diff options
Diffstat (limited to 'doc/CHANGES.md')
| -rw-r--r-- | doc/CHANGES.md | 74 |
1 files changed, 74 insertions, 0 deletions
diff --git a/doc/CHANGES.md b/doc/CHANGES.md index 8ee29a9f6..961a851a3 100644 --- a/doc/CHANGES.md +++ b/doc/CHANGES.md @@ -1,3 +1,77 @@ +# Version 0.21 + +## Highlighted Features +* Lots of improvements in the process of making a new + request (Martin Wright, Gareth Rees, Louise Crow): + * Removal of confusing AJAX results in `/select_authority`. + * Better layout of search/filtering options on the authority pages. + * Better layout of the authority pages on smaller screens. + * The dynamic list of possibly related requests for a new request + is now limited to requests to the same authority and capped at + three requests + * 'Create a new account' option now more prominent than 'Sign in' on `/sign_in` + * Better options for sharing your request on social media, and other + actions to take once the request is made. +* Some general security improvements: + * State changing admin actions are now restricted to PUT or POST methods + to protect against CSRF attacks, and now use more standard RESTful + routing (Louise Crow). + * Global request forgery protection is now used (Gareth Rees). + * Some standard security headers are added by default (Louise Crow). + * A TTL is enforced on session cookies (Louise Crow). +* Added a new `AUTHORITY_MUST_RESPOND` configuration variable. Set this to + `true` If authorities must respond by law. Set to `false` otherwise. It + defaults to `true`. At the moment this just tweaks some UI text (Gareth Rees). +* New rake task for cleaning theme translations - `rake + gettext:clean_theme` (Gareth Rees). +* There's a new admin interface for adding public holidays for the site, + to be used in calculating request due dates. Documentation for using + this interface is available at + http://alaveteli.org/docs/installing/next_steps/#add-some-public-holidays (Louise Crow). +* Some interface phrases have been grouped together for easier + translation (Gareth Rees, Louise Crow). +* Now using the bootstrap js files from the bootstrap-sass gem. +* Confusing 'web analytics' section of admin pages removed (Henare Degan) +* Banned users can no longer update their profile (Gareth Rees). +* The code that removes email addresses and mobile phone numbers from + the public view of requests an responses has been refactored, and the + text that's used to replace the email addresses and phone numbers can + now be translated (Louise Crow). +* Fixed a bug with the CSV import of authorities which have the same + name in multiple locales (Louise Crow). +* No longer need to restart webserver when compacting Xapian database (Gareth + Rees). +* `config/deploy.yml` now accepts a `daemon_name` parameter so that Capistrano + can deploy multiple Alaveteli instances on the same host (Gareth Rees). + +## Upgrade notes + +* Admin route names have been standardised so if you have overridden + templates that refer to admin routes, check the original templates to + see if these need to be changed. +* If you override the `app/views/user/_signin.html.erb` or + `app/view/user/_signup.html.erb` templates, check the tabindex order + is still sensible - the order of the elements on the page has changed + - signup now appears on the left. +* If you override the application stylesheets rather than adding to them + using a `custom.css` or `custom.scss` file, check that your + stylesheets still order elements correctly in the templates + `app/views/request/select_authority.html.erb`, + `app/views/public_body/show.html.erb` and + `app/views/request/new.html.erb`. Also, if you use the application + stylesheets, but have overridden any of these templates or their partials, check to see + if you need to update the order of elements in the templates. +* [Regenerate your crontab](http://alaveteli.org/docs/installing/manual_install/#generate-crontab) + so that compacting the Xapian database only restarts the application, rather + than the webserver. This requires the [appropriate SysVinit script](http://alaveteli.org/docs/installing/manual_install/#generate-application-daemon) to be installed. +* Alaveteli daemons must be executable by the app owner in a Capistrano setup. + In a regular setup, the permissions should be `rwxr-xr-- root:alaveteli`. +* `config/sysvinit-thin.ugly` has been improved. Regenerate it with + `rake config_files:convert_init_script`. See [the documentation](http://alaveteli.org/docs/installing/manual_install/#generate-application-daemon) + for more information. +* This release includes an update to the commonlib submodule - you + should be warned about this when running rails-post-deploy. + # Version 0.20 ## Highlighted Features |