Skip to content

Release 0.23
Compare
Choose a tag to compare
@crowbot crowbot released this 17 Nov 14:50
· 9986 commits to develop since this release
0.23.0.0
ddc927f

Highlighted Features

  • Various major design and markup improvements to the layout, home page and
    request page (Martin Wright).
  • Adds basic opt-in two factor authentication. Enable it globally with
    ENABLE_TWO_FACTOR_AUTH (Gareth Rees).
  • Fixes a bug which caused request titles to be HTML escaped twice
    when setting up a new request track while not logged in (Liz Conlan).
  • Extracted UserController#signchangepassword to PasswordChangesController
    (Gareth Rees).
  • Added configuration for RESTRICT_NEW_RESPONSES_ON_OLD_REQUESTS_AFTER_MONTHS.
    (Gareth Rees).
  • Performance improvements when finding sibling info request events (Gareth
    Rees).
  • Increased the maximum length of a track query and added a warning if
    this new limit is exceeded (Liz Conlan).
  • Refactor of InfoRequest (Liz Conlan).
  • Improved placeholder logo (Zarino Zappia).
  • Improve mobile layout on authority list page (Martin Wright).
  • Improve handling of associated records when destroying parents (Liz Conlan).
  • Major refactoring of InfoRequest#receive (Gareth Rees).
  • Santitze invalid UTF-8 in mail server logs while processing them (Steven Day,
    Gareth Rees).
  • Fixes for several edge case bugs (Liz Conlan).
  • Add more classes to markup to make style customisation easier (Martin Wright).
  • Adds reCAPTCHA to the public authority change request form if there is no
    logged in user (Gareth Rees).
  • Rename #follow_box to #track-request to prevent add blockers hiding the
    button allowing users to follow a request (Martin Wright).
  • Improved handling of invalid UTF-8 attachment text (Louise Crow).
  • Add domain to exception notification subject line (Gareth Rees).
  • Fixes incorrectly updating url_name when a banned user record is updated
    (Gareth Rees).
  • Definition lists are now easier to read and follow, greatly improves help
    pages (Martin Wright).
  • The sorting on PublicBodyController#list now uses COLLATE to sort in the
    correct order for a locale if a collation is available for the language. See
    http://alaveteli.org/docs/developers/i18n/#internationalised-sorting for
    adding collations. This requires PostgreSQL >= 9.1.12. (Gareth Rees)
  • The new widget template can now be translated (Gareth Rees).
  • Improved locale switcher markup and code (Martin Wright, Gareth Rees).
  • OpenGraph markup added to improve the appearance of Alaveteli links on social
    media (Owen Blacker).
  • Request graph cron job no longer errors if there are no requests in a
    particular state (Petter Reinholdtsen).
  • Refactoring of user controller for shorter methods and clearer syntax (Caleb
    Tutty)
  • New rake task stats:list_hidden for printing a list of requests with hidden
    material (Louise Crow).
  • Rspec is upgraded to version 3, and specs have been upgraded to modern
    syntax (Louise Crow).
  • Standard filters and parameter whitelisting added to admin controllers
    (James McKinney, Louise Crow)
  • Alaveteli now uses a local GeoIP database by default to find the country for
    HTTP requests (and tell users if there is an Alaveteli in their country),
    rather than the mySociety Gaze service. This should improve performance and
    reliability (Ian Chard).
  • The 'Return-Path' header for mails from users is now set to an email address on
    the Alaveteli domain so that SPF checks should pass (Louise Crow).
  • Debian Squeeze is no longer supported as an OS to run Alaveteli on. It is
    end-of-life in Feb 2016 and only packages Ruby 1.8.

Upgrade Notes

  • Version 0.23 does not support Ruby 1.8.7.

  • If you are running Alaveteli on Debian Squeeze, you should upgrade your OS to
    Debian Wheezy before upgrading to this release. This
    Debian upgrade guide
    can guide you through the process. If you have
    questions about upgrading OS, please don't hesitate to ask on the
    alaveteli-dev group.
    If you're not ready to upgrade to Wheezy, you can still upgrade Alaveteli if
    you install Ruby 1.9 or 2.0 yourself, but be aware that we will no longer be
    testing package installation on Squeeze and that OS security updates will no
    longer be produced by Debian after Feb 2016.

  • The install script site-specific-install.sh sets the default ruby to 1.9. You
    can do this manually with the same commands http://git.io/vlDpb

  • If you are running Debian Wheezy, install poppler-utils from wheezy-backports:
    http://git.io/vlD1k

  • This release adds geoip-database to the list of required packages. You can
    install it with sudo apt-get install geoip-database. If you don't want to
    or can't use a local GeoIP database, set GEOIP_DATABASE' to an empty string in config/general.yml`.

  • Make sure that your 'blackhole email address' is configured to be
    discarded by your MTA - see our postfix
    and exim
    setup documentation.

  • This release introduces a new default homepage - if you want to keep your existing
    homepage layout, copy the old homepage templates to your theme before upgrading and
    check that you have translations for them in your theme-locale directory.

  • UserController#signchangepassword has been deprecated and password changing
    moved to a separate controller, PasswordChangesController. If you still need
    the old action, add the following route to your theme's
    lib/config/custom_routes.rb:

    match '/profile/change_password' => 'user#signchangepassword',
    :as => :signchangepassword

    If you do this, you'll also need to change any url helpers from new_password_change_path
    to signchangepassword_path.

  • This release takes the first steps to deprecate the link_button_green class, which
    will be removed in a future release. We've added contextually relevant
    classes to these elements. Please update your themes to ensure you're
    no longer using link_button_green for styling.

  • The InfoRequest methods law_used_short, law_used_act and law_used_with_a
    have been deprecated and will be removed in a future release. The new method
    law_used_human has been supplied instead which takes a key to access the
    equivalent information of the original methods, e.g. law_used_human(:full),
    law_used_human(:short) etc. As the law_used_with_a functionality does not
    appear to be in use, if you do still need this functionality in future you
    may need to override the LAW_USED_READABLE_DATA hash to ensure it has a
    :with_a key value pair for each law you are supporting before calling
    law_used_human(:with_a).

  • Please upgrade the syntax in any theme specs you have to be compatible with
    rspec 3. Useful resources:

  • There are a couple of database structure updates so remember to rake db:migrate

  • This release includes an update to the commonlib submodule - you
    should be warned about this when running rails-post-deploy.

Assets 2
Loading