1 files changed, 235 insertions, 0 deletions

diff --git a/doc/CHANGES.md b/doc/CHANGES.md
index 59c2d3f37..8940cd78b 100644
--- a/doc/CHANGES.md
+++ b/doc/CHANGES.md
@@ -1,3 +1,238 @@
+# Version 0.17
+
+## Highlighted features
+
+* There is some initial support for making a request to multiple
+  authorities at once.
+* There is a new form for users to request that a new authority should
+  be added, or to request an update to the contact email used for an
+  authority. Site admins are emailed about these requests, and can
+  resolve them from the admin interface.
+* For attachments where we rely on Google Document Viewer to display the
+  HTML version, link to the HTTPS version where the Alaveteli site is
+  served over HTTPS to avoid mixed content warnings and non display in
+  some browsers (Matthew Somerville).
+* The 'view requests' page now has some fragment caching backed by
+  memcached to speed up serving commonly used lists of requests - e.g
+  all successful requests. Like the caching introduced in release 0.16,
+  this is controlled by the `CACHE_FRAGMENTS` parameter in the config
+  file and will be on by default.
+* A user's annotations can now be seen on their admin page (Andrew
+  Black)
+* Better detection of the quoted text of a previous email in the HTML
+  parts of responses.
+* Fixed bugs in the profile photos (György Peng), calendar translations
+  (Mark Longair), the use of external utilities (Ian Chard), the
+  internal admin authority locale handling (Mark Longair), badly formed
+  attachment handling (Rowan Crawford).
+
+## Upgrade notes
+
+* To use the batch request functionality, set the `ALLOW_BATCH_REQUESTS`
+  parameter to `true` in your config file. Once this is done, and the
+  install has been restarted, any user for whom 'Can make batch
+  requests' is checked in the admin interface should see a new link on
+  the 'Select an authority' page that allows them to make a batch
+  request.
+* If your theme overrides the help/requesting template, you should
+  update the link in the section on requesting new authorities so the
+  link points to `<%= new_change_request_path %>` instead of `<%=
+  help_contact_path %>`.
+* If your site runs over HTTPS, some cached attachments may still
+  contain links to Google Document Viewer with 'http', not 'https'. You
+  can clear the cached attachments after upgrade, and they will be
+  created with links that use the correct protocol.
+* This release includes an update to the commonlib submodule - you
+  should be warned about this when running rails-post-deploy.
+
+# Version 0.16
+
+## Highlighted features
+
+* Upgrade of the Rails framework to 3.2.16
+* Enabling the Rails asset pipeline for managing assets (more about the
+  asset pipeline at http://guides.rubyonrails.org/asset_pipeline.html).
+* The all authorities csv download now uses less system resources
+* Ruby 2.0 is now included in the matrix of versions we run continuous
+  integration tests against
+* When using capistrano, the RAILS_ENV can now be explicitly set from
+  deploy.yml
+* The front page and request pages once more use fragment caching backed
+  by memcached to speed up serving of slow parts of these pages
+* The robots.txt file has been updated to allow crawling of response
+  attachment files (in original and HTML versions)
+* The `themes:install` rake task is kinder to developers; it no longer
+  removes and reclones themes, destroying local changes, and it keeps
+  themes as git repositories.
+* Social media elements (the blog, twitter feed) are only included if
+  the appropriate config variables (BLOG_FEED and TWITTER_USERNAME) have
+  been populated.
+* Some fixes to the treatment of hyphenated/underscored locales so that
+  public body translations are consistently stored using the underscore
+  format of the locale (so 'he_IL', not 'he-IL').
+* The popup message elements for temporary notices and for letting users
+  know about other sites have been made consistent and now use simpler
+  styles.
+
+## Upgrade notes
+
+* You will need to update your theme to use the asset pipeline - notes
+  on how to do this are in doc/THEME-ASSETS-UPGRADE.md
+* The syntax of the highlight and excerpt methods has changed, so if you
+  use these in your theme, you may see deprecation warnings until you
+  update them. More information at http://apidock.com/rails/v3.2.13/ActionView/Helpers/TextHelper/highlight
+  and
+  http://apidock.com/rails/v3.2.13/ActionView/Helpers/TextHelper/excerpt
+* If you don't want to use fragment caching, you can turn it off in your
+  config file by setting `CACHE_FRAGMENTS` to `false`.
+* If you use a locale with an underscore in it, you should double check
+  that the locale field of your `public_body_translations` table shows
+  the underscore version of the locale name.
+* This release includes an update to the commonlib submodule - you
+  should be warned about this when running rails-post-deploy
+* All code has been moved out of the deprecated plugin path
+  `vendor/plugins`. Once you are up and running under 0.16, you should
+  check that your xapian databases have all been copied to
+  `lib/acts_as_xapian/xapiandbs` (the code in
+  `config/initializers/acts_as_xapian` should do this), and then check
+  and remove any files under vendor/plugins so that you won't get
+  deprecation warnings about having Rails 2.3 style plugins (deprecation
+  warnings can result in incoming mail getting an auto reply under some
+  email configs).
+* If you have any custom styles that rely on the absolute positioning
+  of the 'banner' and 'wrapper' elements, they may need to be updated.
+* Cached HTML versions of attachments in cache/attachments_production/
+  will have obsolete links to `/stylesheets/main.css` and
+  `/images/navimg/logo-trans-small.png`. You can resolve these by either
+  moving the cached attachments away and allowing them to be regenerated
+  on demand, or by symlinking `public/stylesheets/main.css` to
+  `public/assets/application.css` and
+  `public/images/navimg/logo-trans-small.png` to
+  `public/assets/navimg/logo-trans-small.png`.
+
+#  Version 0.15
+
+## Highlighted features
+
+* A new install script for setting up Alaveteli automatically on
+  a fresh Debian wheezy or Ubuntu precise server, and a
+  Vagrantfile so that it can be easily invoked by `vagrant up`
+* Salutations in outgoing messages now can contain regular
+  expression special characters.
+* The links to public bodies from the first letters of the
+  alphabet now work properly in when the letter would be
+  represented by multiple bytes in UTF-8.
+* There are improvements to searching for public bodies and
+  when the "ask us to add one" message is shown.
+* There is a fix for the
+  [long-standing error](https://github.com/mysociety/alaveteli/issues/555)
+  about duplicate Xapian job creation.
+* A new rake task for importing large numbers of public bodies
+  from CSV files: `rake import:import_csv`.
+* Various improvements to the public body statistics graphs,
+  thanks to feedback from the WDTK volunteers.
+* The new_relic gem has been updated (Matthew Landauer)
+* An example nginx config file for running Alaveteli behind
+  nginx: `config/nginx.conf.example`.
+* There's now a simple script for switching between themes
+  (`script/switch-theme.rb`) for developers who have to work on
+  more than one jurisdiction's theme.
+
+# Version 0.14
+
+## Highlighted features
+* There is now an option to display a public body statistics page (currently not linked to from anywhere) showing bodies with the most requests, most successful requests, fewest successful requests, most overdue requests, and bodies that reply most frequently with "Not Held" - see Upgrade notes for how to turn this option on. (Mark Longair)
+* Individual incoming and outgoing messages can be made hidden, or requester_only from the admin interface.
+* Zip downloads now can be run in single-threaded instances, and use send_file rather than a redirect to serve up cached zip files.
+* Starting to use factory_girl to generate model instances for use in specs - hopefully in the long term removing dependencies between specs, and allowing them to run faster once we can remove the loading of fixtures each time.
+* Fix to allow public body list page to use current, not default locale, with optional fallback to default [issue #1000](https://github.com/mysociety/alaveteli/issues/1000) - see Upgrade notes for fallback option (Mark Longair)
+* Fix to allow request titles composed of only unicode characters [issue #902](https://github.com/mysociety/alaveteli/issues/902)
+* Fix for occasional errors caused by race conditions in xapian updates [issue #555](https://github.com/mysociety/alaveteli/issues/555)
+* Diagnostic errors are now not shown for local requests, so that the user-facing error pages will be shown when running Alaveteli behind a proxy in production (Henare Degan)
+
+## Upgrade notes
+* By default, Alaveteli will now serve up request zip files itself, which will occupy a Rails process until the file has been received. To pass these files off to Apache, and free up the Rails process, install the libapache2-mod-xsendfile package, and update your httpd.conf file with the new Sendfile clause at the end of config/httpd.conf-example).
+* In your production install, from the Alaveteli directory (as the Alaveteli deploy user), run the following commands to remove the zip download directory from direct access by your webserver, and preserve any cached zip files:
+`mkdir cache/zips/production/`
+`mv cache/zips/download cache/zips/production/download`
+`rm public/download`
+* This release upgrades the assumed version of Ubuntu from lucid (10.04) to precise (12.04)
+* This release upgrades rubygems in config/packages - version 1.8.15 is available from squeeze-backports on Debian or by default in Ubuntu precise. This upgrade may result in "invalid date format in specification:" errors - these should be fixable by manually deleting the gems specs that are being referenced in the error and re-running rails-post-deploy
+* If you would like to have a public body statistics page (this will be publicly available), set the `PUBLIC_BODY_STATISTICS_PAGE` param in general.yml to `true`. You should also add a new cron job based on the one in config/crontab-example `https://github.com/mysociety/alaveteli/blob/rails-3-develop/config/crontab-example#L29` to update the public body stats each day.
+* If you would like the public body list page to include bodies that have no translation in the current locale, but do have a translation in the default locale, add a `PUBLIC_BODY_LIST_FALLBACK_TO_DEFAULT_LOCALE` param set to `true` to your config/general.yml file.
+
+
+# Version 0.13
+## Highlighted features
+
+* Fix for bug that resulted in some incorrect results when using search by request status [issue #460](https://github.com/mysociety/alaveteli/issues/460). You can view and fix requests with inconsistent state history using `rake temp:fix_bad_request_states`
+* All status updates (whether by the request owner or another user) are now logged in the event history, for better audit) (Matthew Landauer)
+* Fix for bug that dropped accented characters from URLs [issue #282](https://github.com/mysociety/alaveteli/issues/282) (zejn)
+* A fix for a bug that produced binary mask errors when handling multibyte characters in responses [issue #991](https://github.com/mysociety/alaveteli/issues/991)
+* Some locale fixes for locales with a dash in them [issue #998](https://github.com/mysociety/alaveteli/issues/998) and [issue #999](https://github.com/mysociety/alaveteli/issues/999).
+* Some improvements in the labelling of defunct authorities (Matthew Somerville)
+* The addition of a check on the status of the commonlib submodule to the rails-post-deploy script.
+
+## Upgrade notes
+* Check out this version and run `rails-post-deploy` as usual.
+* This release includes an update to the commonlib submodule - you should now be warned about this on running `rails-post-deploy`. You can update to the new version with `git submodule update`.
+* After deploying, run `rake temp:fix_bad_request_states` to find and list requests that have an inconsistent history - run `rake temp:fix_bad_request_states DRYRUN=0` to fix them.
+
+# Version 0.12
+## Highlighted features
+*  Remove support for theme stylesheet inclusion via template (deprecated in version 0.5)
+* Addition of a simple JSON API for querying the Ruby and Alaveteli version of an Alaveteli instance - made available at /version.json (Matthew Landauer)
+* Users can now give more information when reporting a request as unsuitable (Matthew Landauer)
+* The donation url presented to users when they report their request as successful or partially successful is now option and the url itself can be configured using the config param DONATION_URL
+* Internal review request text is now translatable
+* config/crontab.ugly is now config/crontab-example
+* Search query highlighting should now work with non-ascii characters [issue #505](https://github.com/mysociety/alaveteli/issues/505) (Matthew Landauer)
+* A bug that allowed people to sign up with email addresses with spaces in them has been fixed [issue #980](https://github.com/mysociety/alaveteli/issues/980). Any existing email addresses with spaces in them will cause problems e.g. when the cron scripts encounter them. You can fix them manually, or by running `rake temp:clean_up_emails_with_spaces` from `lib/tasks/temp.rake`
+* [List of issues on github](https://github.com/mysociety/alaveteli/issues?milestone=30&state=closed)
+
+## Upgrade notes
+* Check out this version and run `rails-post-deploy` as usual.
+* Add a DONATION_URL to your config/general.yml file if you want to use your own donation URL.
+
+# Version 0.11
+## Highlighted features
+* Upgrade of the Rails framework to version 3.1.12 (Henare Degan, Matthew Landauer, Mark Longair, Louise Crow)
+
+## Upgrade notes
+* Manually remove vendor/rails-locales
+* Themes created for 0.9 and below should be updated to work with Rails 3. See `THEMES-UPGRADE.md` for notes on upgrading your theme. You will need to manually remove your old theme directory before running `rails-post-deploy`.
+* The `config/httpd.conf` has moved to `config/httpd.conf-example`, as it may need customization before deploying. It also has a new line setting RackEnv to production - copy this to your config/httpd.conf file.
+* Alaveteli now uses the [mail gem](https://github.com/mikel/mail) rather than [tmail](https://github.com/mikel/tmail) to handle mail. If you're using Exim as your MTA, you'll need to use the setting `extract_addresses_remove_arguments = false` in your Exim conf (see INSTALL-exim4.md for details). This means it won't remove addresses specified with -t on command line from the mail recipient list.
+
+# Version 0.9
+## Highlighted features
+* Consistent and more informative variable interpolation syntax in translated phrases. All of these phrases will now appear in the form "There are {{count}} people following this request", where some were previously in the form "There are %s people following this request". (Matthew Landauer)
+* Replaces deprecated calls to with_locale on ActiveRecord classes in preparation for upgrade to Globalize3 (Matthew Landauer)
+* Fixes a database deadlock bug caused by near-simultaneous incoming emails for the same info request (Mark Longair)
+
+## Upgrade notes
+* Check out this version and run `rails-post-deploy` as usual.
+
+
+# Version 0.8
+## Highlighted features
+* Support for running the site over SSL/TLS only and corresponding removal of support for a proxied admin interface, including the deprecation of the main_url and admin_url helpers.
+* Merging of the adminbootstrap theme into core Alaveteli, replacing the existing admin theme. (Matthew Landauer)
+* Move to HTML 5 (Matthew Landauer)
+* More consistent UI for links in the admin interface
+* [Security] Upgrades the Rails version to 2.3.17 to get fixes for CVE-2013-0277, CVE-2013-0276 (Although core Alaveteli does not use serialize or attr_protected), upgrade JSON gem to get fix for CVE-2013-0269.
+* A bugfix for Chrome's autofilling of signup fields (Vaughan Rouesnel)
+* Improvements to the accessibility of the search boxes (Nathan Jenkins)
+* Only one email sent when asking for admin attention to a request  [issue #789](https://github.com/mysociety/alaveteli/pull/864) (Matthew Landauer)
+* A number of XSS escaping fixes for Version 0.7 (Matthew Landauer)
+* The emergency admin account can now be disabled
+
+## Upgrade notes
+* Check out this version and run `rails-post-deploy` as usual.
+* Remove adminbootstrap from the THEME_URLS or THEME_URL config variable, and remove vendor/plugins/adminbootstraptheme, and the softlink public/adminbootstraptheme.
+* There is a new config variable FORCE_SSL, which defaults to true, meaning that Alaveteli will redirect all "http" requests to "https", set the Strict-Transport-Security header and flag all cookies as "secure". For more information about running your install over SSL/TLS, see the [install guide](https://github.com/mysociety/alaveteli/blob/develop/doc/INSTALL.md#set-up-production-web-server). If you don't want to run over SSL/TLS, add the config variable FORCE_SSL to your config/general.yml and set it to false.
+* If you would like to disable the emergency user account, set DISABLE_EMERGENCY_USER to true in you config/general.yml
+
 # Version 0.7
 ## Highlighted features
 * [Security] Upgrades the Rails version from 2.3.15 to 2.3.16 to get fix for a critical security flaw in Rails (CVE-2013-0333).