[interchange-cvs] interchange - heins modified WHATSNEW

interchange-core@interchange.redhat.com interchange-core@interchange.redhat.com
Fri Dec 28 11:58:00 2001 

User:      heins
Date:      2001-12-28 16:57:25 GMT
Modified:  .        WHATSNEW
Log:
	* Bring WHATSNEW up to date with STABLE.

Revision  Changes    Path
2.7       +163 -0    interchange/WHATSNEW


rev 2.7, prev_rev 2.6
Index: WHATSNEW
===================================================================
RCS file: /anon_cvs/repository/interchange/WHATSNEW,v
retrieving revision 2.6
retrieving revision 2.7
diff -u -r2.6 -r2.7
--- WHATSNEW	2001/08/13 20:33:04	2.6
+++ WHATSNEW	2001/12/28 16:57:25	2.7
@@ -4,6 +4,169 @@
 
 ------------------------------------------------------------------------------
 
+Interchange 4.9.0 not yet released
+
+Interchange 4.8.3 not yet released.
+
+Core and usertags
+-----------------
+
+* Some fairly major changes to limit exposure to the cross-site
+  JavaScript vulnerabilities described in:
+
+		http://www.cert.org/advisories/CA-2000-02.html
+
+  The vulnerability is only serious if you have "CookieLogin Yes"
+  in your catalog.cfg definition (as unfortunately was in foundation).
+
+  It is recommended that you either set CookieLogin to No, or at least
+  do
+
+  		SaveExpire  8 hours
+
+  - Notably, [cgi ...] and [value ...] will not display < characters
+    unless you specifically enable it with the enable-html=1 option.
+
+	Normally this should cause no problems. If your site breaks
+	because of this update, you can temporarily re-enable this with:
+
+		Promiscuous Yes
+
+	in your catalog.cfg file.
+
+* New filter restrict_html.  Called with:
+
+	[filter restrict_html.a.b.i.u.p.br]
+			<SCRIPT> malicious('Gotcha!') </SCRIPT>
+	[/filter]
+
+  which prevents the <SCRIPT> from executing.
+
+* Make mv_more_alpha working in query tags.
+
+* Allow [dump] of portion of session, for example [dump scratch].
+
+UI
+--------
+* Static page building uses the original catalog settings instead
+  of the UI ones for images and URLs. Fixed another bug that
+  renders selection of "never build" pages useless.
+
+* Spreadsheet save error fixed. Interchange prevents loading of spreadsheet
+  values when the key is empty now. This has the side effect that
+  autonumbering is not possible when adding records from the spreadsheet.
+
+I18N
+--------
+* Hebrew locale from Chen Naor <chen@lilux.co.il> added.
+
+Interchange 4.8.2 released 2001-09-19.
+
+Core and usertags
+-----------------
+* In ups_query tag, don't use defaults for country, always send. Fixes
+  problem caused when UPS changed their behavior.
+
+* Add ability to set beginning/ending years in date widget.
+
+* localize now catches [msg] tags.
+
+* compile_link: Check for build_dir = source_dir to prevent attempts by
+  File::Copy to copy files on top of themselves; truncates the files.
+
+* Fix bug that caused HTML entities to not be encoded if another filter was
+  already chosen.
+
+* UserDB: Add outboard_key_col option so that you can do lookups on an
+  account_id or other information with outboard DBs.
+
+* Add option to print ellipsis (...) after truncated [filter] results,
+  like this:
+
+  [filter 10]Howdy there good buddy[/filter] -> Howdy ther
+  [filter 10.]Howdy there good buddy[/filter] -> Howdy ther...
+
+  Wherever filters work, including PREFIX-filter, etc.
+
+* Fix Util::change_url and Interpolate image rewriting for any full URL
+  protocol specification (like javascript:), not just http: and https:.
+
+* makecat
+  - take sampleurl from command line if -F specified.
+  - new option --catalogconf to make makecat fully usable on Debian
+    installations
+
+* Config.pm: Change root_dir parse routine so that it returns a scalar.
+  Add root_dir_array parsing routine for TemplateDir.
+
+* Strip Windows-style path components from uploaded images (in update_data).
+
+Foundation
+----------
+* Fix some country and state database problems for Great Britain.
+
+* Show correct 'log in' or 'log out' text for foundation users.
+
+* makedirs: Don't try to chown or chgrp if no username was given
+  (as is common when running as root, mode U, no group).
+
+* Fix promo bug forcing thumbnail sizes to 80 pixels.
+
+Admin
+-----
+* Support UI_LANG_DIRECTION variable: rtl (right to left, for Hebrew,
+  Arabic, etc.) or ltr (left to right).
+
+* Fix build_related.html so it works with DBM databases.
+
+* icmenu: The "create new affiliate" had an exclude_on setting that
+  should've been an include_on setting. The menu option now shows up in
+  the correct place. Fix for bug #297.
+
+* page_edit: Fix problem where image paths are substituted, reported
+  by Cameron Prince and others.
+
+* preferences.html fix: close input tag.
+
+* Add support for no-cookies browsing to numerous UI forms.
+
+* Add the Ultimate Image Widget (tm) suggested by Cameron Prince. Combines
+  best aspects of imagehelper and imagedir widget. Activated by adding
+  wildcard on end of outboard parameter in metadata, i.e. images/items/*
+  instead of images/items.
+
+* Primitive.pm: Add capability for specifying suffix in imagedir widget type.
+  Specify one of:
+  - Complete regex: \.(gif|jpe?g|png)
+  - or list of extensions (case-sensitive): gif jpg png
+  - or to ignore case on some: (?i)gif (?i)jpg JPEG png
+
+* Fix disappearing submenus in UI_STD_HEAD. Thanks to Brian Kosick for
+  noticing the problem.
+
+* Stop admin menus from appearing right after a logout. Thanks to John
+  Beima for pointing out the fix.
+
+* Stop generating OPTION GROUP tags for Opera browser in UI Wizard.
+
+* Resolve bug #319 by removing a page that was specific to the now-defunct
+  sample computer data.
+
+* Don't cut help topics after the default of 50 items (thanks to Ed LaFrance).
+
+Packaging
+---------
+* Minor RPM dependency improvement for interchange-foundation-demo.
+
+* Debian packaging improvements:
+  - install README.debian into /usr/share/doc
+  - useful descriptions for interchange-ui and interchange-cat-foundation
+    added (closes: #109228, #109565)
+  - foundation catalog was disabled if not reinstalled in postinst
+  - change owner/group of the base directory for static HTML files
+    to the Interchange owner/group
+  - let makecat write into /etc/interchange/catalogs.cfg
+
 
 Interchange 4.8.1 released 2001-08-13.