Inyoka Changelog

Unreleased 1.BB.CC (2024-MM-DD)

✨ New features

🏗 Changes

🗑 Deprecations

🔥 Removals

🐛 Fixes

🔒 Security

1.0.1 (2024-10-20)

🏗 Changes

• Add contribution guideline

🐛 Fixes

• Fix domain for download-link to not point to inyokaproject.org

1.0.0 (2024-10-13)

Deployment notes

1. Update requirements

🏗 Changes

• Add default theme based on ubuntuusers theme to the inyoka repository

• Migrate from setup.py to pyproject.toml

• Introduce ruff for code formatting

• Render <mark> for highlighted text

• Control characters are stripped from all HTTP-POST parameters

• Documentation: Now possible to use Markdown

• Documentation is now published at https://doc.inyokaproject.org/

• Use Django’s view and form for change password

• Restrict user defineable font faces: Only [font=Arial], [font=serif], [font=sans-serif] and [font=Courier] are allowed

• Disallow <color> and <font> in signatures

• InyokaMarkup: Extend filtering of control characters

• InyokaMarkup: Remove empty paragraphs in generated HTML

• InyokaMarkup: Dont split up long links in HTML-markup (instead rely on CSS)

• Table of contents: Dont strip long heading text

🔥 Removals

• Remove unused javascript on register and for escaping

🐛 Fixes

• Splittopic form: Fix maximum length for title of new topic

• Forum posts & Ikhaya comments can now start with a list (space is preserved)

🔒 Security

• Add SECURITY.md

• Update requirements (at least the dependency Django includes known security fixes)

• Markup, Edited-/Mod boxes: Escape parameters to prevent HTML injection

• Templates: Escape more user-controllable variables to prevent HTML injections

0.36.1 (2024-08-06)

Deployment notes

1. Update requirements

🔒 Security

• Update Django due to a security vulnerability → <https://www.djangoproject.com/weblog/2024/aug/06/security-releases/>

0.36.0 (2024-07-14)

Deployment notes

1. Update requirements

2. Run migrations

3. Fix CVE-2024-4317 in existing postgresql instances (see https://www.postgresql.org/about/news/postgresql-163-157-1412-1315-and-1219-released-2858/)

$ docker exec -it inyoka_postgres.<Tab> bash

root@a789607c1d5c:/# psql -U inyoka

\i /usr/share/postgresql/14/fix-CVE-2024-4317.sql

\c template1
\i /usr/share/postgresql/14/fix-CVE-2024-4317.sql

ALTER DATABASE template0 WITH ALLOW_CONNECTIONS true;
\c template0
\i /usr/share/postgresql/14/fix-CVE-2024-4317.sql
\c template1
ALTER DATABASE template0 WITH ALLOW_CONNECTIONS false;
exit;

✨ New features

• new management commands

  • Portal: Add management command that outputs some statistics

  • Wiki: Add management command to regenerate MetaData

🏗 Changes

• Generate requirements for Python 3.12 as default

• The Docker container now use Python 3.12 which replaces Python 3.9

🔒 Security

• Update requirements (at least the dependencies certifi, Django, Jinja2, requests, urllib3 include known security fixes)

• Remove deprecated Django password hashers

0.35.0 (2024-05-04)

Deployment notes

1. Update requirements

✨ New features

• Use argon2 as default password hasher

• Use Django gzip middleware, so HTML gets compressed (mitigation for the BREACH attack is included in Django)

🏗 Changes

• Update to Django 4.2

  • Replace pytz with zoneinfo

• Basic BDD tests for the planet

0.34.1 (2024-04-20)

Deployment notes

1. Update requirements

🔒 Security

• Update gunicorn to fix a known security issue

0.34.0 (2024-04-06)

Deployment notes

1. Update requirements

🏗 Changes

• Add documentation for release procedure

• Update requirements (at least the dependency Pillow includes known security fixes)

🐛 Fixes

• Events: Link to openstreetmap, as geohack seems to be not reachable

0.33.0 (2024-03-09)

Deployment notes

1. Update requirements

2. Execute database migration

🏗 Changes

• Wiki: Refactor queries for wiki page to be more efficient

🔒 Security

• Update requirements (at least the dependency Django includes known security fixes)

0.32.0 (2024-02-16)

Deployment notes

1. Update requirements

2. Execute database migration

🏗 Changes

• Add index for username in uppercase. This should speed-up the case-insensitive queries (at least on postgreSQL).

🔥 Removals

• in the Wiki the Include macro was removed

🐛 Fixes

• Display message instead of server-error, if username was not taken during form-validation at registration, but at DB-insertion

• Strip control characters in Inyoka’s markup lexer. This will fix server errors for feeds.

🔒 Security

• Update requirements (at least the dependencies Django include known security fixes)

0.31.0 (2024-01-13)

Deployment notes

1. Update requirements

2. Execute database migration

🏗 Changes

• pyupgrade to modernize the code base a bit

• Refactor feeds to use Django’s builtin syndication framework instead of the out-of-support Werkzeug module

🔥 Removals

• Remove XMPP: XMPP was not used anymore, since it was made an optional dependency. The associated database migration will

  • remove not needed user settings

  • remove hidden jabber-ids for privacy, as there is no reason to save them anymore (previously, they could be used for notifications)

🐛 Fixes

• Fix wiki revision rendering

• Reject NUL byte in URLs

• Fix TypeError in Service Middleware

• Return more HTTP status codes in ikhaya service instead of raising an unhandeled error

• Fix UnboundLocalError in Service Middleware, if there are not exactly two parts given via GET

• LoginForm: Always require a password

🔒 Security

• Update requirements (at least the dependencies Django, Pillow and jinja2 include known security fixes)

0.30.0 (2023-10-22)

Deployment notes

1. Update requirements

2. Execute database migration

🏗 Changes

• Added babel extractor for django templates

🔒 Security

• Update requirements (at least the dependencies certifi, django, urllib3, Pillow include known security fixes)

0.29.0 (2023-07-21)

Deployment notes

1. Update requirements

2. Run python manage.py migrate

✨ New features

• Async markup rendering

🏗 Changes

• Require python 3.9

• Use default django classes for templates

• Update celery to version 5

• Ubuntu Distro Select: Add Ubuntu Unity, Do not allow Ubuntu GNOME for new threads

🔥 Removals

🐛 Fixes

• To delete posts in the forum, permission per forum are used instead of one global permission. The global permisson could not be configured via the webinterface

🔒 Security

• Update requirements (at least the dependencies Pillow, requests, sqlparse include known security fixes)

0.28.0 (2022-09-11)

Deployment notes

1. Update requirements

✨ New features

• Add task to render all wikipages, so they are all in the cache for a faster (first) retrival.

🔥 Removals

• Remove Inyoka’s custom SendmailEmailBackend. Instead, use the django builtin SMTP backend.

🐛 Fixes

• Correct title and breadcumb for sent private messages

• CI: Build documentation also on PRs

🔒 Security

• Update requirements (dependency-packages lxml and Pillow include known security fixes)

0.27.0 (2022-08-05)

Deployment notes

1. Update requirements

2. Adapt sentry-settings in local configuration

3. For development setups: Migrate changes from example_development_settings.py to local configuration

4. Run python manage.py migrate

🏗 Changes

• Require python 3.8

• Replace jenkins with github actions as CI

• Use django’s PasswordResetView and PasswordResetConfirmView

• Add ircs as an supported protocol for InterWiki links

• Markup: Use unicode for rendering an anchor

🔥 Removals

• Wiki does not accept case insensitive urls (only lowercase)

• Remove global socket timeout of inyoka

🐛 Fixes

• Forum: Raise 404, if forum-slug for markread is not found

• Planet, Sync: Continue with next blog on SSLError, Fix unicode error

🔒 Security

• Update requirements (django, django-guardian, django-filter, django-hosts, django-redis, werkzeug, django-debug-toolbar, jinja2, allure-behave, python-magic, gunicorn, lxml, pygments, urllib3, Replace raven with sentry-sdk)