roundup 2.2.0

A simple-to-use and -install issue-tracking system with command-line, web and e-mail interfaces. Highly customisable.

I’m proud to release version 2.2.0 of the Roundup issue tracker. This release is a bugfix and minor feature release, so make sure to read docs/upgrading.txt to bring your tracker up to date.

The changes, as usual, include some new features and many bug fixes.

Note that you should run roundup-admin ... migrate to update the database schema version. Do this before you use the web, command-line or mail interface and before any users access the tracker.

You can download it with:

pip download roundup

then unpack and test/install the tarball. Also:

pip install roundup

(preferably in a virtual environment) can be used.

Among the notable improvements from the 2.1.0 release are:

• Dynamic and static compression of http responses. This improves performance when a front end web server isn’t serving compressed assets.

• REST interface supports CORS allowing Roundup to be used by third party web sites. Can specify origins allowed to use the REST interface. OpenAPI (SWagger) docs can be added. Error handling/reporting improved.

• Dockerfile to build a containerized Roundup instance. A docker-compose configuration to deploy a a mysql based tracker is also supplied.

• New full text search methods. SQLite FTS and PostgreSQL full text search are supported. These allow search expressions in addition to simple word based searches.

• Secret values in config.ini can be stored in external files. This allows config.ini to be stored in a VCS without exposing secrets.

• Translation object added to internal database handle. This allows auditors and extensions to provide efficient translations.

• MySQL database creation uses COLLATE utf8_general_ci

• Wsgi startup improvements (must be enabled by setting feature flag).

• Fix crash when importing legacy Roundup tracker with long integers.

• Fix issues with Roundup unable to find supporting files when installed via pip. Removed additional references to distfiles module.

The file CHANGES.txt has a detailed list of feature additions and bug fixes (57) for each release. The most recent changes from there are at the end of this announcement. Also see the information in doc/upgrading.txt.

If you find bugs, please report them to issues AT roundup-tracker.org or create an account at https://issues.roundup-tracker.org and open a new ticket. If you have patches to fix the issues they can be attached to the email or uploaded to the tracker.

Upgrading

If you’re upgrading from an older version of Roundup you must follow all the “Software Upgrade” guidelines given in the doc/upgrading.txt documentation.

Note that you should run roundup-admin ... migrate for all your trackers to update the database schema version. Do this before you use the web, command-line or mail interface and before any users access the tracker.

Roundup requires Python 2 newer than version 2.7.2 or Python 3 newer than or equal to version 3.6 for correct operation. (Python 3.4 or 3.5 may work, but are not tested.)

To give Roundup a try, just download (see below), unpack and run:

python demo.py

then open the url printed by the demo app.

Release info and download page:

https://pypi.org/project/roundup

Source and documentation is available at the website:

https://roundup-tracker.org/

Mailing lists - the place to ask questions:

https://sourceforge.net/p/roundup/mailman/

About Roundup

Roundup is a simple-to-use and install issue-tracking system with command-line, web and e-mail interfaces. It is based on the winning design from Ka-Ping Yee in the Software Carpentry “Track” design competition.

Note: Ping is not responsible for this project. The contact for this project is rouilj at users.sourceforge.net. Use this address for security or other sensitive issues. Development discussions occur on the roundup-devel at lists.sourceforge.net mailing list. Tickets can be opened at https://issues.roundup-tracker.org.

Roundup manages a number of issues (with flexible properties such as “description”, “priority”, and so on) and provides the ability to:

1. submit new issues,

2. find and edit existing issues, and

3. discuss issues with other participants.

The system facilitates communication among the participants by managing discussions and notifying interested parties when issues are edited. One of the major design goals for Roundup that it be simple to get going. Roundup is therefore usable “out of the box” with any Python 2.7.2+ (or 3.6+) installation. It doesn’t even need to be “installed” to be operational, though an install script is provided.

It comes with five basic issue tracker templates

• a classic bug/feature tracker

• a more extensive devel tracker for bug/features etc.

• a responsive version of the devel tracker

• a jinja2 version of the devel template (work in progress)

• a minimal skeleton

and supports four database back-ends (anydbm, sqlite, mysql and postgresql).

Recent Changes

From 2.1.0 to 2.2.0.

Fixed:

• issue2551161 - Fix ResourceWarnings when running with -W default. Cleaned up leaking file descriptors from zopetal pre-compile, python module compile and loading localization file. (John Rouillard)

• When using roundup-server with native SSL, only accept TLS v1.2. Previously it used to accept only TLS v1.1. 1.1 is deprecated by chrome. I don’t expect this to be a major problem since a front end server (apache, Nginx…) is usually customer facing and terminates SSL. (John Rouillard)

• Fix hang when valid user without authorization for REST tries to use the rest interface. (John Rouillard)

• Remove Content-Type and make sure no content is returned by OPTIONS request in REST interface. (John Rouillard)

• In write_html set the Content-Length when response is not encoded/compressed. (John Rouillard)

• In REST interface do not raise UsageError for invalid api version. Return json error with proper message. Fixes crash. (John Rouillard)

• In REST interface, allow extensions on URI less than 6 characters in length. All other paths with a . in then will be passed through without change. This allows items like a JWT to be passed as a path element. (John Rouillard)

• issue2550995 - KeyError classic during roundup-admin install. Add paths to search for locale and template files.

• issue2551167 - pip install in containerized environments puts template and locale files under site-packages where roundup can’t find them. Change code to find them under site-packages.

• REST replace hard coded list of child endpoints for /rest/ with list pulled from registered endpoints. So newly added endpoints are shown. (John Rouillard)

• issue2551107 - Handle representation of long int in history params for python3. Causes SyntaxError crash when showing history due to long int e.g. 2345L. This is not a problem for roundup trackers created using 1.2.0 or newer. The fix may have predated the 1.2.0 release but where the fix actually landed (representing id as a string and not as an int) is unknown.

• issue2551175 - Make ETag content-encoding aware. HTTP ETag headers now include a suffix indicating the content-encoding used to send the data per rfc7232. Properly validate any form of ETag suffixed or non-suffixed for If-Match.

• issue2551178 - fix Traceback in Apache WSGI - during file upload

• issue2551179 - make roundup-demo initialize templates using config_ini.ini overrides. Needed for jinja to set template lang etc. Recognize minimal template when presented with a full path. (John Kristensen (jerrykan) and John Rouillard)

• handle configparser.InterpolationSyntaxError raised if value has a single %. Seems to afect python 3 only. Reported by nomicon on IRC. (John Rouillard)

• add random delay to session database retry code between 0 and .125 seconds. This seems to help reduce stalled connections when a number of connections are made at the same time. Log remaining retries once 5 of them have been used. (John Rouillard)

• issue2551169 - setup.py enters endless loop on gentoo linux python2 installation. Fixed.

• issue2551185 - must set PYTHONPATH=… python2 setup.py install –prefix=/tmp/r2. Force insert –old-and-unmangable to get it to use a classic installer and not an easy install. This only affects python2.

• issue2551186 - Python versions >= 3.3 no longer use socket.sslerror. Andrew (kragacles) patched uses of socket.sslerror in mailgy.py. Patch adapted to allow trapping sslerror under both python2 and 3. (John Rouillard)

• issue2551142 - postgresql reworked to use savepoint/”rollback to” rather than commit()/rollback(). Using savepoint should be faster.

• issue2551196 - Unset labelprop of a Multilink can lead to Python error when using context/history. (reported and initial patch: Nagy Gabor, John Rouillard)

• Fix roundup-server to pass If-Range http header so Ranges work better. (John Rouillard)

• issue2551183 - Replace references to distutils in roundup/dist/command (John Rouillard)

• Fix hang if Range request was not able to be satified or a HEAD request was done.

• Mark strings involved with password reset and registration for translation. (reported: Thomas Arendsen Hein, John Rouillard)

• issue2551159 - cl.filter fails if filterspec is None (also group and sort). Passing a sort, group or filterprop param set to None to any filter() call should not cause a traceback. It will pretend as though no filter, sort or group was specified. (John Rouillard)

• issue2551205 - Add support for specifying valid origins for api: xmlrpc/rest. Allows CORS to work with roundup backend. (John Rouillard)

• new option added to config.ini: login_empty_passwords set to no by default. Setting this to yes allows a user with an empty password to login.

• issue2551207 - Fix sorting by order attribute if order attributes can be None. Add a test.

• issue2551203 fix CORS requests by providing proper headers and allowing unauthenticted CORS preflight requests. (Marcus Priesch and John Rouillard)

• issue2551206 - removed some windows installer references that were missed.

• document use of jinja2 templating as optional in config.ini file. Report if available or not. (John Rouillard)

• make setup.py install the Zope and wsgi.py frontends under share/frontends. This matches the install of the cgi-bin/roundup.cgi frontend. (John Rouillard)

• prevent submit button from showing up when using _generic.item.html if the user doesn’t have edit permissions. (John Rouillard)

• issue2551216 - create new mysql databases using COLLATE utf8_general_ci to prevent crashes in test suite. (John Rouillard)

Features:

• issue2551147 - Enable compression of http responses in roundup. Allow roundup to return gzip, (br or zstd with added modules) Content-Encoded replies. Compression could be done in upstream proxies/wsgi server but this allows it to occur natively. (John Rouillard)

• Change tracker templates adding required to login forms. Invokes browser error reporting if user forgets to fill in a field. (John Rouillard)

• issue1596345 - filtering user list (need user.search.hml). Incorporate user search features from issues.roundup-tracker.org into classic template. Devel and responsive templates already have this feature.

• issue2550917 - Add a: “Welcome user, you have logged in” ok_message on login. (Ashley Burke)

• enable HTTP/1.1 for roundup-server. This enables keep-alive for faster response/loading. Also eliminates stalls when the front end web server uses http 1.1 but the roundup-server uses 1.0. New option “-V HTTP/1.0” can turn it off. (John Rouillard)

• issue2551163 - add scripts/Docker/Dockerfile to provide basic support for containerization. See installation.txt for details. (John Rouillard)

• issue2551163 - add scripts/Docker/docker-compose.yml to get a mysql/roundup deployment. (Norbert Schlemmer, modified by John Rouilard)

• REST add openapi_doc decorator to add openapi_doc to endpoints. Decorate a couple of examples. (John Rouillard)

• REST when incorrect method is used, report allowed methods in error message as well as in an Allow header. (John Rouillard)

• REST change response to invalid attribute specified in path. Return 400 code not 405 code for this case and improve error. (John Rouillard)

• REST correct values for some Access-Control-Allow-Methods and Access-Control-Allow-Headers headers. (John Rouillard)

• issue2550991 - define default cache control settings for javascript and css assets. (John Rouillard)

• issue2551181 - fragments can be appended to designators. So issue23#msg24 could jump to the element with id msg24 in issue 23. Before this patch you would have two links issue23 and msg24 separated by # (John Rouillard).

• added small utility script to dump dbm based tracker databases (e.g. db/sessions). (John Rouillard)

• issue2551182 - Enhance configuration module to allow loading values from an external file. Secrets (passwords, secrets) can specify file using file:// or file:///. The first line of the file is used as the secret. This allows committing config.ini to a VCS. (John Rouillard)

• Added xapian indexer to Docker container. (John Rouillard)

• Add support for indexer type native-fts to use FTS5 for sqlite databases. (John Rouillard)

• Add support for indexer type native-fts to use PostreSQL’s full text search. (John Rouillard)

• Add better error display to the user. Needed to expose errors in fts5 search syntax to the user while also displaying the template page structure. (John Rouillard)

• issue2551189 - increase size of words in full text index. Many terms (like exception names or symbolic constants) are larger than 25. Also German words are long. Since there is little chance of fixing German to shorten their words, change indexer maxlength to 50. (Thomas Arendsen Hein provided patch; patch reworked John Rouillard)

• issue2551184 - add an i18n object to the roundupdb. This makes it possible to translate error messages in detectors (or actions). The i18n object is now also correctly set for the mail interface: previously the ‘language’ setting in the [mailgw] section seems to have been ignored. Thanks to Marcus Priesch for the patch.

• issue2551212 - speed up wsgi interface by caching the tracker instance. Hidden behind a feature flag. See upgrading.txt for details. (Marcus Priesch with feature flag by John Rouillard)