| blob | ca949d160d6db289daf77a87ceb6dc322b9ae64b |
1 # Releases
3 Deploy for 2020-09-28T20-38-01
4 ------------------------------
6 * Make pagination headings only visible to screenreaders (#542)
7 * Move PID files to /var/run/inboxen
9 Deploy for 2020-08-14T22-38-11
10 ------------------------------
12 - Fix numerous accessibility issues (#175)
13 - Fix crash in django-elevate due to our auth backend (#526)
14 - Rework settings page to remove nav-pills (#533)
15 - Fix clash with setting LOGOUT_URL (#529)
16 - Prevent Celery 4.4.7 from being installed, it breaks tasks
17 - Update to factory-boy 3
19 ### Deploy for 2020-07-27
21 * Remove `django-ratelimit-backend` and use our own ratelimit code (#526)
22 * New management command: disowned
23 * Grunt now puts static files into `inboxen/static`, allowing Inboxen to be used as a proper Python package
24 * Security updates for django-twofactor-auth and django-sendfile2
26 ### Deploy for 2020-06-09
28 * Display works on next/prev buttons (#512)
29 * Configuration is now done via a YAML file (#494)
31 ### Deploy for 2020-04-21
33 * Fix memory issues when deleting a large number of objects (#513)
35 ### Deploy for 2020-04-12
37 * Fix inbox flag calculation task (#497)
38 * Fix session extending code (#489)
39 * Users who have not logged after a certain amount of time will have their personal data removed from Inboxen (#444, #504, #505)
40 * Switched scheduled tasks to a cron-style schedule (#502)
41 * Stop using old MiddlewareMixin (#507)
42 * Disabled Swedish translations now
44 ### Deploy for 2020-02-15
46 * Update various dependencies
47 * Fix admin page previews
49 ### Deploy for 2019-11-11
51 * Filter out deleted emails when calculating `Inbox.last_activity` (#484)
52 * Fire user login signal when cycling session keys (#444)
53 * Add missing decorator to download email view (#488)
55 ### Deploy for 2019-11-07
57 * Remove Watson completely and remove unused table (#412)
58 * Reset inbox flags when deleting emails (#391)
59 * Remove sed commands from update-py-requirements Make rule
61 ### Deploy for 2019-10-18
63 * Restore `update_last_login signal` in preparation for future work (#444)
64 * Prevent attachments from over-expanding (#458)
65 * Include source maps for JS and CSS assets (#462)
66 * Remove redundant lambda functions
67 * Move add inbox button (#467)
68 * Simplify `find_bodies` code (#465)
69 * Implement new search view (#412)
71 ### Deploy for 2019-08-06
73 * Remove WebAssets, we now use GruntJS to build static assets (#447)
74 * Switch from ruby-sass to dart-sass (#399)
75 * Fix issue where a single admin would cause a configuration error (#455)
77 ### Deploy for 2019-06-09
79 * Fix error in the way the password change view redirects (#441)
81 ### Deploy for 2019-06-04
83 * Rate limit single email download (#433)
84 * Improve cleaning of HTML parts to improve how they are displayed (#404)
85 * Fix attachment download (#437)
87 ### Deploy for 2019-05-24
89 * Update to Django 2.2 (#367)
90 * Add feature to download a single email (#176)
91 * Reduce pagination size from 100 to 25. This is still more than a screen full. (#423)
92 * Make console commands for interacting with Salmon nicer (#216)
93 * Set Inbox flags to their default state when disowning (#335)
94 * Add feature to download backup tokens (#332)
95 * Remove old dependencies required for Python 2.7 and Django 1.11
97 ### Deploy for 2019-05-01
99 * Fix liberation bug due to user having a prefered domain (#418)
100 * Add migrations required by latest release of django-mptt
101 * Update versioneer config to display git tags correctly
103 ### Deploy for 2019-03-04
105 * Remove mock dependency (#414)
106 * Add new search index columns in preparation for removing django-watson (#412)
108 ### Deploy for 2019-02-24
110 * Django security release
112 ### Deploy for 2019-01-22
114 * Prevent Salmon from emailing errors to admins, spamming their inbox (#410)
116 ### Deploy for 2019-01-10
118 * Completely removed all traces of django-bitfield (#358)
119 * Make Inboxen a proper Python package (#163)
120 * Add a check for Domains and a console command to allow creating domains (#393)
121 * Fix issue with exporting broken emails (#370)
122 * Allow users to delete their inboxes (#373)
124 ### Deploy for 2018-10-29
126 * HOTFIX ``ADMINS`` should be a list, not a generator (#385)
128 ### Deploy for 2018-06-12
130 * Change code to use new boolfields - requires downtime (#325)
131 * Allow users to auto-delete emails after 30 days (#83)
132 * Implement a quota system to avoid users eating all of our disk space (#359)
133 * This system is entirely optional and not enabled by default
135 ### Deploy for 2018-05-22
137 * Add boolean fields to replace bitfields in various models (#325)
138 * Make sure cache keys generated for ratelimiting are URL-safe (#354)
140 ### Deploy for 2018-05-11
142 * Rate limit inbox creation and remove inbox requests feature (#350)
143 * Proper search (#45)
144 * Pagination for search results
145 * Slimmer indexing, which should also make for faster searching
147 ### Deploy for 2018-04-14
149 * Proper Python 3 support (#261)
150 * Upgrade to Celery 4 (#222)
151 * Do lint checks as part of normal testing
152 * Add a copy button to each inbox (#100)
153 * Rate limit user registration (#342)
154 * Change "X big units, Y small units" times to just "X big units" (#337)
155 * Fix button column width on home view (#338)
156 * Fix responsiveness of stats charts (#341)
157 * This will also mean that the stats page will have `'unsafe-inline'` on the stats page
159 ### Deploy for 2018-03-23
161 * Fix username change form to actually change the username (#327)
163 ### Deploy for 2018-03-15
165 * Tests for OTP views (#283)
166 * Buttons should give some visual feedback that they're doing something (#279)
167 * Initial JS tests (#303)
168 * Move from django-sudo to django-elevate (#282)
169 * Reduce static asset sizes
170 * Use UglifyJS to mangle our JS reducing each of our JS bundles by about 50KB
171 * Only import the parts of Bootstrap that we actually use, reducing our CSS bundle by about 40KB
172 * Add favicons for various devices (#181)
174 ### Deploy for 2018-02-18
176 * Improve keyboard accessibility on home and inbox pages (#278)
177 * Add work-around for Django-Two-Factor-Auth bug in LoginView (#292)
178 * Set X-XSS-Protection to something other than its dangerous default (#297)
179 * Set HSTS headers in Django - this makes HSTS no longer optional (#298)
180 * Test security features (#298)
181 * Used Sixer to make source code compatible with Python 3
182 * This is just a first step ot make Inboxen work on Python 3
183 * Use labels on admin lists for better readability (#263)
184 * Change text on error pages to be slightly more verbose (#302)
185 * Change referrer policy on email view to same-origin (#307)
186 * Use a more secure method to produce the random part of inboxes (#312)
187 * Cleaned up our use of datetime to make sure we're always using timezone away
188 datetime objects
189 * Removed single delete button from inbox view (#76)
190 * Those buttons are too easy to hit accidentally for an not-undoable action
191 like deleting an email
193 ### Deploy for 2018-01-18
195 * Hotfix: Fix misconfiguration of CSRF
197 ### Deploy for 2018-01-16
199 * Prevent storing NULL in char and text fields (#274)
200 * Update to the latest release of Salmon
201 * Allow HTML headings in HelpPage bodies
202 * Make sure user creation and username change forms use the same validation (#281)
203 * Handle attachment name overflow properly (#273)
204 * Update log config to include rate limit
205 * Use system fonts to avoid issues with bad substitutions of named fonts (#294)
207 ### Deploy for 2017-12-04
209 * Fix issue with header names not being stored in the correct format (#275)
211 ### Deploy for 2017-12-01
213 * Update stats task
214 * Display a running total of emails processed on stats page
215 * Remove standard deviation stat, it didn't actually mean anything for our dataset
216 * Store join date of oldest user in stats
217 * Calculate disowned inboxes
218 * Calculate `new` & `with_inboxes` via aggregate
219 * Update to the latest Salmon (#233)
220 * Properly remove Wagtail as a dependency (#254)
221 * Pin Python dependencies with `pip-tools` (#251)
222 * Increase default Inbox length (#226)
223 * Make sure we have valid HTML when displaying emails (#269)
225 ### Deploy for 2017-11-13
227 * New admin! (#254)
228 * Remove Wagtail admin
229 * User-facing part of CMS is complete
230 * Admin-facing part of CMS is a bit bare-bones
232 ### Deploy for 2017-09-24
234 * Cycle session key to help protect against session hijacking on long lived sessions (#187)
235 * Update JQuery to 3.0 (#183)
236 * Update ChartJS to a newer version (#184)
237 * Update Font Awesome to 4.7.x (#185)
238 * Update to Django 1.11 (#165)
239 * Upgrade to Wagtail 1.11
240 * Fix incorrect `select_related` use
241 * Removed `django-session-csrf`as it is no longer needed for Django 1.11
242 * Replace Javascript used to collapse navigation on smaller screens with a pure CSS solution (#241)
243 * Fix issue with HTML parsing around `<meta>`, sometimes it doesn't have the attributes we want
245 ### Deploy for 2017-08-19
247 * Fix some corner cases in `inboxen.utils.emails.find_bodies` (#243)
249 ### Deploy for 2017-08-16
251 * Wrap long lines in plain text emails (#227)
252 * Change how MIME parts and headers are fetched to be more generic (#109)
253 * Search and email view now use the same function when walking the MIME tree (#109)
255 ### Deploy for 2017-08-05
257 * Pass attachment name to template for email view (#229)
258 * Implement a styleguide
259 * Don't email admins every time there's an issue with HTML emails (#235)
260 * Remove last vestiges of django-extensions' UUID field (#230)
261 * Fix `FutureWarning` being raised by LXML (#232)
262 * Fix translations in template tags not being lazy (#239)
264 ### Deploy for 2017-06-17
266 * Display the text version of the 2FA secret code at the same time as the QR code (#190)
267 * Change error message feeder command gives when inbox does not exit
268 * Fix non-ASCII filename handling in attachment download (#206)
269 * Drop Sqlite support (#214)
270 * Remove "view" button from attachments (#202)
271 * Stop proxying non-HTTP URIs (e.g. mailto:) (#211)
272 * Tests are now run with the test settings module by default
274 ### Deploy for 2017-05-20
276 * Fix ratelimit warnings in tests (#197)
277 * Disable certain actions in the admin interface (e.g. disable deleting Domains (#193))
278 * Fix 500 error on questions form error (#204)
279 * Add missing copyright headers (#194)
281 ### Deploy for 2017-04-14
283 * Added Wagtail CMS (#162)
284 * Added periodic task to clear stale sessions (#186)
285 * Refactor liberation utils (#189)
287 ### Deploy for 2017-02-25
289 * Order disabled inboxes to the end of the inbox list (#177)
290 * Add target=\_blank back to email links. Reverts #131 (#174)
291 * Update Django-twofactor-auth usage to reflect API changes (#178)
293 ### Deploy for 2016-10-16
295 * Detect bounced emails sent to support@ (#172)
296 * Fix CSP headers for Django 1.9 admin pages (#171)
298 ### Deploy for 2016-10-02
300 * Emails to support@ will now be routed to admins correctly (#169)
301 * "Super user" mode has been implemented (#164)
302 * More errors to be caught when CSS transformations fail (#159)
303 * Fixes for CSP and IE Edge (#167)
304 * Use the latest Django-CSP (#158)
306 ### Deploy for 2016-08-30
308 * Apply hotfix-20160830
310 ### Deploy for 2016-07-10
312 * Fix bug where JS was not applied to forms after an error (#156)
313 * Fix bug in search where a variable wasn't properly initialised (#157)
314 * Add a pin inbox button to user home page (#147)
316 ### Deploy for 2016-06-13
318 * Tickets app is more mobile friendly (#127)
319 * Don't rely on Content-Type containing a charset in HTML bodies (#155)
320 * Add icons to buttons (#152)
321 * Remove hover styles from inline forms (#154)
322 * Inline add inbox form - add an inbox from anywhere! (#49)
323 * Make subject/description boxes of honeydew sections clickable areas (#149)
324 * Remove CBV cruft (#153)
325 * Improved stats/charts (#148)
326 * Replace non-freeish Glyphicons with Font Awesome (#143)
328 ### Deploy for 2016-05-08
330 * Bypass Premailer if HTML part has no body (#151)
331 * Fix next/previous page buttons
333 ### Deploy for 2016-04-24
335 * Pin inboxes #129
336 * Use `django.contrib.humanize` #139
337 * List total possible inboxes on stats page #103
338 * Add charts to stats page #141
339 * Tighen up URLConf to avoid over-matching #142
341 ### Deploy for 2016-03-29
343 * Improve admin site #135 #136
344 * Fix logging, specifically notying admins when something goes wrong #138
345 * Prompt users to create backup devices when they enable 2FA #72
346 * A minor collection of styling bug fixes
348 ### Deploy for 2016-03-21
350 * Remove separate admin settings #134
351 * Improve home view CSS on mobile #133
352 * Fix alignment issues on small screens on inbox view #132
354 ### Deploy for 2016-03-20
356 * Fix `window.opener` issue #131
357 * Edit inbox from email list view #84
358 * Enable Django's security middleware #123
359 * Switch to Bootstrap's grid system for inbox and email lists #71
360 * Switch to whitelisting HTML tags and attributes #121
361 * Django 1.9 #124
362 * Use AppConfig #117
363 * Test coverage for management commands #128
365 ### Deploy for 2015-12-24
367 * Improve the UI for tickets #119
368 * Rolling session #104
369 * Simplified queryset building in InboxView
370 * Unbundle front-end libraries #120
371 * Minifiers now respect copyright headers in JS and CSS #120 #118
372 * Turn off CSP report-only mode #116
373 * Fix logging #87
375 ### Deploy for 2015-12-13
377 * Fixed error when attachment not found #110
378 * Blog posts now have a slug, old posts use their PK as their slug #113
379 * New placeholder image for HTML emails #115
380 * Users now get a message when they log out #112
382 * Revert brand link behaviour
383 * Ensure all body parts are escaped properly
385 ### Deploy for 2015-12-06
387 * Major upgrade to Django 1.8
388 * Go back to storing liberation data on filesystem
389 * Reorganise apps to be more logical - no more "website" app
390 * Use version 3 of the Celery API
391 * View more than one body in an email under certain rules
392 * Updated front page - now the default home page even for logged in users
393 * A bunch of other changes that I've forgotten about
395 ### Deploy for 2015-09-17
397 * Use session based CSRF tokens #80
398 * Change the way attachments are displayed #91
399 * Remove "import" script, it was mostly useless
400 * Change search form to not violate our CSP settings #86
401 * Links from blog and emails now open a new tab #92
403 ### Deploy for 2015-09-06
405 * CSP is now enabled, only in reporting mode for now #81
406 * Added copyright headers to assets, webassets strips them out #79
407 * Block browers from sending Referer headers #62
408 * Remove inline JS #82
409 * Don't use the latest version of d2fa, they've dropped Django 1.6 support
410 * Blacklist buggy version of django-model-utils #78
411 * Remove footer from maintenance page, those links won't work if the site is down
413 ### Deploy for 2015-06-30
415 * Fix ordering issue from last deploy
417 ### Deploy for 2015-06-29
419 * Replace "created" with "last activity"
420 * Display Inbox link on Unified view
421 * Skip fewer unit tests due to old bugs
422 * Stop assets randomly failing during tests
423 * Clean up search task a bit - see 5c7cb64145cf2a411a89ae0caad4430f11336ad0
424 * Fix possible data leak - see f705ad373c2f99c976fd153b92d3aac305632442
426 ### Deploy for 2015-06-18
428 * Webassets and such!
430 ### Deployments before 2015-06-18
432 Sorry, we didn't keep a changelog before this date