roundup 2.0.0

A simple-to-use and -install issue-tracking system with command-line, web and e-mail interfaces. Highly customisable.

I’m proud to release version 2.0.0 of the Roundup issue tracker which has been possible due to the help of several contributors. This release contains some major changes, so make sure to read docs/upgrading.txt to bring your tracker up to date.

There are special directions for those using mysql backend.

The changes, as usual, include some new features and many bug fixes.

You can download it with:

pip download roundup

then unpack and test/install the tarball.

Among the notable improvements from the 1.6.1 release are:

Roundup is multilingual and will run under either Python 3 or Python 2. If you want to use Python 3, you must read the Python 3 Support section in the upgrading doc. Depending on the database backend you may have to export/import the tracker. Also you will need to make sure your tracker’s Python code is Python 3 compliant. Thanks to Joseph Myers with help from Christof Meerwald.

Roundup has a rest API to go along with the existing xmlrpc API. See doc/rest.txt for details on configuring, authorizing access (per role) and making a request. Thanks to Ralf Schlatterbeck who integrated and updated Chau Nguyen’s GSOC code.

PGP encryption is now done using the gpg module and not the obsolete pyme library. Thanks to Christof Meerwald.

Use of mod_python is deprecated. Apache mod_wsgi documentation has been updated along with gunicorn and uwsgi and is the preferred mechanism.

jinja templates updated to bootstrap 4.4.1. Templates use autoescape and translation library. Support for messages written in markdown added. SimpleMDE used as markdown editor to provide preview features. Thanks to Christof Meerwald.

Fixes to mysql indexing may require a database dump/restore.

The file CHANGES.txt has a detailed list of feature additions and bug fixes for each release. The most recent changes from there are at the end of this announcement. Also see the information in doc/upgrading.txt.

If you find bugs, please report them to issues AT roundup-tracker.org or create an account at https://issues.roundup-tracker.org and open a new ticket. If you have patches to fix the issues they can be attached to the email or uploaded to the tracker.

Upgrading

If you’re upgrading from an older version of Roundup you must follow all the “Software Upgrade” guidelines given in the doc/upgrading.txt documentation.

Roundup requires Python 2 newer than version 2.7.2 or Python 3 newer than or equal to version 3.4 for correct operation.

The wsgi, server and cgi web deployment modes are the ones with the most testing.

To give Roundup a try, just download (see below), unpack and run:

python demo.py

Release info and download page:

https://pypi.org/project/roundup

Source and documentation is available at the website:

http://roundup-tracker.org/

Mailing lists - the place to ask questions:

https://sourceforge.net/p/roundup/mailman/

About Roundup

Roundup is a simple-to-use and install issue-tracking system with command-line, web and e-mail interfaces. It is based on the winning design from Ka-Ping Yee in the Software Carpentry “Track” design competition.

Note: Ping is not responsible for this project. The contact for this project is richard@users.sourceforge.net.

Roundup manages a number of issues (with flexible properties such as “description”, “priority”, and so on) and provides the ability to:

1. submit new issues,

2. find and edit existing issues, and

3. discuss issues with other participants.

The system facilitates communication among the participants by managing discussions and notifying interested parties when issues are edited. One of the major design goals for Roundup that it be simple to get going. Roundup is therefore usable “out of the box” with any Python 2.7.2+ (or 3.4+) installation. It doesn’t even need to be “installed” to be operational, though an install script is provided.

It comes with five issue tracker templates

• a classic bug/feature tracker

• a more extensive devel tracker for bug/features etc.

• a responsive version of the devel tracker

• a jinja2 version of the devel template (work in progress)

• a minimal skeleton

and supports four database back-ends (anydbm, sqlite, mysql and postgresql).

Recent Changes

Features:

• Allow to pass additional headers to nosymessage, nice if a message needs to be marked as urgent or similar, e.g., Outlook uses an “Importance” header, when set to “high” it highlights the message. (Ralf Schlatterbeck)

• issue2550926 - Original author adding a second message shouldn’t set status to ‘chatting’. See upgrading.txt for details. (John Rouillard)

• issue2550919 - Anti-bot signup using 4 second delay. New config.ini param [web] registration_delay must be set to 0 if template user.register.html is not modified. See upgrading.txt for details.

• Reimplement -u <login>[:<password>]. This opens the database as the user and applies expected permissions. It also creates history entries for the user. Note that the password is unused, no mention of it is in the spec that I can find, so not sure what it was supposed to be used for as the CLI has full access to the files so a password check is not useful. An edge case is when the login has a : in it. In this case it may not work as expected. So don’t do that.

• Implement Cache-Control headers for static files. Allows tracker admin to control caching for css, js and other static files. See customizing.html. The use is documented in the section describing how to use interfaces.py.

• issue2551071 Update jinja template to bootstrap 4. Updated to 4.4.1. The pull request has been around for a while. (Patch: Paul Spooren; templates merged and additional changes by Christof Meerwald; other merged by John Rouillard)

• Add config option ‘http_auth_convert_realm_to_lowercase’ If usernames consist of a name and a domain/realm part of the form user@realm and we’re using REMOTE_USER for authentication (e.g. via Kerberos), convert the realm part of the incoming REMOTE_USER to lowercase before matching against the roundup username. This allows roundup usernames to be lowercase (including the realm) and still follow the Kerberos convention of using an uppercase realm. In addition this is compatible with Active Directory which stores the username with realm as UserPrincipalName in lowercase.

• Cleaned up the WSGI interface implementation by separating the request handler from the request displatcher. Also allow customisation of tracker instance creation via an overridable “get_tracker” context manager.

• Allow transitive properties in @fields in REST API. These transitive properties may not cross Multilinks, e.g., when querying ‘issue’ the property ‘messages.author’ is not allowed (because ‘messages’ is a multilink). A multilink at the end (e.g. messages in the example) is fine.

• Added markdown rendering using markdown, markdown2 or mistune; use SimpleMDE markdown editor in jinja2 template (Christof Meerwald)

• Allow filtering by multiple date ranges or empty date. Date ranges are separated by comma, an empty date is represented by ‘-’

• issue2551083 - Replace BaseException and Exception as base classes with new RoundupException (inheriting from Exception) for most roundup exceptions. (John Rouillard and Ralf Schlatterbeck on request from Robert Klonner.)

Fixed:

• issue2550996 - Give better error message when running with -c (install as windows service) and pywin32 is not importable. Could use better testing on a windows box. (John Rouillard)

• issue2550921 - Can create login name with , in it. Confuses nosy list editing. Also can embed html tags. Updated userauditor.py to prevent this. See updating.txt. (John Rouillard)

• issue1344046 - Search for “All text” can’t find some Unicode words (John Rouillard, Ezio Melotti)

• issue1195739 - search in russian does not work (John Rouillard, Ezio Melotti)

• issue2550920 - Registration with confirmation detects duplcate name when using validation. Added option to allow detection of duplicate username when the user tries to register. Previously user was rejected when confirming registration. (John Rouillard)

• French translation gave errors with Python 3 because of ISO-8859-1 character in .mo file header. (Joseph Myers)

• Fix representation of boolean html attributes to be ‘required’ rather than the xhtml form of ‘required=”required”’. Specify (reverted attribute value same as attribute name or) attribute value of None, to output attribute as boolean. (John Rouillard) Reverted (part of) this change. It breaks rendering of non-boolean attributes (like name=”name”). So only value of None renders attribute properly as boolean. (Ralf Schlatterbeck)

• issue2551076 - in responsive template, default searches for bugs and tasks sets status=new default should be “don’t care”. (Report: Ludwig Reiter; Fix: John Rouillard)

• issue2551077 - In “jinja2” template: cannot login if German language is used. Fixed three places where the value of a hidden @action input field was translated. (Reported by Ludwig Reiter. John Rouillard)

• Document security issues in xmlrpc interface in doc/xmlrpc.txt.

• Enable autoescape in the jinja2 template and use the i18n extension for translations. (Report: John Rouillard; Fix: Christof Meerwald)

• Cleanup code by linting using flake8. (John Rouillard)

• Cleanup code by security linting using bandit. (John Rouillard)

• issue2550912 - fixed missing query string in __came_from for jinja2 template. (Christof Meerwald)

• issue2551019 - handle character set conversions for CSV export action in Python 3. (Christof Meerwald)

• issue2551051: Return a 403 on non-existing or non-searchable transitive properties when queried via REST-API (same behavior for sorting and searching).

• Fixed ReStructuredText encoding with Python 3.