forked from inveniosoftware/invenio
-
Notifications
You must be signed in to change notification settings - Fork 0
/
NEWS
5244 lines (3793 loc) · 206 KB
/
NEWS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
Invenio NEWS
============
Here is a short summary of the most notable changes in Invenio
releases. For more information about the current release, please
consult RELEASE-NOTES. For more information about changes, please
consult ChangeLog.
Invenio v2.1.1 -- released 2015-09-01
-------------------------------------
Security fixes
~~~~~~~~~~~~~~
+ global
- Fixes potential XSS issues by changing main flash messages
template so that they are not displayed as safe HTML by default.
+ search
- Fixes potential XSS issues by changing search flash messages
template so that they are not displayed as safe HTML by default.
Incompatible changes
~~~~~~~~~~~~~~~~~~~~
+ access
- Removes configuration option CFG_SUPERADMINROLE_ID.
- Replaces all zero values with NULL in the table
accROLE_accACTION_accARGUMENT. The usage of NULL value in
substitution of zero value was introduced in the commit 7974188
because Foreign Key does not support it.
Improved features
~~~~~~~~~~~~~~~~~
+ I18N
- Completes Italian translation.
- Completes French translation.
+ accounts
- Uses the localized site name when sending email to users. (#3273)
+ docker
- Improves Docker documentation notably related to how to work with
Invenio site overlays.
+ global
- Adds super(SmartDict, self).__init__ call in the __init__ method
in SmartDict to be able to make multiple inheritance in Record
class in invenio-records and be able to call both parent's
__init__.
+ jasmine
- Allows using variables from application config for building asset
bundles.
+ legacy
- Improves exception handling of integrity errors raised by MySQLdb
library.
Bug fixes
~~~~~~~~~
+ OAIHarvest
- Fixes the parsing of resumptiontoken in incoming OAI-PMH XML which
could fail when the resumptiontoken was empty.
+ access
- Sets superadmin role ID included in roles list returned from
acc_find_possible_roles to the correct, current value. (#3390)
(#3392)
- Fixes the authorization delete query to consider NULL value on
id_accARGUMENT authorization column. The usage of NULL value in
substitution of zero value was introduced in the commit 7974188
because Foreign Key does not support it.
- Fixes property id_accARGUMENT of AccAuthorization model.
+ encoder
- Corrects the `compose_file` function call in `process_batch_job`
to produce `<directory>/content.<extension>` instead of
`<directory>/content.content;<extension>`. (#3354)
+ global
- Fixes the way configuration variables are parsed from ENV. It now
uses the same method we are using in `inveniomanage config set`.
This fixes the problem that `False` is not parsed correctly.
+ i18n
- Updates PO message catalogues and cleans them of duplicated
messages. (#3455)
+ indexer
- Adds missing `get_nearest_terms_in_idxphrase_with_collection`
import. Fixes the name of field argument, and returns an empty
list when no model is passed. (#3271)
+ installation
- Fixes database creation and upgrading by limiting Alembic version
to <0.7.
+ legacy
- Addresses an issue with calling six urllib.parse in a wrong way,
making users unable to harvest manually from the command line.
+ login
- Provides flash message to indicate that an email with password
recovery could not be sent. (#3309)
+ search
- Enforces query string to be unicode to overcome pypeg2 parsing
issues. (#3296)
- Fixes admin interface for managing facets. (#3333)
Notes
~~~~~
+ global
- Displaying HTML safe flash messages can be done by using one of
these flash contexts: '(html_safe)', 'info(html_safe)',
'danger(html_safe)', 'error(html_safe)', 'warning(html_safe)',
'success(html_safe)' instead of the standard ones (which are the
same without '(html safe)' at the end).
- Backports Flask-IIIF extension from original commit
213b6f1144734c9ecf425a1bc7b78e56ee5e4e3e. The extension is not
enabled by default in order to avoid feature addition to existing
minor release.
+ search
- Displaying HTML safe flash messages can be done by using one of
these flash contexts: 'search-results-after(html_safe)',
'websearch-after-search-form(html_safe)' instead of the standard
ones (which are the same without '(html safe)' at the end).
Invenio v2.1.0 -- released 2015-06-16
-------------------------------------
Security fixes
~~~~~~~~~~~~~~
+ docker:
- Disables debug mode when using standard Docker image. Uses docker
compose to set the variable instead.
Incompatible changes
~~~~~~~~~~~~~~~~~~~~
+ access:
- Removes proprietary authentication protocol for robotlogin.
(#2972)
- Removes external authentication engines. Please use
`invenio_oauthclient` or Flask-SSO instead. (#1083)
+ assets:
- Removes support for runtime compiling of less files in debug mode
when option LESS_RUN_IN_DEBUG is enabled. (#2923)
- Requires update of bootstrap version of overlays.
+ collections:
- Collection reclist is not populated anymore. Use collection phrase
index using query matcher based on record data, hence no second
order operator will work in collection query definition.
+ communities:
- Removes 'communities' module that has been externalised to
separate Python package called 'invenio_communities'. Migration
can be done by running `pip install invenio_communities` and
adding 'invenio_communites' to PACKAGES. (#3008)
+ formatter:
- Database table 'format' and 'formatname' have been dropped and
foreign keys in other tables has been changed to use lower case
version of output format base filename without extension name.
- Output formats are no longer modifiable from web interface as they
syntax has been changed from custom "bfo" to "yml". (#2662)
- Custom output formats from the database needs to by merged with
`bfo` files to new `yml` files. Please follow instructions when
running `python scripts/output_format_migration_kit.py`.
+ global:
- Removes old URL handlers for `/search` and `/record`. (#2958)
- Enables 'sql_mode' as 'ansi_quotes' for quotes compatibility for
MySQL.
- Drops all active sessions during upgrade. Might result in log
entries about non-restorable sessions.
- Drops all active sessions during upgrade. Might result in log
entries about non-restorable sessions.
- Moves `deprecated` decorator under `invenio/utils/deprecation.py`
- Changes url_for behaviour to return always a unicode string.
(#2967)
- Deprecates invenio.config hack for legacy code. (#3106)
- Deprecates use of invenio.utils.redis in favor of
invenio.ext.cache. (#2885)
- Removes support for custom remote debuggers. (#2945)
+ installation:
- Upgrades minimum SQLAlchemy version to resolve Enum life cycle
problems on PostgreSQL. (#2351)
+ legacy:
- Specifies deprecation warnings for all remaining legacy modules
according to the latest Invenio 3 road map.
- Specifies deprecation warnings for legacy modules bibcirculation,
bibdocfile, bibedit, elmsubmit, websearch_external_collections,
and websubmit.
- Enables 'sql_mode' as 'ansi_quotes' for quotes compatibility for
MySQL.
- Removes deprecated bibknowledge module.
- Removes deprecated `inveniocfg` command line interface.
+ multimedia:
- Depreactes multimedia module.
+ search:
- Removes support for legacy `perform_request_search` and
`search_unit` API functions.
- Removes support for specific Aleph idendifiers from search engine.
New features
~~~~~~~~~~~~
+ access:
- Adds 'usedeposit' action which enables per user access
restrictions for different deposit types. (#2724)
- Adds the ability to restrict access per object independently from
the parent.
+ accounts:
- Adds support for allowing users to update their profile (nickname,
email, family name and given name).
- Adds support for users to re-request an verification email to be
sent.
- Adds new Passlib Flask extension to support configurable password
contexts in Invenio. (#2874)
- Adds panel blocks to settings templates.
+ babel:
- Adds datetime localization template filters.
+ collections:
- Adds new calculated field '_collections' to records from which the
'collection' index is created. (#2638)
+ deposit:
- Adds generic JinjaField and JinjaWidget to render templates as
form fields. This might be used in case longer explainations are
required for forms or to add pictures and other material that may
increase usability.
+ global:
- Uses Flask-IIIF extension providing various image manipulation
capabilities.
- Adds possibility to refer to documents and legacy BibDocFiles via
special path such as `/api/multimedia/image/recid:{recid}` or
`/api/multimedia/image/recid:{recid}-{filename}` or
`/api/multimedia/image/uuid` with proper permission checking.
(#3080) (#3084)
- Adds general pagination macro for Flask-SQLAlchemy Pagination
object. (PR #3006)
- Adds 'noscript' block to the page template to warn users with
disabled JavaScript on their browser. (#1039)
+ knowledge:
- Adds manager to knowledge with a command to load mappings into an
existing knowledge base from a file. E.g. `inveniomanage knowledge
load kb_name /path/to/file.kb`
+ oauthclient:
- Adds support for CERN OAuth authentication.
+ records:
- Adds support for granting author/viewer rights to records via tags
by specifying CFG_ACC_GRANT_AUTHOR_RIGHTS_TO_USERIDS_IN_TAGS
and/or CFG_ACC_GRANT_VIEWER_RIGHTS_TO_USERIDS_IN_TAGS. (#2873)
+ script:
- Implements optional TLS encryption directly by Werkzeug. Adds many
configuration variables (`SERVER_TLS_*`) to control the behaviour.
- Adds support for PostgreSQL database initialization.
+ search:
- Implements a mechanism that enhances user queries. The enhancer
functions are specified in the 'SEARCH_QUERY_ENHANCERS' and later
they are applied to the query AST one after the other in the
search method. (#2987)
- Adds new API for querying records.
- Adds new configuration option SEARCH_WALKERS which specifies
visitor classes that should be applied to a search query.
- Adds additional search units for the auxiliary author fields
`firstauthor`, `exactauthor`, `exactfirstauthor` and
`authorityauthor`.
- Adds missing operator handling of greater than (>) queries.
- Adds new configuration varibles `SEARCH_QUERY_PARSER` and
`SEARCH_QUERY_WALKERS` for query parser.
- Adds new API for record matching againts given query.
+ template:
- Adds bootstrap scrollspy to the base template so it can be used by
all modules.
+ workflows:
- Adds new buttons to the Holding Pen details pages to delete and
restart current task.
Improved features
~~~~~~~~~~~~~~~~~
+ accounts:
- Improves legend alignment in login form.
+ classifier:
- Improves the stripping of reference section when extracting text
from PDF by using a more appropriate refextract API.
+ deposit:
- Corrects reflow on narrow screens and removes misused classes for
labels.
- Adds sticky navigation item to the deposit page to simplify
overview on larger forms. Works well with collapsed elements. On
narrow screens the navigation gets pushed in front of all other
form elements.
- Improves handling of large files in deposit.
- Fixes problem with misaligned checkbox and radio list items. They
are produced because wtforms does not wrap input elements into
labels as it is intended by the bootstrap framework.
+ docker:
- Changes port number exposed by docker to non-reserved ones to
avoid conflicts with local installations. Webport is now 28080,
Redis 26379 and MySQL is 23306, which is a simple +20000 shift
from the standard ports.
- Integrates docker boot script into docker image.
- Changes docker boot script to use `exec`. This ensure signal
forwarding and reduces the overhead by one process. As a result
container shutdown is faster now.
- Changes manual master/slave configuration of Docker devboot script
to automatic solution using file locks.
+ formatter:
- Improves support for translated output format names on search
results page. (#2429)
+ global:
- Supports database creation on PostgreSQL server.
- Implements session signing. This avoids cache request for invalid
sessions and reduces the DDoS attack surface.
- Removes IP address storage+checks. This avoids data privacy issues
and enables users with multiple connections (e.g. WIFI+LTE,
multiple WIFI connections on trains+stations) to stay signed in.
- Enhances `run_py_func` to be able to print both to some StringIO
and to the terminal at the same time. This is enabled with the
`passthrough` argument. It now also always returns stderr,
deprecating the `capture_stderr` argument. The return value is now
a namedtuple so that one can easily fetch the required value. Its
arguments to a more natural order (name of the executable first
and arguments afterwards.
- Supports database creation on PostgreSQL server.
- Improves compatibility of Text fields in PostrgeSQL by changing
Text in models and removes Invenio hacks on MySQL Index and
Primary Key creation because starting from SQLAlchemy>=1.0 it
arises an exception if the length is specified. (#3037)
+ knowledge:
- Relaxes constraints on dynamic search function that used to force
us to create temporary knowledge base. (#698)
+ legacy:
- Supports database creation on PostgreSQL server.
+ oauthclient:
- Extra template block addition.
+ refextract:
- Replaces usage of 'urllib' by 'requests' library and improves
manipulation with temporary file used for extraction of
references.
+ script:
- Uses SQLAlchemy and SQLAlchemy-Utils to initialize the database
instead of executing mysql in a python subshell. (#2846) (#2844)
+ search:
- The search results pages emits proper Cache and TTL information in
its HTTP headers, so that any eventual external cachers (such as
varnish) could act accordingly to invalidate their caches
automatically, without any configuration. (#2302)
- Collection filtering of search results no longer returns orphan
records.
- Improves native facet creations.
+ template:
- Replaces Invenio PNG logo with SVG version. This works better on
high resolution (retina) screens and it is supported by all
browers.
+ unapi:
- Separates UnAPI url handling to a new module.
+ upgrader:
- Clarifies that the upgrade dependency is only a best guess.
(#2561)
+ workflows:
- Updates the layout of the details pages in Holding Pen to display
at which step the object is in the workflow.
- When rendering the task results, the Holding Pen now passes a
dictionary instead of a list in order to allow finer grained
control in the template.
Bug fixes
~~~~~~~~~
+ access:
- Sets the superadmin role ID properly when elaborating access
authorizations. Previously it was masked behind an application
context exception. (#3184)
+ accounts:
- Fixes invalid HTML of the 'remember me' login form checkbox.
- Corrects conditions on when to sent a notification email.
(addresses zenodo/zenodo#275) (#3163)
- Fixes issue that allowed blocked accounts to login.
+ classifier:
- Properly handles file paths containing a colon (:), avoiding bad
text extraction that causes (1) wrong results and (2) much slower
execution.
- Properly tags the execution of classifier as fast in the standard
workflow task when applicable.
+ deposit:
- Fixes issue with PLUpload chunking not being enabled.
- Fixes "both collapse arrows are shown" bug in deposit frontend.
+ formatter:
- Changes the mimetype of the `id` output format to application/json
and properly returns a JSON formatted list of results.
+ indexer:
- Avoids an exception from happening when passing a unicode string
to the BibIndex engine washer. (#2981)
+ installation:
- Fixes capitalization of package names.
+ legacy:
- Fixes inveniogc crash when mysql is NOT used to store sessions.
(#3205)
- Catches also any `MySQLdb.OperationalError` coming from legacy
MySQL queries using `run_sql()`. (#3089)
- Fixes an issue with outputting the post-process arguments when
adding or editing an OAI source.
+ oauthclient:
- Marks email address of users creating their account with oauth
process as invalid.
- Sends a validation email when users create their account with
oauth. (#2739)
- Improves security by leaving users' password uninitialized when
their account is created by the oauth module.
+ records:
- Improves type consistency of keys and values in JSON record
created from MARC and retrieved from storage engine. (#2772)
- Fixes double message flashing issues during 401 errors.
- Fixes issue with empty records not returning an 404 error.
- Fixes 500 error when record does not exist. (#2891)
+ search:
- Fixes an issue of returning the wrong results when searching for
single values in the author field (e.g. 'author:ellis').
+ submit:
- Fixes upgrade recipe for SbmCOLLECTION_SbmCOLLECTION table
introduced in commit @1021055. (#2954)
+ workflows:
- Fixes an issue where the workflow engine would try to save a
function reference in the extra_data task history, causing an
error when serializing extra_data.
Notes
~~~~~
+ access:
- The default access role ID for the superadmin user is 1, but it
can be configured via CFG_SUPERADMINROLE_ID.
- Requires running `webaccessadmin -u admin -c -a -D` command.
+ accounts:
- Changes user model fields family name/given names to store empty
string as default instead of null.
- Adds support for users to change email address/nickname. If you
store email addresses in e.g. records or fireroles you are
responsible for propagating the users change of email address by
adding listeners to the 'profile-updated' signal. Alternatively
you can migrate records (using
CFG_ACC_GRANT_AUTHOR_RIGHTS_TO_USERIDS_IN_TAGS and
CFG_ACC_GRANT_VIEWER_RIGHTS_TO_USERIDS_IN_TAGS) and fireroles
(using "allow/deny uid <uid>") to restrict access based on user id
instead of user email address.
- Refactors password hashing to (a) explicitly specify password salt
instead of relying on the email address, since a change of email
would cause the password to be invalidated (b) support multiple
password hashing algorithms concurrently (c) automatic migration
of deprecated hashes when users log in (d) allows overlays to
specify their preferred hashing algorithms.
- Deprecates legacy Invenio's hashing algorithm based on AES
encryption of email address using the password as secret key in
favor of SHA512 using random salt and 100000 rounds.
+ assets:
- Updates Twitter Bootstrap to 3.3 to fix some issues, e.g. to low
colour contrast of navbar background<->font. Requires update of
Twitter Bootstrap version in Invenio overlays.
+ collections:
- The tag table now contains 'collection idetifier' with correct
'value' and 'recjson_value' ('' and '_collections').
+ formatter:
- Invenio 1.x BFT template language and BFE elements are being
deprecated. Please migrate overlay output formats to use Jinja2.
(#2662)
- Removes fallback template rendering and puts standard exception
logging in place. (#2958)
+ global:
- Removes unused legacy cascade style sheets. (#2040)
+ indexer:
- The lower_index_term() now returns the term as a Unicode string
which can have an impact on custom tokenizers and regular
indexing.
+ installation:
- Adds missing access rights for database user accessing server from
localhost. (#3146)
+ records:
- Ports basic BibDocFile serving including access right checks.
(#3160)
+ unapi:
- Add `invenio.modules.unapi` to PACKAGES if you would like to keep
the `/unapi` url.
Invenio v2.0.6 -- released 2015-09-01
-------------------------------------
Security fixes
~~~~~~~~~~~~~~
+ global
- Fixes potential XSS issues by changing main flash messages
template so that they are not displayed as safe HTML by default.
+ search
- Fixes potential XSS issues by changing search flash messages
template so that they are not displayed as safe HTML by default.
Improved features
~~~~~~~~~~~~~~~~~
+ I18N
- Completes Italian translation.
- Completes French translation.
+ global
- Adds super(SmartDict, self).__init__ call in the __init__ method
in SmartDict to be able to make multiple inheritance in Record
class in invenio-records and be able to call both parent's
__init__.
Bug fixes
~~~~~~~~~
+ OAIHarvest
- Fixes the parsing of resumptiontoken in incoming OAI-PMH XML which
could fail when the resumptiontoken was empty.
+ i18n
- Updates PO message catalogues and cleans them of duplicated
messages. (#3455)
+ installation
- Fixes database creation and upgrading by limiting Alembic version
to <0.7.
+ legacy
- Addresses an issue with calling six urllib.parse in a wrong way,
making users unable to harvest manually from the command line.
Notes
~~~~~
+ global
- Displaying HTML safe flash messages can be done by using one of
these flash contexts: '(html_safe)', 'info(html_safe)',
'danger(html_safe)', 'error(html_safe)', 'warning(html_safe)',
'success(html_safe)' instead of the standard ones (which are the
same without '(html safe)' at the end).
+ search
- Displaying HTML safe flash messages can be done by using one of
these flash contexts: 'search-results-after(html_safe)',
'websearch-after-search-form(html_safe)' instead of the standard
ones (which are the same without '(html safe)' at the end).
Invenio v2.0.5 -- released 2015-07-17
-------------------------------------
Security fixes
--------------
+ docker:
- Disables debug mode when using standard Docker image. Uses docker
compose to set the variable instead.
Improved features
-----------------
+ deposit:
- Improves handling of large files in deposit.
+ docker:
- Improves Docker documentation notably related to how to work with
Invenio site overlays.
- Changes port number exposed by docker to non-reserved ones to
avoid conflicts with local installations. Webport is now 28080,
Redis 26379 and MySQL is 23306, which is a simple +20000 shift
from the standard ports.
- Integrates docker boot script into docker image.
- Changes docker boot script to use `exec`. This ensure signal
forwarding and reduces the overhead by one process. As a result
container shutdown is faster now.
- Changes manual master/slave configuration of Docker devboot script
to automatic solution using file locks.
+ jasmine:
- Allows using variables from application config for building asset
bundles.
Bug fixes
---------
+ deposit:
- Fixes issue with PLUpload chunking not being enabled.
+ encoder:
- Corrects the `compose_file` function call in `process_batch_job`
to produce `<directory>/content.<extension>` instead of
`<directory>/content.content;<extension>`. (#3354)
+ global:
- Fixes the way configuration variables are parsed from ENV. It now
uses the same method we are using in `inveniomanage config set`.
This fixes the problem that `False` is not parsed correctly.
+ installation:
- Fixes capitalization of package names.
+ legacy:
- Fixes inveniogc crash when mysql is NOT used to store sessions.
(#3205)
+ login:
- Provides flash message to indicate that an email with password
recovery could not be sent. (#3309)
Notes
-----
+ global:
- Backports Flask-IIIF extension from original commit
213b6f1144734c9ecf425a1bc7b78e56ee5e4e3e. The extension is not
enabled by default in order to avoid feature addition to existing
minor release.
Invenio v2.0.4 -- released 2015-06-01
-------------------------------------
New features
~~~~~~~~~~~~
+ template:
- Adds Jinja2 filter 's' to convert anything to 'str'.
Improved features
~~~~~~~~~~~~~~~~~
+ BibDocFile:
- Escapes file name special characters including accents and spaces
in document URLs.
+ installation:
- Adds default priviledges for database user to access from any
host.
Bug fixes
~~~~~~~~~
+ arxiv:
- Adds proper quotation around OAI-PMH query to avoid a query parser
exception due to colons in the OAI identifiers.
+ global:
- Catches possible KeyError exceptions when using dotted notation in
a list to allow for the case when items are missing certain keys.
+ installation:
- Fixes syntax error in generated Apache virtual host configuration.
+ knowledge:
- Fixes HTML character encoding in admin templates. (#3118)
+ legacy:
- Changes the default timestamp to a valid datetime value when
reindexing via `-R`.
+ WebSearch:
- Removes special behaviour of the "subject" index that was hard-
coded based on the index name. Installations should rather
specify wanted behaviour by means of configurable tokeniser
instead.
Invenio v1.2.1 -- released 2015-05-21
-------------------------------------
Security fixes
~~~~~~~~~~~~~~
+ BibAuthorID:
- Improves URL redirecting by properly quoting all URL parts, in
order to better protect against possible XSS attacks.
+ WebStyle:
- Adds back the `HttpOnly` cookie attribute in order to better
protect against potential XSS vulnerabilities. (#3064)
Improved features
~~~~~~~~~~~~~~~~~
+ installation:
- Apache virtual environments are now created with appropriate
`WSGIDaemonProcess` user value, taken from the configuration
variable `CFG_BIBSCHED_PROCESS_USER`, provided it is set. This
change makes it easier to run Invenio under non-Apache user
identity.
- Apache virtual environments are now created with appropriate
`WSGIPythonHome` directive so that it would be easier to run
Invenio from within Python virtual environments.
Bug fixes
~~~~~~~~~
+ BibDocFile:
- Safer upgrade recipe for migrations from the old document storage
model (used in v1.1) to the new document storage model (used in
v1.2).
+ WebSearch:
- Removes special behaviour of the "subject" index that was hard-
coded based on the index name. Installations should rather
specify wanted behaviour by means of configurable tokeniser
instead.
- Collection names containing slashes are now supported again.
However we recommend not to use slashes in collection names; if
slashes were wanted for aesthetic reasons, they can be added in
visible collection translations. (#2902)
+ global:
- Replaces `invenio-demo.cern.ch` by `demo.invenio-software.org`
which is the new canonical URL of the demo site. (#2867)
+ installation:
- Releases constraint on using an old version of `h5py` that was
anyway no longer available on PyPI.
+ testutils:
- Switches off SSL verification when running the test suite. Useful
for Python-2.7.9 where self-signed SSL certificates (that are
usually used on development installations) would cause apparent
test failures. (#2868)
Invenio v1.1.6 -- released 2015-05-21
-------------------------------------
Security fixes
~~~~~~~~~~~~~~
+ WebStyle:
- Adds back the `HttpOnly` cookie attribute in order to better
protect against potential XSS vulnerabilities. (#3064)
Improved features
~~~~~~~~~~~~~~~~~
+ installation:
- Apache virtual environments are now created with appropriate
`WSGIDaemonProcess` user value, taken from the configuration
variable `CFG_BIBSCHED_PROCESS_USER`, provided it is set. This
change makes it easier to run Invenio under non-Apache user
identity.
- Apache virtual environments are now created with appropriate
`WSGIPythonHome` directive so that it would be easier to run