items if there reference is included in commit message (task #2594).
  • Use chmod user:group syntax, more portable than user.group (bug #7729).
  • sv_update_conf now automatically try to find out the Apache group (www-data, apache, etc) to use to set conffile ownership (bug #7758).
  • Fix a bug causing weekly export to fail to update the export timestamp at the end of the month (bug #7508).

LIB

  • User.pm: remove .authorized_keys when the key number is null.
  • Provide backward compatibility symlinks like Savannah.pm -> Savane.pm (bug #5664).

DATABASE STRUCTURE

  • Numerous spamcheck related changes (spamscore and IP fields added in trackers tables, spamscore, spamban tables added, etc).

That's all folks!

Comments:

Message: 244
Repacking +1 (posted by yeupou, Mon 04 Dec 2006 04:41:37 PM UTC)

This version has been repackaged to include a fix to a problem occuring only with MySQL 5 (see task #4205). If you run MySQL 5, make sure you got at least 3.0+1.

Thread Author Date
Repacking +1yeupouMon 04 Dec 2006 04:41:37 PM UTC

 

Post a followup to this message

You could post if you were logged in
Show feedback again

Back to the top


Powered by Savane 3.1-cleanup