| blob | 3ef8529cffa082a1db25c81bb75eb136d2e343c0 |
1 # Releases
3 Deploy for 2023.11.27.20.52.7
4 -----------------------------
6 - Only keep 90% of quota amount when deleting emails is enabled (#601)
7 - Drop django-mptt and use our own nested sets implementation (#600)
8 - Allow img tag in blog posts (#603)
10 Deploy for 2023.9.12.15.59.8
11 ----------------------------
13 - Change version string to be compatible with PEP 440
14 - Upgrade to Django 4.2
15 - Update Python and JS dependencies
17 Deploy for 2021-12-02T19-43-58
18 ------------------------------
20 - Added a QR code view to each inbox
21 - Upgrade dependencies for latest security updates
23 Deploy for 2021-09-15T19-27-19
24 ------------------------------
26 - Update to Celery 5
27 - Add question data to liberation (#591)
28 - Update dependencies for various security fixes
30 Deploy for 2021-06-25T22-51-26
31 ------------------------------
33 - Update to Django 3.2
34 - Fix copying inbox address (#584)
35 - Strings in JS are now translatable
36 - Data liberation is now limited to once a week per user
38 Deploy for 2021-04-05T20-51-52
39 ------------------------------
41 - Add monitors for Celery and Salmon (#555)
42 - Rework stats page (#534)
43 - Remove CSP report URL (#562)
44 - Allow partial parsing of badly encoded emails (#262)
45 - Add link to issue tracker to error pages (#209)
46 - Add inbox description to breadcrumbs (#552)
47 - Add unicode filename to downloaded parts (#206)
48 - Add auto-complete to attributes to various forms (#539)
49 - Scrub Question and Response models rather than delete when user is deleted (#271)
50 - Enable "remember me" feature for two-factor authentication (#576)
51 - Add links to ticket emails for admins (#326)
52 - Fix quota bar and disappearing text (#550)
54 Deploy for 2020-10-10T00-21-00
55 ------------------------------
57 - Enforce two factor auth for users who have otp devices available (#544)
59 Deploy for 2020-09-28T20-38-01
60 ------------------------------
62 * Make pagination headings only visible to screenreaders (#542)
63 * Move PID files to /var/run/inboxen
65 Deploy for 2020-08-14T22-38-11
66 ------------------------------
68 - Fix numerous accessibility issues (#175)
69 - Fix crash in django-elevate due to our auth backend (#526)
70 - Rework settings page to remove nav-pills (#533)
71 - Fix clash with setting LOGOUT_URL (#529)
72 - Prevent Celery 4.4.7 from being installed, it breaks tasks
73 - Update to factory-boy 3
75 ### Deploy for 2020-07-27
77 * Remove `django-ratelimit-backend` and use our own ratelimit code (#526)
78 * New management command: disowned
79 * Grunt now puts static files into `inboxen/static`, allowing Inboxen to be used as a proper Python package
80 * Security updates for django-twofactor-auth and django-sendfile2
82 ### Deploy for 2020-06-09
84 * Display works on next/prev buttons (#512)
85 * Configuration is now done via a YAML file (#494)
87 ### Deploy for 2020-04-21
89 * Fix memory issues when deleting a large number of objects (#513)
91 ### Deploy for 2020-04-12
93 * Fix inbox flag calculation task (#497)
94 * Fix session extending code (#489)
95 * Users who have not logged after a certain amount of time will have their personal data removed from Inboxen (#444, #504, #505)
96 * Switched scheduled tasks to a cron-style schedule (#502)
97 * Stop using old MiddlewareMixin (#507)
98 * Disabled Swedish translations now
100 ### Deploy for 2020-02-15
102 * Update various dependencies
103 * Fix admin page previews
105 ### Deploy for 2019-11-11
107 * Filter out deleted emails when calculating `Inbox.last_activity` (#484)
108 * Fire user login signal when cycling session keys (#444)
109 * Add missing decorator to download email view (#488)
111 ### Deploy for 2019-11-07
113 * Remove Watson completely and remove unused table (#412)
114 * Reset inbox flags when deleting emails (#391)
115 * Remove sed commands from update-py-requirements Make rule
117 ### Deploy for 2019-10-18
119 * Restore `update_last_login signal` in preparation for future work (#444)
120 * Prevent attachments from over-expanding (#458)
121 * Include source maps for JS and CSS assets (#462)
122 * Remove redundant lambda functions
123 * Move add inbox button (#467)
124 * Simplify `find_bodies` code (#465)
125 * Implement new search view (#412)
127 ### Deploy for 2019-08-06
129 * Remove WebAssets, we now use GruntJS to build static assets (#447)
130 * Switch from ruby-sass to dart-sass (#399)
131 * Fix issue where a single admin would cause a configuration error (#455)
133 ### Deploy for 2019-06-09
135 * Fix error in the way the password change view redirects (#441)
137 ### Deploy for 2019-06-04
139 * Rate limit single email download (#433)
140 * Improve cleaning of HTML parts to improve how they are displayed (#404)
141 * Fix attachment download (#437)
143 ### Deploy for 2019-05-24
145 * Update to Django 2.2 (#367)
146 * Add feature to download a single email (#176)
147 * Reduce pagination size from 100 to 25. This is still more than a screen full. (#423)
148 * Make console commands for interacting with Salmon nicer (#216)
149 * Set Inbox flags to their default state when disowning (#335)
150 * Add feature to download backup tokens (#332)
151 * Remove old dependencies required for Python 2.7 and Django 1.11
153 ### Deploy for 2019-05-01
155 * Fix liberation bug due to user having a prefered domain (#418)
156 * Add migrations required by latest release of django-mptt
157 * Update versioneer config to display git tags correctly
159 ### Deploy for 2019-03-04
161 * Remove mock dependency (#414)
162 * Add new search index columns in preparation for removing django-watson (#412)
164 ### Deploy for 2019-02-24
166 * Django security release
168 ### Deploy for 2019-01-22
170 * Prevent Salmon from emailing errors to admins, spamming their inbox (#410)
172 ### Deploy for 2019-01-10
174 * Completely removed all traces of django-bitfield (#358)
175 * Make Inboxen a proper Python package (#163)
176 * Add a check for Domains and a console command to allow creating domains (#393)
177 * Fix issue with exporting broken emails (#370)
178 * Allow users to delete their inboxes (#373)
180 ### Deploy for 2018-10-29
182 * HOTFIX ``ADMINS`` should be a list, not a generator (#385)
184 ### Deploy for 2018-06-12
186 * Change code to use new boolfields - requires downtime (#325)
187 * Allow users to auto-delete emails after 30 days (#83)
188 * Implement a quota system to avoid users eating all of our disk space (#359)
189 * This system is entirely optional and not enabled by default
191 ### Deploy for 2018-05-22
193 * Add boolean fields to replace bitfields in various models (#325)
194 * Make sure cache keys generated for ratelimiting are URL-safe (#354)
196 ### Deploy for 2018-05-11
198 * Rate limit inbox creation and remove inbox requests feature (#350)
199 * Proper search (#45)
200 * Pagination for search results
201 * Slimmer indexing, which should also make for faster searching
203 ### Deploy for 2018-04-14
205 * Proper Python 3 support (#261)
206 * Upgrade to Celery 4 (#222)
207 * Do lint checks as part of normal testing
208 * Add a copy button to each inbox (#100)
209 * Rate limit user registration (#342)
210 * Change "X big units, Y small units" times to just "X big units" (#337)
211 * Fix button column width on home view (#338)
212 * Fix responsiveness of stats charts (#341)
213 * This will also mean that the stats page will have `'unsafe-inline'` on the stats page
215 ### Deploy for 2018-03-23
217 * Fix username change form to actually change the username (#327)
219 ### Deploy for 2018-03-15
221 * Tests for OTP views (#283)
222 * Buttons should give some visual feedback that they're doing something (#279)
223 * Initial JS tests (#303)
224 * Move from django-sudo to django-elevate (#282)
225 * Reduce static asset sizes
226 * Use UglifyJS to mangle our JS reducing each of our JS bundles by about 50KB
227 * Only import the parts of Bootstrap that we actually use, reducing our CSS bundle by about 40KB
228 * Add favicons for various devices (#181)
230 ### Deploy for 2018-02-18
232 * Improve keyboard accessibility on home and inbox pages (#278)
233 * Add work-around for Django-Two-Factor-Auth bug in LoginView (#292)
234 * Set X-XSS-Protection to something other than its dangerous default (#297)
235 * Set HSTS headers in Django - this makes HSTS no longer optional (#298)
236 * Test security features (#298)
237 * Used Sixer to make source code compatible with Python 3
238 * This is just a first step ot make Inboxen work on Python 3
239 * Use labels on admin lists for better readability (#263)
240 * Change text on error pages to be slightly more verbose (#302)
241 * Change referrer policy on email view to same-origin (#307)
242 * Use a more secure method to produce the random part of inboxes (#312)
243 * Cleaned up our use of datetime to make sure we're always using timezone away
244 datetime objects
245 * Removed single delete button from inbox view (#76)
246 * Those buttons are too easy to hit accidentally for an not-undoable action
247 like deleting an email
249 ### Deploy for 2018-01-18
251 * Hotfix: Fix misconfiguration of CSRF
253 ### Deploy for 2018-01-16
255 * Prevent storing NULL in char and text fields (#274)
256 * Update to the latest release of Salmon
257 * Allow HTML headings in HelpPage bodies
258 * Make sure user creation and username change forms use the same validation (#281)
259 * Handle attachment name overflow properly (#273)
260 * Update log config to include rate limit
261 * Use system fonts to avoid issues with bad substitutions of named fonts (#294)
263 ### Deploy for 2017-12-04
265 * Fix issue with header names not being stored in the correct format (#275)
267 ### Deploy for 2017-12-01
269 * Update stats task
270 * Display a running total of emails processed on stats page
271 * Remove standard deviation stat, it didn't actually mean anything for our dataset
272 * Store join date of oldest user in stats
273 * Calculate disowned inboxes
274 * Calculate `new` & `with_inboxes` via aggregate
275 * Update to the latest Salmon (#233)
276 * Properly remove Wagtail as a dependency (#254)
277 * Pin Python dependencies with `pip-tools` (#251)
278 * Increase default Inbox length (#226)
279 * Make sure we have valid HTML when displaying emails (#269)
281 ### Deploy for 2017-11-13
283 * New admin! (#254)
284 * Remove Wagtail admin
285 * User-facing part of CMS is complete
286 * Admin-facing part of CMS is a bit bare-bones
288 ### Deploy for 2017-09-24
290 * Cycle session key to help protect against session hijacking on long lived sessions (#187)
291 * Update JQuery to 3.0 (#183)
292 * Update ChartJS to a newer version (#184)
293 * Update Font Awesome to 4.7.x (#185)
294 * Update to Django 1.11 (#165)
295 * Upgrade to Wagtail 1.11
296 * Fix incorrect `select_related` use
297 * Removed `django-session-csrf`as it is no longer needed for Django 1.11
298 * Replace Javascript used to collapse navigation on smaller screens with a pure CSS solution (#241)
299 * Fix issue with HTML parsing around `<meta>`, sometimes it doesn't have the attributes we want
301 ### Deploy for 2017-08-19
303 * Fix some corner cases in `inboxen.utils.emails.find_bodies` (#243)
305 ### Deploy for 2017-08-16
307 * Wrap long lines in plain text emails (#227)
308 * Change how MIME parts and headers are fetched to be more generic (#109)
309 * Search and email view now use the same function when walking the MIME tree (#109)
311 ### Deploy for 2017-08-05
313 * Pass attachment name to template for email view (#229)
314 * Implement a styleguide
315 * Don't email admins every time there's an issue with HTML emails (#235)
316 * Remove last vestiges of django-extensions' UUID field (#230)
317 * Fix `FutureWarning` being raised by LXML (#232)
318 * Fix translations in template tags not being lazy (#239)
320 ### Deploy for 2017-06-17
322 * Display the text version of the 2FA secret code at the same time as the QR code (#190)
323 * Change error message feeder command gives when inbox does not exit
324 * Fix non-ASCII filename handling in attachment download (#206)
325 * Drop Sqlite support (#214)
326 * Remove "view" button from attachments (#202)
327 * Stop proxying non-HTTP URIs (e.g. mailto:) (#211)
328 * Tests are now run with the test settings module by default
330 ### Deploy for 2017-05-20
332 * Fix ratelimit warnings in tests (#197)
333 * Disable certain actions in the admin interface (e.g. disable deleting Domains (#193))
334 * Fix 500 error on questions form error (#204)
335 * Add missing copyright headers (#194)
337 ### Deploy for 2017-04-14
339 * Added Wagtail CMS (#162)
340 * Added periodic task to clear stale sessions (#186)
341 * Refactor liberation utils (#189)
343 ### Deploy for 2017-02-25
345 * Order disabled inboxes to the end of the inbox list (#177)
346 * Add target=\_blank back to email links. Reverts #131 (#174)
347 * Update Django-twofactor-auth usage to reflect API changes (#178)
349 ### Deploy for 2016-10-16
351 * Detect bounced emails sent to support@ (#172)
352 * Fix CSP headers for Django 1.9 admin pages (#171)
354 ### Deploy for 2016-10-02
356 * Emails to support@ will now be routed to admins correctly (#169)
357 * "Super user" mode has been implemented (#164)
358 * More errors to be caught when CSS transformations fail (#159)
359 * Fixes for CSP and IE Edge (#167)
360 * Use the latest Django-CSP (#158)
362 ### Deploy for 2016-08-30
364 * Apply hotfix-20160830
366 ### Deploy for 2016-07-10
368 * Fix bug where JS was not applied to forms after an error (#156)
369 * Fix bug in search where a variable wasn't properly initialised (#157)
370 * Add a pin inbox button to user home page (#147)
372 ### Deploy for 2016-06-13
374 * Tickets app is more mobile friendly (#127)
375 * Don't rely on Content-Type containing a charset in HTML bodies (#155)
376 * Add icons to buttons (#152)
377 * Remove hover styles from inline forms (#154)
378 * Inline add inbox form - add an inbox from anywhere! (#49)
379 * Make subject/description boxes of honeydew sections clickable areas (#149)
380 * Remove CBV cruft (#153)
381 * Improved stats/charts (#148)
382 * Replace non-freeish Glyphicons with Font Awesome (#143)
384 ### Deploy for 2016-05-08
386 * Bypass Premailer if HTML part has no body (#151)
387 * Fix next/previous page buttons
389 ### Deploy for 2016-04-24
391 * Pin inboxes #129
392 * Use `django.contrib.humanize` #139
393 * List total possible inboxes on stats page #103
394 * Add charts to stats page #141
395 * Tighen up URLConf to avoid over-matching #142
397 ### Deploy for 2016-03-29
399 * Improve admin site #135 #136
400 * Fix logging, specifically notying admins when something goes wrong #138
401 * Prompt users to create backup devices when they enable 2FA #72
402 * A minor collection of styling bug fixes
404 ### Deploy for 2016-03-21
406 * Remove separate admin settings #134
407 * Improve home view CSS on mobile #133
408 * Fix alignment issues on small screens on inbox view #132
410 ### Deploy for 2016-03-20
412 * Fix `window.opener` issue #131
413 * Edit inbox from email list view #84
414 * Enable Django's security middleware #123
415 * Switch to Bootstrap's grid system for inbox and email lists #71
416 * Switch to whitelisting HTML tags and attributes #121
417 * Django 1.9 #124
418 * Use AppConfig #117
419 * Test coverage for management commands #128
421 ### Deploy for 2015-12-24
423 * Improve the UI for tickets #119
424 * Rolling session #104
425 * Simplified queryset building in InboxView
426 * Unbundle front-end libraries #120
427 * Minifiers now respect copyright headers in JS and CSS #120 #118
428 * Turn off CSP report-only mode #116
429 * Fix logging #87
431 ### Deploy for 2015-12-13
433 * Fixed error when attachment not found #110
434 * Blog posts now have a slug, old posts use their PK as their slug #113
435 * New placeholder image for HTML emails #115
436 * Users now get a message when they log out #112
438 * Revert brand link behaviour
439 * Ensure all body parts are escaped properly
441 ### Deploy for 2015-12-06
443 * Major upgrade to Django 1.8
444 * Go back to storing liberation data on filesystem
445 * Reorganise apps to be more logical - no more "website" app
446 * Use version 3 of the Celery API
447 * View more than one body in an email under certain rules
448 * Updated front page - now the default home page even for logged in users
449 * A bunch of other changes that I've forgotten about
451 ### Deploy for 2015-09-17
453 * Use session based CSRF tokens #80
454 * Change the way attachments are displayed #91
455 * Remove "import" script, it was mostly useless
456 * Change search form to not violate our CSP settings #86
457 * Links from blog and emails now open a new tab #92
459 ### Deploy for 2015-09-06
461 * CSP is now enabled, only in reporting mode for now #81
462 * Added copyright headers to assets, webassets strips them out #79
463 * Block browers from sending Referer headers #62
464 * Remove inline JS #82
465 * Don't use the latest version of d2fa, they've dropped Django 1.6 support
466 * Blacklist buggy version of django-model-utils #78
467 * Remove footer from maintenance page, those links won't work if the site is down
469 ### Deploy for 2015-06-30
471 * Fix ordering issue from last deploy
473 ### Deploy for 2015-06-29
475 * Replace "created" with "last activity"
476 * Display Inbox link on Unified view
477 * Skip fewer unit tests due to old bugs
478 * Stop assets randomly failing during tests
479 * Clean up search task a bit - see 5c7cb64145cf2a411a89ae0caad4430f11336ad0
480 * Fix possible data leak - see f705ad373c2f99c976fd153b92d3aac305632442
482 ### Deploy for 2015-06-18
484 * Webassets and such!
486 ### Deployments before 2015-06-18
488 Sorry, we didn't keep a changelog before this date