I'm proud to release version 2.2.0 of the Roundup issue
tracker.  This release is a bugfix and minor feature
release, so make sure to read `docs/upgrading.txt
<https://www.roundup-tracker.org/docs/upgrading.html>`_ to
bring your tracker up to date.

The changes, as usual, include some new features and many
bug fixes.

Note that you should run ``roundup-admin ... migrate`` to
update the database schema version. Do this before you use
the web, command-line or mail interface and before any users
access the tracker.

You can download it with::

   pip download roundup

then unpack and test/install the tarball. Also::

   pip install roundup

(preferably in a virtual environment) can be used.

Among the notable improvements from the 2.1.0 release are:

- Dynamic and static compression of http responses. This
  improves performance when a front end web server isn't
  serving compressed assets.
  
- REST interface supports CORS allowing Roundup to be used
  by third party web sites. Can specify origins allowed to
  use the REST interface. OpenAPI (SWagger) docs can be
  added. Error handling/reporting improved.

- Dockerfile to build a containerized Roundup instance.  A
  docker-compose configuration to deploy a a mysql based
  tracker is also supplied.

- New full text search methods. SQLite FTS and PostgreSQL
  full text search are supported. These allow search
  expressions in addition to simple word based searches.

- Secret values in config.ini can be stored in external
  files. This allows config.ini to be stored in a VCS
  without exposing secrets.

- Translation object added to internal database handle. This
  allows auditors and extensions to provide efficient
  translations.

- MySQL database creation uses COLLATE utf8_general_ci

- Wsgi startup improvements (must be enabled by setting
  feature flag).

- Fix crash when importing legacy Roundup tracker with long
  integers.

- Fix issues with Roundup unable to find supporting files
  when installed via pip. Removed additional references to
  distfiles module.

The file CHANGES.txt has a detailed list of feature additions and
bug fixes (57) for each release. The most recent changes from
there are at the end of this announcement. Also see the
information in doc/upgrading.txt.

If you find bugs, please report them to issues AT roundup-tracker.org
or create an account at https://issues.roundup-tracker.org and open a
new ticket. If you have patches to fix the issues they can be attached
to the email or uploaded to the tracker.

Upgrading
=========

If you're upgrading from an older version of Roundup you *must* follow
all the "Software Upgrade" guidelines given in the doc/upgrading.txt
documentation.

Note that you should run ``roundup-admin ... migrate`` for
all your trackers to update the database schema version. Do
this before you use the web, command-line or mail interface
and before any users access the tracker.

Roundup requires Python 2 newer than version 2.7.2 or Python 3 newer
than or equal to version 3.6 for correct operation. (Python
3.4 or 3.5 may work, but are not tested.)

To give Roundup a try, just download (see below), unpack and run::

    python demo.py

then open the url printed by the demo app.

Release info and download page:
     https://pypi.org/project/roundup
Source and documentation is available at the website:
     https://roundup-tracker.org/
Mailing lists - the place to ask questions:
     https://sourceforge.net/p/roundup/mailman/


About Roundup
=============

Roundup is a simple-to-use and install issue-tracking system with
command-line, web and e-mail interfaces. It is based on the winning design
from Ka-Ping Yee in the Software Carpentry "Track" design competition.

Note: Ping is not responsible for this project. The contact for this
project is rouilj at users.sourceforge.net. Use this address for
security or other sensitive issues. Development discussions occur on
the roundup-devel at lists.sourceforge.net mailing list. Tickets can
be opened at https://issues.roundup-tracker.org.

Roundup manages a number of issues (with flexible properties such as
"description", "priority", and so on) and provides the ability to:

(a) submit new issues,
(b) find and edit existing issues, and
(c) discuss issues with other participants.

The system facilitates communication among the participants by managing
discussions and notifying interested parties when issues are edited. One of
the major design goals for Roundup that it be simple to get going. Roundup
is therefore usable "out of the box" with any Python 2.7.2+ (or 3.6+)
installation. It doesn't even need to be "installed" to be operational,
though an install script is provided.

It comes with five basic issue tracker templates

* a classic bug/feature tracker
* a more extensive devel tracker for bug/features etc.
* a responsive version of the devel tracker
* a jinja2 version of the devel template (work in progress)
* a minimal skeleton

and supports four database back-ends (anydbm, sqlite, mysql and postgresql).

Recent Changes
==============

From 2.1.0 to 2.2.0.

Fixed:
------

- issue2551161 - Fix ResourceWarnings when running with -W default.
  Cleaned up leaking file descriptors from zopetal pre-compile, python
  module compile and loading localization file. (John Rouillard) 
- When using roundup-server with native SSL, only accept TLS v1.2.
  Previously it used to accept only TLS v1.1. 1.1 is deprecated by
  chrome. I don't expect this to be a major problem since a front
  end server (apache, Nginx...) is usually customer facing and
  terminates SSL.  (John Rouillard)
- Fix hang when valid user without authorization for REST tries to use
  the rest interface.  (John Rouillard)
- Remove Content-Type and make sure no content is returned by OPTIONS
  request in REST interface. (John Rouillard)
- In write_html set the Content-Length when response is not
  encoded/compressed. (John Rouillard)
- In REST interface do not raise UsageError for invalid api version.
  Return json error with proper message. Fixes crash. (John Rouillard)
- In REST interface, allow extensions on URI less than 6 characters in
  length. All other paths with a . in then will be passed through
  without change. This allows items like a JWT to be passed as a path
  element. (John Rouillard)
- issue2550995 - KeyError classic during roundup-admin install. Add
  paths to search for locale and template files.
- issue2551167 - pip install in containerized environments puts
  template and locale files under site-packages where roundup can't find
  them. Change code to find them under site-packages.
- REST replace hard coded list of child endpoints for /rest/ with list
  pulled from registered endpoints. So newly added endpoints are
  shown. (John Rouillard)
- issue2551107 - Handle representation of long int in history params
  for python3. Causes SyntaxError crash when showing history due to
  long int e.g. 2345L. This is not a problem for roundup trackers
  created using 1.2.0 or newer. The fix may have predated the 1.2.0
  release but where the fix actually landed (representing id as a
  string and not as an int) is unknown.
- issue2551175 - Make ETag content-encoding aware. HTTP ETag headers
  now include a suffix indicating the content-encoding used to send
  the data per rfc7232. Properly validate any form of ETag suffixed or
  non-suffixed for If-Match.
- issue2551178 - fix Traceback in Apache WSGI - during file upload
- issue2551179 - make roundup-demo initialize templates using
  config_ini.ini overrides. Needed for jinja to set template lang etc.
  Recognize minimal template when presented with a full
  path. (John Kristensen (jerrykan) and John Rouillard)
- handle configparser.InterpolationSyntaxError raised if value
  has a single %. Seems to afect python 3 only. Reported by
  nomicon on IRC. (John Rouillard)
- add random delay to session database retry code between 0 and .125
  seconds. This seems to help reduce stalled connections when a
  number of connections are made at the same time. Log remaining
  retries once 5 of them have been used. (John Rouillard)
- issue2551169 - setup.py enters endless loop on gentoo linux python2
  installation. Fixed.
- issue2551185 - must set PYTHONPATH=... python2 setup.py install
  --prefix=/tmp/r2. Force insert --old-and-unmangable to get it
  to use a classic installer and not an easy install. This only
  affects python2.
- issue2551186 - Python versions >= 3.3 no longer use socket.sslerror.
  Andrew (kragacles) patched uses of socket.sslerror in mailgy.py.
  Patch adapted to allow trapping sslerror under both python2 and 3.
  (John Rouillard)
- issue2551142 - postgresql reworked to use savepoint/"rollback to"
  rather than commit()/rollback(). Using savepoint should be faster.
- issue2551196 - Unset labelprop of a Multilink can lead to Python
  error when using context/history. (reported and initial patch: Nagy
  Gabor, John Rouillard)
- Fix roundup-server to pass If-Range http header so Ranges work
  better. (John Rouillard)
- issue2551183 - Replace references to distutils in
  roundup/dist/command (John Rouillard)
- Fix hang if Range request was not able to be satified or a HEAD
  request was done.
- Mark strings involved with password reset and registration for
  translation. (reported: Thomas Arendsen Hein, John Rouillard)
- issue2551159 - cl.filter fails if filterspec is None (also
  group and sort). Passing a sort, group or filterprop param
  set to None to any filter() call should not cause a
  traceback. It will pretend as though no filter, sort or
  group was specified. (John Rouillard)
- issue2551205 - Add support for specifying valid origins
  for api: xmlrpc/rest. Allows CORS to work with roundup
  backend. (John Rouillard)
- new option added to config.ini: login_empty_passwords set to
  no by default. Setting this to yes allows a user with an
  empty password to login.
- issue2551207 - Fix sorting by order attribute if order attributes can
  be None. Add a test.
- issue2551203 fix CORS requests by providing proper headers and allowing
  unauthenticted CORS preflight requests. (Marcus Priesch and John
  Rouillard)
- issue2551206 - removed some windows installer references that were missed.
- document use of jinja2 templating as optional in config.ini
  file. Report if available or not. (John Rouillard)
- make setup.py install the Zope and wsgi.py frontends under
  share/frontends. This matches the install of the cgi-bin/roundup.cgi
  frontend. (John Rouillard)
- prevent submit button from showing up when using _generic.item.html
  if the user doesn't have edit permissions. (John Rouillard)
- issue2551216 - create new mysql databases using COLLATE
  utf8_general_ci to prevent crashes in test suite. (John Rouillard)

Features:
---------

- issue2551147 - Enable compression of http responses in roundup.
  Allow roundup to return gzip, (br or zstd with added modules)
  Content-Encoded replies. Compression could be done in upstream
  proxies/wsgi server but this allows it to occur natively. (John
  Rouillard)
- Change tracker templates adding required to login forms. Invokes
  browser error reporting if user forgets to fill in a field.
  (John Rouillard)
- issue1596345 - filtering user list (need
  user.search.hml). Incorporate user search features from
  issues.roundup-tracker.org into classic template. Devel and
  responsive templates already have this feature.
- issue2550917 - Add a: "Welcome user, you have logged in" ok_message
  on login. (Ashley Burke)
- enable HTTP/1.1 for roundup-server. This enables keep-alive for
  faster response/loading. Also eliminates stalls when the front end web
  server uses http 1.1 but the roundup-server uses 1.0. New option
  "-V HTTP/1.0" can turn it off. (John Rouillard)
- issue2551163 - add scripts/Docker/Dockerfile to provide basic support for
  containerization. See installation.txt for details. (John Rouillard)
- issue2551163 - add scripts/Docker/docker-compose.yml to get a
  mysql/roundup deployment. (Norbert Schlemmer, modified by John
  Rouilard)
- REST add openapi_doc decorator to add openapi_doc to
  endpoints. Decorate a couple of examples. (John Rouillard)
- REST when incorrect method is used, report allowed methods in error
  message as well as in an Allow header. (John Rouillard)
- REST change response to invalid attribute specified in path.  Return
  400 code not 405 code for this case and improve error. (John
  Rouillard)
- REST correct values for some Access-Control-Allow-Methods and
  Access-Control-Allow-Headers headers. (John Rouillard)
- issue2550991 - define default cache control settings for javascript
  and css assets. (John Rouillard)
- issue2551181 - fragments can be appended to designators. So
  issue23#msg24 could jump to the element with id msg24 in issue 23.
  Before this patch you would have two links issue23 and msg24
  separated by # (John Rouillard).
- added small utility script to dump dbm based tracker databases
  (e.g. db/sessions). (John Rouillard)
- issue2551182 - Enhance configuration module to allow loading values
  from an external file. Secrets (passwords, secrets) can specify
  file using file:// or file:///. The first line of the file is used
  as the secret. This allows committing config.ini to a VCS. (John
  Rouillard)
- Added xapian indexer to Docker container. (John Rouillard)
- Add support for indexer type native-fts to use FTS5 for sqlite
  databases. (John Rouillard)
- Add support for indexer type native-fts to use PostreSQL's full text
  search. (John Rouillard)
- Add better error display to the user. Needed to expose errors in fts5
  search syntax to the user while also displaying the template page
  structure. (John Rouillard)
- issue2551189 - increase size of words in full text index.
  Many terms (like exception names or symbolic constants) are larger
  than 25. Also German words are long. Since there is little chance of
  fixing German to shorten their words, change indexer maxlength to 50.
  (Thomas Arendsen Hein provided patch; patch reworked John Rouillard)
- issue2551184 - add an i18n object to the roundupdb. This makes it
  possible to translate error messages in detectors (or actions). The
  i18n object is now also correctly set for the mail interface:
  previously the 'language' setting in the [mailgw] section seems to
  have been ignored. Thanks to Marcus Priesch for the patch.
- issue2551212 - speed up wsgi interface by caching the tracker
  instance. Hidden behind a feature flag. See upgrading.txt for
  details. (Marcus Priesch with feature flag by John Rouillard)
