Releases: mysociety/alaveteli
0.25.0.19
Release 0.25.0.0
Highlighted Features
- Compress all images to improve PageSpeed (Martin Wright)
- Prevent spam users using the "about me" page to propagate spam (Gareth Rees)
- Format incoming message HTML with
<p>
and<br>
tags (Liz Conlan) - Add an interface to calculate transaction stats per user (Gareth Rees)
- Fixed bug in
OutgoingMessage.template_changed
which allowed a new request to
be submitted without changes to the default text if:- the site (theme) overrode the core default text via
default_letter
- the authority name contained any characters which were encoded as
HTMLEntities - a global censor rule changed the template text
Only the first case is known to affect a live site (Liz Conlan)
- the site (theme) overrode the core default text via
- There is now the ability to flag a request to have incoming mail rejected at
SMTP time - requires special configuration at the MTA level. For more information on
usage, see the documentation on spam handling (Louise Crow) - The raw email associated with an incoming message can now be downloaded from
the admin page for that message without having to view the raw email first
(Louise Crow) - Improve sharing options on request sidebar (Gareth Rees, Martin Wright)
- Added a library to give a spam score to a user (Gareth Rees)
- Add ARIA landmark roles to improve accessibility (Martin Wright)
- Add an endpoint to view outgoing message mail server logs and display them
in the request thread (Gareth Rees) - Prevent the search and list routes from processing non-HTML requests
(Liz Conlan) - Add accepted formats to commonly probed routes (Gareth Rees)
- Added a helper and new lib file to standardise click tracking with Google
Analytics events (Liz Conlan) - Migrated from using the legacy
ga.js
Google Analytics code to the current
"universal"analytics.js
version (Liz Conlan) - Bug fixes for the graph generation scripts (Liz Conlan)
- Improved DMARC handling (Louise Crow)
- Added a workaround for a compatibility issue with Xapian character encoding
(Louise Crow) - Minor accessibility improvements (Martin Wright)
- Add a task to output a CSV of the requests made to the top 20 authorities
(Nick Jackson) - Allow local code coverage to be generated by setting
COVERAGE=local
in the
environment when running rspec (Liz Conlan) - Refactored
OutgoingMailer
to get "To:", "From:" and "Subject:" from the
OutgoingMessage
instance (Gareth Rees) - Show the delivery status of outgoing messages (Gareth Rees, Zarino Zappia)
- Added a rake task,
themes:check_help_sections
to identify missing help
templates and sections in themes that are referred to in Alaveteli. Removed
example help templates from core toalavetelitheme
. (Louise Crow) - Added a new config option
ENABLE_ANNOTATIONS
to allow turning off the
annotations feature (comments on requests) (Steve Day, Gareth Rees) - Added some early-stage scripts (
script/current-theme
,
script/diff-theme-override
) to help with upgrading theme overrides. Both
have a-h
option with usage information (Gareth Rees) - Make it clearer that user's names will be displayed in public (Gareth Rees)
- The holding pen is now hidden by default in the front end interface (Louise Crow)
Upgrade Notes
UserController#set_profile_about_me
has been deprecated. If you have
overridden it in your theme, you will need to port your customisations to
UserProfile::AboutMeController
. You should also update
set_profile_about_me
routes toedit_profile_about_me
(for GET requests)
andprofile_about_me
(for PUT requests).AboutMeValidator
has been deprecated. The behaviour is now directly included
inUser
.- Run
bundle exec rake themes:check_help_sections
to check that your theme
contains all the necessary help files. The example files have now been moved
from Alaveteli to the example themealavetelitheme
. - The upgrade of Google Analytics affects any custom GA scripts embedded in
template pages. You will need to go through your theme customisations to see
whether or not you are affected. Changes include:- There is no longer a
pageTracker
object on the page, you must make your
calls againstga
instead - Core function calls like
_getTracker
and_trackEvent
have been
replaced by newer equivalents - The main method of tracking page views has changed from
pageTracker._trackPageView()
toga('send', 'pageview')
- The main method of sending tracking events has changed from
pageTracker._trackEvent(category, action)
to
ga('send', 'event', category, action)
Full information on how to check and adjust for these changes is available
in Google's migration guide
- There is no longer a
- There are some database structure updates so remember to
rake db:migrate
- This release includes an update to the commonlib submodule - you
should be warned about this when runningrails-post-deploy
.
Release 0.24.1.0
Highlighted Features
- Removed many cases of dynamic string composition, making Alaveteli easier to
localise (Liz Conlan, Louise Crow).
Upgrade Notes
- Please update any overridden templates in the list below so that the phrases in
them will be translated correctly.
Release 0.24.0.0
Highlighted Features
- Stopped enforcing line lengths in plain text emails for a better experience
when using small screen clients such as mobile phones (Liz Conlan) - Added Google Analytics tracking code to log an event when a widget button
is clicked (Liz Conlan) - Fix crash when neither Geoip nor Gaze are configured (Alfonso Cora)
- Added a system of checkboxes to allow admins to delete multiple incoming
messages (ie spam) that are associated with a request (Liz Conlan) - Added a new cron job to run the holding pen cleanup task once a week.
(Liz Conlan) - Improved the holiday reminder email that gets sent to site admins once a year
(Liz Conlan) - Extracted
ResponseController#show_response
in to several actions in a new
FollowupsController
(Liz Conlan, Gareth Rees) - Added links to AskTheEU from Alaveteli sites
installed in an EU country (Gareth Rees) - Stopped generating code coverage reports locally. You can still view code
coverage reports on https://coveralls.io/github/mysociety/alaveteli
(Gareth Rees) - Added
OutgoingMessage::Template
module and extracted templates to classes
in this module (Gareth Rees) - Added some experimental methods for sending requests to an external reviewer
(Gareth Rees) - Added some experimental methods for retrieving exim mail server logs for a
specificOutgoingMessage
(Gareth Rees) - Improved the organisation of the items in the admin nav bar (Gareth Rees)
- Global and Public Body censor rules can now be managed through the admin UI
(Gareth Rees) - Added non-destructive methods to apply censor rules and text masks (Gareth
Rees). - Improve handling of long translations in logged in nav (Zarino Zappia)
- Better support for setting up a thin cluster (Liz Conlan)
- Added onscreen instructions to the Vagrant box (Liz Conlan)
- The UK-specific
SPECIAL_REPLY_VERY_LATE_AFTER_DAYS
has been removed. See
mysociety/whatdotheyknow-theme#287 for how we've
re-implemented this in WhatDoTheyKnow. - Stop outgoing messages being displayed with forced line breaks (Liz Conlan).
- Reduce risk of duplicate request urls (Liz Conlan).
- Better image for pages when shared on Facebook (Zarino Zappia)
- Official support added for ruby 2.1.5 and 2.3.0 (Louise Crow)
- Ported the graph generation shell scripts to Ruby (Liz Conlan)
- Official support added for Debian Jessie (Liz Conlan)
- Improved some translation strings and added some missing wrappers (Gareth
Rees) - Deprecated some UK-specific code (Gareth Rees)
- Improve speed of the 'old unclassified' requests query by adding a cached
field to InfoRequest to keep track of when the last public response was
made (Liz Conlan). - Improved error messages in
script/switch-theme.rb
(Zarino Zappia)
Upgrade Notes
-
The following methods have been replaced:
CensorRule#apply_to_text!
:CensorRule#apply_to_text
CensorRule#apply_to_binary!
:CensorRule#apply_to_binary
IncomingMessage#apply_masks!
:IncomingMessage#apply_masks
InfoRequest#apply_censor_rules_to_text!
:InfoRequest#apply_censor_rules_to_text
InfoRequest#apply_censor_rules_to_binary!
:InfoRequest#apply_censor_rules_to_binary
AlaveteliTextMasker#apply_masks!
:AlaveteliTextMasker#apply_masks
AlaveteliTextMasker#apply_pdf_masks!
:AlaveteliTextMasker#apply_pdf_masks
AlaveteliTextMasker#apply_binary_masks!
:AlaveteliTextMasker#apply_binary_masks
AlaveteliTextMasker#apply_text_masks!
:AlaveteliTextMasker#apply_text_masks
Note that you will need to assign the return value from the new methods, e.g:
- censor_rule.apply_to_text!(text)
+ censored_text = censor_rule.apply_to_text(text)
- To switch to running multiple thin servers with nginx:
- stop the running processes using
service alaveteli stop
- regenerate your SysVinit daemon file using the instructions at:
http://alaveteli.org/docs/installing/manual_install/#thin (but don't restart the site yet!) - Edit the upstream alaveteli directive in your
/etc/nginx/sites-available/alaveteli_https
(or/etc/nginx/sites-available/alaveteli
if you are not running your site over SSL) file
as per http://alaveteli.org/docs/installing/manual_install/#running-over-ssl so that nginx knows how to use
the extra server processes - restart your site with
service alaveteli start
- stop the running processes using
- There's been a minor change to
config/sysvinit-passenger.example
. You should
regenerate this file: http://alaveteli.org/docs/installing/manual_install/#passenger - Add a 256x256 image named
logo-opengraph.png
to
YOUR_THEME_ROOT/assets/images
, to be shown next to pages from your site when
shared on Facebook. - The crontab needs to be regenerated to include the new modifications:
http://alaveteli.org/docs/installing/manual_install/#generate-crontab - 5af81d9 includes a migration that runs over all info requests in the
database. This might take some time, so you should ideally schedule this
outside of busy periods.
Release 0.23.2.0
Highlighted Features
- Improve speed of the 'old unclassified' requests query by adding a cached
field to InfoRequest to keep track of when the last public response was made (Liz Conlan).
Upgrade Notes
- There are a couple of database structure updates so remember to rake db:migrate
Release 0.23.1.0
Highlighted Features
- Remove blocks of spaces in translation strings (Louise Crow).
Upgrade Notes
- There should be no action necessary.
Release 0.23
Highlighted Features
- Various major design and markup improvements to the layout, home page and
request page (Martin Wright). - Adds basic opt-in two factor authentication. Enable it globally with
ENABLE_TWO_FACTOR_AUTH
(Gareth Rees). - Fixes a bug which caused request titles to be HTML escaped twice
when setting up a new request track while not logged in (Liz Conlan). - Extracted UserController#signchangepassword to PasswordChangesController
(Gareth Rees). - Added configuration for
RESTRICT_NEW_RESPONSES_ON_OLD_REQUESTS_AFTER_MONTHS
.
(Gareth Rees). - Performance improvements when finding sibling info request events (Gareth
Rees). - Increased the maximum length of a track query and added a warning if
this new limit is exceeded (Liz Conlan). - Refactor of
InfoRequest
(Liz Conlan). - Improved placeholder logo (Zarino Zappia).
- Improve mobile layout on authority list page (Martin Wright).
- Improve handling of associated records when destroying parents (Liz Conlan).
- Major refactoring of
InfoRequest#receive
(Gareth Rees). - Santitze invalid UTF-8 in mail server logs while processing them (Steven Day,
Gareth Rees). - Fixes for several edge case bugs (Liz Conlan).
- Add more classes to markup to make style customisation easier (Martin Wright).
- Adds reCAPTCHA to the public authority change request form if there is no
logged in user (Gareth Rees). - Rename #follow_box to #track-request to prevent add blockers hiding the
button allowing users to follow a request (Martin Wright). - Improved handling of invalid UTF-8 attachment text (Louise Crow).
- Add domain to exception notification subject line (Gareth Rees).
- Fixes incorrectly updating
url_name
when a banned user record is updated
(Gareth Rees). - Definition lists are now easier to read and follow, greatly improves help
pages (Martin Wright). - The sorting on PublicBodyController#list now uses
COLLATE
to sort in the
correct order for a locale if a collation is available for the language. See
http://alaveteli.org/docs/developers/i18n/#internationalised-sorting for
adding collations. This requires PostgreSQL >= 9.1.12. (Gareth Rees) - The new widget template can now be translated (Gareth Rees).
- Improved locale switcher markup and code (Martin Wright, Gareth Rees).
- OpenGraph markup added to improve the appearance of Alaveteli links on social
media (Owen Blacker). - Request graph cron job no longer errors if there are no requests in a
particular state (Petter Reinholdtsen). - Refactoring of user controller for shorter methods and clearer syntax (Caleb
Tutty) - New rake task stats:list_hidden for printing a list of requests with hidden
material (Louise Crow). - Rspec is upgraded to version 3, and specs have been upgraded to modern
syntax (Louise Crow). - Standard filters and parameter whitelisting added to admin controllers
(James McKinney, Louise Crow) - Alaveteli now uses a local GeoIP database by default to find the country for
HTTP requests (and tell users if there is an Alaveteli in their country),
rather than the mySociety Gaze service. This should improve performance and
reliability (Ian Chard). - The 'Return-Path' header for mails from users is now set to an email address on
the Alaveteli domain so that SPF checks should pass (Louise Crow). - Debian Squeeze is no longer supported as an OS to run Alaveteli on. It is
end-of-life in Feb 2016 and only packages Ruby 1.8.
Upgrade Notes
-
Version 0.23 does not support Ruby 1.8.7.
-
If you are running Alaveteli on Debian Squeeze, you should upgrade your OS to
Debian Wheezy before upgrading to this release. This
Debian upgrade guide
can guide you through the process. If you have
questions about upgrading OS, please don't hesitate to ask on the
alaveteli-dev group.
If you're not ready to upgrade to Wheezy, you can still upgrade Alaveteli if
you install Ruby 1.9 or 2.0 yourself, but be aware that we will no longer be
testing package installation on Squeeze and that OS security updates will no
longer be produced by Debian after Feb 2016. -
The install script
site-specific-install.sh
sets the default ruby to 1.9. You
can do this manually with the same commands http://git.io/vlDpb -
If you are running Debian Wheezy, install poppler-utils from wheezy-backports:
http://git.io/vlD1k -
This release adds
geoip-database
to the list of required packages. You can
install it withsudo apt-get install geoip-database
. If you don't want to
or can't use a local GeoIP database, setGEOIP_DATABASE' to an empty string in
config/general.yml`. -
Make sure that your 'blackhole email address' is configured to be
discarded by your MTA - see our postfix
and exim
setup documentation. -
This release introduces a new default homepage - if you want to keep your existing
homepage layout, copy the old homepage templates to your theme before upgrading and
check that you have translations for them in yourtheme-locale
directory. -
UserController#signchangepassword
has been deprecated and password changing
moved to a separate controller,PasswordChangesController
. If you still need
the old action, add the following route to your theme's
lib/config/custom_routes.rb
:match '/profile/change_password' => 'user#signchangepassword',
:as => :signchangepasswordIf you do this, you'll also need to change any url helpers from
new_password_change_path
tosignchangepassword_path
. -
This release takes the first steps to deprecate the
link_button_green
class, which
will be removed in a future release. We've added contextually relevant
classes to these elements. Please update your themes to ensure you're
no longer usinglink_button_green
for styling. -
The
InfoRequest
methodslaw_used_short
,law_used_act
andlaw_used_with_a
have been deprecated and will be removed in a future release. The new method
law_used_human
has been supplied instead which takes a key to access the
equivalent information of the original methods, e.g.law_used_human(:full)
,
law_used_human(:short)
etc. As thelaw_used_with_a
functionality does not
appear to be in use, if you do still need this functionality in future you
may need to override theLAW_USED_READABLE_DATA
hash to ensure it has a
:with_a
key value pair for each law you are supporting before calling
law_used_human(:with_a)
. -
Please upgrade the syntax in any theme specs you have to be compatible with
rspec 3. Useful resources: -
There are a couple of database structure updates so remember to
rake db:migrate
-
This release includes an update to the commonlib submodule - you
should be warned about this when running rails-post-deploy.
Release 0.22.4.0
Highlighted Features
- Set the return-path for the contact form mail (Louise Crow).
Upgrade Notes
- There should be no action necessary.
Release 0.22.3.0
Highlighted Features
- Added additional transaction stats to /version.json endpoint (Gareth Rees).
- Added additional transaction stats to stats:show rake task (Gareth Rees).
Upgrade Notes
- There should be no action necessary.
Release 0.22.2.0
Highlighted Features
- Adds filtering of incoming mail based on a spam score from SpamAssassin.
Requests over a threshold can be discarded or sent to the holding pen.
See http://alaveteli.org/docs/customising/config#incoming_email_spam_action
for configuration instructions (Gareth Rees).
Upgrade Notes
- There should be no action necessary.