Index: openacs-4/packages/acs-core-docs/www/xml/for-everyone/release-notes.xml =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-core-docs/www/xml/for-everyone/release-notes.xml,v diff -u -N -r1.30.2.8 -r1.30.2.9 --- openacs-4/packages/acs-core-docs/www/xml/for-everyone/release-notes.xml 17 Jun 2017 10:15:42 -0000 1.30.2.8 +++ openacs-4/packages/acs-core-docs/www/xml/for-everyone/release-notes.xml 5 Aug 2017 13:09:41 -0000 1.30.2.9 @@ -1,482 +1,1550 @@ %myvars; ]> OpenACS Release Notes - + +Version X.X.X Template + +by Don Baccus + - + +This is a final release of OpenACS X.X.X. To upgrade from a +previous version, see . + - - Release 5.9.0 - - - The release of OpenACS 5.9.0 contains the 78 packages of the oacs-5-9 branch. - These packages include the OpenACS core packages, the major - application packages (e.g. most the ones used on OpenACS.org), and - DotLRN 2.9.0. - + +Please report bugs using our + +Bug Tracker at the OpenACS website. + - - Summary of changes: - - SQL: - + +END OF TEMPLATE --> - - Improved performance of acs-object deletion. - + - - Replaced many manual referential integrity calls by - built-in handing in PostgreSQL. - + + Release 5.9.2 + + + The release of OpenACS 5.9.1 contains the 88 packages of the oacs-5-9 + branch. These packages include the OpenACS core packages, the major + application packages (e.g. most the ones used on OpenACS.org), and + DotLRN 2.9.1. + + + Summary of changes: + + - Removed various manual bookkeeping and deletion operations - in the content repository by built-in handing in PostgreSQL. + Refactoring of rich-text editor integration + + + Driving force: Debian packaging (e.g. js minified code is not + allowed) + + + Moved out code from acs-templating, provided interfaces to add + many different richtext editors as separate packages + + + New OpenACS packages: + + richtext-xinha + richtext-tinymce + + richtext-ckeditor4 (has ability to choose between CDN and local + installation via web interface) + + + + - + - Removed tree_sortkey on acs-objects to reduce its size and - to speedup operations, where the context-id is changed - (could take on large installation several minutes in - earlier versions) + Improving admin interface + + New theme manager: + + Goals: + + + Make it easier to keep track of themes with local + modifications + + + Make it easier to create local modification a new themes and to + update these + + + Show differences between default theme parameter (in DB) and + actual settings (in subsite parameters) + + + Allow to delete unused themes + + + Give site admin hints, which theme is used at which + subsite + + Ease theme switching + + + + Added a subsite::theme_changed callback to be able to handle + theme changes in custom themes (was also necessary for proper + integration with DotLRN theming) + + + Added support for these features under subsite admin + (/admin/) + + + Improved support for themed templates via + [template::themed_template] + + + + + Improved (broken) interface to define/manage groups over web + interface + + + Allow to send as well mail, when membership was rejected + + + New functions [membership_rel::get_user_id], + [membership_rel::get] and [membership_rel::get_group_id] to avoid + code duplication + + + + Added support to let user include %forgotten_password_url% + in self-registration emails (e.g. in message key + acs-subsite.email_body_Registration_password) + + + + Improved subsite/www/members + + Make it possible to manage members of arbitrary groups + Improved performance for large groups + Improved configurability: when ShowMembersListTo is set to + "3", show list to members only, when this is not the + whole subsite + + + + Improved user interface for /admin/applications for large number of + applications + + Various fixes for sitewide-admin pages (under /acs-admin) + + Update blueprint in "install from + repository" (currently just working in NaviServer) + + - - Removed several uncalled / redundant SQL statements and functions. - - - Cleanup of .xql files in acs-subsite: - - Some cleanup of .xql files: removed - misleading sql-statements from db_* calls, which were - ignored due .xql files + + SQL + + + Further cleanup of .xql files (like what as done for + acs-subsite in OpenACS 5.9.0): + + + 36 files deleted + + + Removed more than 100 obsolete named queries + + + Stripped misleading SQL statements + + - - Removed bug where same query-name was - used in different branches of an if-statement for - different sql statements, but the query-name lead to the - wrong result. + + Marked redundant / uncalled sql functions as deprecated + + Replaced usages of obsolete view + "all_object_party_privilege_map" by + "acs_object_party_privilege_map" + - Removed multiple entries of same query - name from .xql files (e.g. the entry - "package_create_attribute_list.select_type_info" was - 7 (!) times in a single .xql file) + + Removed type discrepancy introduced in 2002: + + + acs_object_types.object_type has type varchar(1000), while + + + acs_object_types.supertype has type varchar(100) + + + ... several more data types are involved, using + acs_object_types.object_type as foreign key + + + + Simplified core sql functions by using defaults: + + + Number of functions reduced by a factor of 2 compared to OpenACS + 5.9.0 (while providing compatibility for clients using old + versions), + + + Reduced code redundancy + + + Affected functions: + + Reduced content_item__new from 12 versions to 6, + + Reduce content_revision__new from 7 to 4 + + + Similar in image__new, image__new_revision, content_item__copy, + content_item__get_title, content_item__move + + + + + PostgreSQL 9.5 supports named parameter in the same syntax as in Oracle. + Further reduction of variants will be possible, once OpenACS + requires at least PostgreSQL 9.5 + + + + + Reduced usage of deprecated versions of SQL functions (mostly + content repository calls) + + + Reduced generation of dead tuples by combining multiple DML + statements to one (reduces costs of checkpoint cleanups in + PostgreSQL) + + + Permission queries: + + + Improved performance + + + Support PACKAGE.FUNCTION notation for PostgreSQL to + allow calls permission queries exactly + the same way as in Oracle (e.g. "acs_permission.permission_p()"). + This helps to reduce the number of postgres specific .xql + files. + + + + + Modernize SQL: + + + Use real Boolean types instead of character(1) + (done for new-portal, forums, faq, attachments, categories, dotlrn, + dotlrn-forums, evaluation) + - - + + Use real enumeration types rather than check constraints (done + for storage_type text/file/lob) + + + + - - - Web Interface: - - - - Improve Performance of WebSites created with OpenACS: - e.g. move core.js to a body requests, provide kernel - parameter ResourcesExpireInterval to specify expiration - times for resources. + + + CR hygienics (reduce cr bloat) + + + Provided means to avoid insert/update/delete operations in the + search queue: + OpenACS adds for every new revision often multiple + entries to the search_queue, without providing any means to prevent + this. This requires for busy sites very short intervals between + queue sweeps (otherwise too many entries pile up). Another + consequence is that this behavior keeps the PostgreSQL + auto-vacuum daemons permanently active. Many of these operations + are useless in cases where the content repository is used for + content that should not be provided via search. The changed + behavior should honors a publish-date set to the future, since it + will not add any content with future publish dates to the + search-queue. + + + Reduced number of insert cr_child_rels operations, just when + needed: + + cr_child_rels provide only little benefit (allow to use + roles in a child-rel), but the common operation is a well available + in cr_items via the parent_id. cr_child_rels do not help for + recursive queries either. One option would be to add an additional + argument for content_item__new to omit child-rel creation (default + is old behavior) and adapt the other cases. + + - - - Much better protection against XSS attacks. - - - Improved HTML validity (especially for admin pages) + + Security improvements + + + Added support against CSRF (cross site request + forgery) + + + OpenACS maintains a per-request CSRF token that ensures + that form replies are coming just from sites that received the + form + + + CSRF support is optional for packages where CSRF is less + dangerous, and such requests are wanted (e.g. search and api-browser) + + + + + Added Support for W3C "Upgrade-Insecure-Headers" (see + https://www.w3.org/TR/upgrade-insecure-requests/): + For standard + compliant upgrade for requests from HTTP to HTTPS + + + Added support for W3C "Subresource Integrity" (SRI; + see https://www.w3.org/TR/SRI/) + + + Added support for W3C "Content Security Policy" + (CSP; see https://www.w3.org/TR/CSP/) + + + Removed "javascript:*" links (all such urls are removed + from the 90 packages in oacs-5-9, excluding js libraries + (ajaxhelper) and richtext code) + + + Removed "onclick", "onfocus", + "onblur", "onchange" handlers from all + .adp and .tcl files in the 90 packages in oacs-5-9 + (excluding js libraries (ajaxhelper) and richtext code) + + + Added optional nonces to all <script> elements with + literal JavaScript content + + + + + Removed "generic downloader", + which allowed to download arbitrary content items, when item_id was + known (bug-fix) + + + Improved protection against XSS and SQL-injection (strengthen + page contracts, add validators, added page_contract_filter + "localurl", improve HTML escaping, and + URI encoding) + + + Fixed for potential traversal attack + (acs-api-documentation-procs) + + - Improved admin interface: - - + Improvements for "host-node mapped" subsites + - Placed all installation options to a single page. + Fixed links from host-node mapped subsite pages to + swa-functions (must be always on main subsite) - - Added pagination to /admin/applications (was unusable - for large sites) + Made "util_current_directory" + aware of host-node-mapped subsites - - New admin pages for subsites linked from - site-wide-admin package (/acs-admin). + Added ability to pass + "-cookie_domain" to make it possible + to use the same cookie for different domains - - Added explanatory text to several admin pages. + Fixed result of affected commands + "util_current_location", + "ad_return_url", + "ad_get_login_url" and + "ad_get_logout_url" for HTTP and + HTTPS, when UseHostnameDomainforReg is 0 or 1. - + + Improved UI for host-node maps when a large number of site + nodes exists + - - Add lightweight support for ckeditor4 for - templating::richtext widget (configurable via package - parameter "RichTextEditor" of acs-templating. ckeditor4 - supports mobile devices (such as iPad, ...) - - - - - Templating: - - - - Improved theme-ability: Moved more information into theme - packages in order to create responsive designs, reduce - hard-coding of paths, HTML etc. + + Reform of acs-rels + + + Made acs-rels configurable to give the developer the option to + specify, whether these are composable or not (default fully + backward compatible). This is required to control transitivity in + rel-segments + + + The code changes are based on a patch provided + by Michael Steigmann. For details, see: + + + http://openacs.org/forums/message-view?message_id=4031049 + + + http://openacs.org/forums/message-view?message_id=5330734 + + + + - - - Improved include-handling: All includes are now - theme-able, interfaces of includes can be defined with - "ad_include_contract" (similar to ad_page_contract). + + + Improved status code handlers for AJAX scenarios + + + Don't report data source errors with status code 200 (use + 422 instead) + + + Let "permission::require_permission" return forbidden (403) in + AJAX calls (determined via [ad_conn ajaxp]) + + - + - Improved them-ability for display_templates. One can now - provide a display_template_name (similar to the sql - statement name) to refer to display templates. This - enables reusability and is theme-able. + Improved Internationalization + + + Extended language catalogs for + + + Russian (thanks to v v) + + + Italian (thanks to Antonio Pisano) + + + Spanish (thanks to Hector Romojaro) + + + German (thanks to Markus Moser) + + + + + Added (missing) message keys + + + Improved wording of entries + + + Added message keys for member_state changes, provide API via + group::get_member_state_pretty + + - - Dimensional slider reform (ad_dimensional): - Removed hard-coded table layout from dimensional slider. Add - backwards compatible templates Move hard-coded styles into - theme styling - + - Notification chunks are now theme-able as well (using ad_include_contrat) + Improved online documentation (/doc) + + Fixed many broken links + + Removed fully obsolete sections + + Improved markup (modernize HTML) + + Updated various sections + + - Complete template variable suffixes (adding noi18n, - addressing bug #2692, full list is now: noquote, noi18n, literal) - + Misc code improvements: + + + 18 issues from the OpenACS-bug-tracker fixed + + + Made code more robust against invalid/incorrect input + (page_contracts, validators, values obtained from header fields + such as Accept-Language) + + + Fixed quoting of message keys on many places + + + Improved exception handling (often, a + "catch" swallows to much, e.g. + script_aborts), introducing + "ad_exception". + + + + Generalized handling of leading zeros: + + + Fixed cases where leading zeros could lead to unwanted octal + interpretations + + + Switch to use of " + util::trim_leading_zeros" instead of + "template::util::leadingTrim", + "dt_trim_leading_zeros" and + "template::util::leadingTrim", + marked the latter as deprecated + + + + + + URL encoding + + + "ad_urlencode_folder_path": new + function to perform an urlencode operation on the segments of the + provided folder path + + + "export_vars": encode path always + correctly, except -no_base_encode is specified + + + Fixed encoding of the URL path in + "ad_returnredirect" + + + + + + Improvements for "ad_conn": + + Added [ad_conn behind_proxy_p] to check, whether the request is + coming from behind a proxy server + + Added [ad_conn behind_secure_proxy_p] to check, whether the + request is coming from behind a secure proxy server + + Added [ad_conn ajax_p] to check, whether the request is an AJAX + requests (assumption: AJAX request sets header-field + Requested-With: XMLHttpRequest") + + Added [ad_conn vhost_url] to obtain the url of host-node-mapped + subsites + + + + + Added various missing upgrade scripts (missing since many years) + of changes that were implemented for new installs to reduce + differences between "new"-and + "old" (upgraded) installations + + + + Templating + + Get rid of various pesky "MISSING FORMWIDGET: + ...formbutton:ok" messages + + Improved support for javascript event handlers in + template::head + + New functions + "template::add_event_listener" and + "template::add_confirm_handler" + + Fix handling, when "page_size_variable_p" is set (was + broken since ages) + + + + + + Improved location and URL handling: + + + Refactored and commented + "util_current_location" to address + security issues, handle IPv6 addresses, IP literal notation, + multiple drivers, " + + + Improved "security::get_secure_location" + (align with documentation) + + + New functions: + + + "util::configured_location" + + + "util::join_location", + "util::split_location" + + + for working on HTTP locations to reduce scattered regexps handling + URL components + + Improved IPv6 support + + Use native "ns_parseurl" when + available, provide backward compatible version for AOLserver + + + + + + MIME types: + + Added more Open XML formats for MS-Office to allowed content + types + + Modernized entries to IANA recommendations + + New function "cr_check_mime_type" + centralizing the retrieval of the mime_type from uploaded + content + + + + + Finalized cleanup of permissions (started in OpenACS 5.9.0): + + Get rid of "acs_object_context_index + " (and therefore on "acs_object_party_privilege_map + " as well) on PostgreSQL. + + Reasons: + + huge table, + expensive maintenance, used only in a few places, + + + + + + Misc new functions: + + "lang::util::message_key_regexp": + factor out scattered regexp for detecting message keys + + "ns_md5" and + "ns_parseurl": improve compatibility between + AOLserver and NaviServer + "ad_dom_sanitize_html": allow to + specify different sets of tags, attributes and protocols and + "ad_dom_fix_html", which is a light weight tidy + variant. + + + + + Improved HTML rendering (acs-api-browser), provide width and + height to speed up rendering + + + Improved ADP files (e.g. missing doc(title)) + + + Added usage of + "ad_include_contract" on more + occasions + + + + Modernize Tcl and HTML coding + + + Reduced dependency on external programs (use Tcl functions + instead) + + + Improved robustness of "file + delete" operations all over the code + + + Improved documentation, fix demo pages + + Aligned usages of log notification levels (distinction between + "error", + "warning" and + "notice") with coding-standards + + + Cleaned up deprecated calls: + + + Removed usage of deprecated API functions (e.g. + "cc_lookup_email_user", + "cc_email_from_party", + "util_unlist", ...) + + Moved more deprecated procs to acs-outdated + + Marked remaining (and unused) + "cc_*" functions as well as + deprecated. + + + + + + Improved Oracle and windows support + + + Fixed common spelling errors and standardize spelling of product + names all over the code (comments, documentation, ...) + + + Many more small bug fixes + + + + + Packages: + - Added timeout and configurable secrets for signed url - parameters to export_vars/page_contracts. - This can be used to secure sensitive operations - such as granting permissions since a link can be set to - timeout after e.g. 60 seconds; after that, the link is - invalid. A secret (password) can be set in section - ns/server/$server/acs parameter "parametersecret". - - For example, one can use now "user_id:sign(max_age=60)" in - export_vars to let the exported variable expire after 60 seconds. + New Package Parameters + + + acs-kernel: + + + MaxUrlLength: remove hard-coded constant in request processor + for max accepted url paths + + + SecureSessionCookie: Let site admin determine, whether or not to + use secured session cookies (useful, when not all requests are over + HTTPS) + + + CSPEnabledP: activate/deactivate CSP + + + + + + acs-kernel (recommended to be set via config file in section + "ns/server/${server}/>acs" + + + NsShutdownWithNonZeroExitCode: tell NaviServer to return with a + non-zero return code to cause restart (important under windows) + + + LogIncludeUserId: include user_id in access log + + + + + + acs-api-browser: + + + ValidateCSRFP: make checking of CSRF optional (default 1) + + + + + + acs-content-repository: + + + AllowMimeTypeCreationP: Decides whether we allow unknown mime + types to be automatically registered (default: 0} + + + + + + news-portlet: + + + display_item_lead_p: Should we display news leads in the + portlet? (default 0) + + + + + + search: + + + ValidateCSRFP: make checking of CSRF optional (default 1) + + + + + + xotcl-request-monitor: + + do_track_activity: turn activity + monitoring on or off (default 0) + + + + - - - - Misc: - Added ability to show ns_log statements of current request - to developer support output when developer support is - activated (controlled via package parameter "TclTraceLogServerities" - in the acs-tcl package parameters) + New OpenACS packages: + + + richtext-xinha + + + richtext-tinymce + + + richtext-ckeditor4 (has ability to choose between CDN and local + installation via GUI) + + + openacs-bootstrap3-theme (as used on openacs.org) + + + dotlrn-bootstrap3-theme + + - + + + - Added ability to save data sent by - ns_return in files on the file system. This can be used to - validate HTML content also for password protected pages - (controlled via package parameter "TclTraceSaveNsReturn" in - the acs-tcl package parameters) + xotcl-core: + + + Improved XOTcl 2.0 and NX support (e.g. api-browser) + + + Added "-debug", + "-deprecated" to ad_* defined + methods (such as e.g. + "ad_instproc") + + + Make use of explicit "create" + statements when creating XOTcl/NX objects (makes it easier to grab + intentions and to detect typos) + + + Added parameter to + "get_instance_from_db" to specify, + whether the loaded objects should be initialized + + + Added support for PostgreSQL prepared statements of SQL + interface in ::xo::dc (nsdb driver) + + - New api function "ad_log" having the same interface as - ns_log, but which logs the calling information (like URL - and call-stack) to ease tracking of errors. - - - Use per-thread caching to reduce number of - mutex lock operations and lock contention on various caches - (util-memoize, xo_site_nodes, xotcl_object_types) and nsvs - (e.g ds_properties) - - - Improved templating of OpenACS core documentation + xowiki: + + + Named all web-callable methods www-NAME (to make it clear, what + is called, what has to be checked especially carefully) + + + Moved templates from www into xowiki/resources to avoid naming + conflicts + + + Improved ckeditor support + + + Added usage of prepared statements for common queries + + + Improved error handling + + + Better value checking for query parameter, error reporting via + ad_return_complaint + + + Added option "-path_encode" to methods + "pretty_link" and "folder_path" to allow to + control, whether the result should be encoded or not (default + true) + + + Form fields: + + + Improved repeatable form fields (esp. composite cases), + don't require preallocation (can be costly in composite + cases) + + + Added signing of form-fields + + + Added HTML5 attributes such as + "multiple" (for + "file") or + "autocomplete" + + + Fixed generation of "orderby" + attribute based on form-field names + + + richtext: allow to specify + "extraAllowedContent" via + options + + + Improved layout of horizontal check boxes + + + + + + Menu bar: + + + Added dropzone (requires bootstrap): drag and drop file upload + + + Added mode toggle (requires bootstrap) + + + Extended default policies for handling e.g. dropzone + (file-upload method) + + + Distinguish between "startpage" + (menu.Package.Startpage) and "table of contents" + (menu.Package.Toc) + + + + + + Notifications: + + + Added support for better tailorable notifications: introduced + method "notification_render" + (similar to "search_render") + + + Added support for tailorable subject lines (method + "notification_subject") + + + + + Improved bootstrap support, use + "bootstrap" as + PreferredCSSToolkit + + + Switched to ckeditor4 as PreferredRichtextEditor + + + Improved handling of script-abort from within the payload of + ::xowiki::Object payloads + + + Added parameter to + "get_all_children" to specify, + whether the child objects should be initialized + + - + - Improved Russian Internationalization + xowf: + + + Added property "payload" to + "WorkflowConstruct" in order to simplify customized + workflow "allocate" actions + + + Internationalized more menu buttons + + - - Make pretty-names of acs-core packages more consistent - - - Mark unused functions of acs-tcl/tcl/table-display-procs.tcl as deprecated + xotcl-request-monitor + + + Added class "BanUser" (use. e.g. ip + address to disallow requests from a user via request monitor) + + + Added support for optional user tracking in database + + + Added support for monitoring response-time for certain urls via + munin + + + Increased usage of XOTcl 2.0 variable resolver (potentially + speed improvement 4x) + + + Performed some refactoring of response-time handling to allow + site-admin to make e.g. use of NaviServer's dynamic connection + pool management (not included in CVS) + + + Added support for partial times in long-calls.tcl to ease + interpretation of unexpected slow calls + + + last100.tcl: Don't report hrefs to URLs, except to SWAs + + - + - Many more bug fixes (from bug tracker and extra) and - performance improvements. + chat: + + + Introduced new options to set chat rooms so login and/or logout + message are not issued every time a user enters/exits a chat-room + (important for chats with huge number of participants) + + + Parameterized viewing of chat-logs + + + Fixed cases of over-/under-quoting + + + Fixed JavaScript for IE, where innerHTML can cause + problems + + - - - Version numbers: - + + file-storage: + - Require PG 9.0 (End Of Life of PostgreSQL 8.4 was July 2014) + Don't show action keys, when user has no + permissions - - Require XOTcl 2.0 (presented at the Tcl conference in 2011). + Added support for copying of same-named files into a folder + (adding suffix) - + + Fixed old bugs in connection with + "views" package + - - - - - Changes in application packages: - - - Various bug - fixes and improvements for e.g. file-storage, forums, news, - notifications, xowiki. + - + - - Altogether, OpenACS 5.9.0 differs from OpenACS 5.8.1 by the - following statistics - - 3658 files changed, 120800 insertions(+), 97617 deletions(-) - - contributed by 4 committers (Michael Aram, Victor Guerra, Gustaf Neumann, Antonio Pisano) and - patch/bugfix providers (Frank Bergmann, Andrew Helsley, Felix - Mödritscher, Marcos Moser, Franz Penz, Thomas Renner). -These are significantly more changes as the differences -in the last releases. All packages of the release were tested with -PostgreSQL 9.4.* and Tcl 8.5.*. - For more - details, consult the - - raw ChangeLog. + + + Altogether, OpenACS 5.9.1 differs from OpenACS 5.9.1 by the + following statistics + + 3548 files changed, 113292 insertions(+), 90507 deletions(-) + + contributed by 5 committers (Michael Aram, Gustaf Neumann, Antonio + Pisano, Hector Romojaro, Thomas Renner) and 8 patch/bugfix providers + (Frank Bergmann, Günter Ernst, Brian Fenton, Felix Mödritscher, Marcus + Moser, Franz Penz, Stefan Sobernig, Michael Steigman). All packages of + the release were tested with PostgreSQL 9.6.* and Tcl 8.5.*. + + For more details, consult the + raw ChangeLog. + + + + Release 5.9.0 + + + The release of OpenACS 5.9.0 contains the 78 packages of the oacs-5-9 branch. + These packages include the OpenACS core packages, the major + application packages (e.g. most the ones used on OpenACS.org), and + DotLRN 2.9.0. + + + Summary of changes: + + SQL: + - - Release 5.8.1 - - - The release contains the 78 packages of the oacs-5-8 branch. - These packages contain the OpenACS core packages, major - application packages (e.g. most the ones used on OpenACS.org), and - DotLRN. - + + Improved performance of acs-object deletion. + - - All packages have the following properties: - - SQL: - + + Replaced many manual referential integrity calls by + built-in handing in PostgreSQL. + - - All packages are PostgreSQL 9.1+ compatible - (tested with PostgreSQL 9.3) - + + Removed various manual bookkeeping and deletion operations + in the content repository by built-in handing in PostgreSQL. + - - All SQL files with stored procedures use the - recommended $$ quoting - + + Removed tree_sortkey on acs-objects to reduce its size and + to speedup operations, where the context-id is changed + (could take on large installation several minutes in + earlier versions) + - - All SQL-functions have regular function arguments - instead of the old-style aliases - + + Removed several uncalled / redundant SQL statements and functions. + - - The function_args() (query-able meta-data) are - completed and fixed - + Cleanup of .xql files in acs-subsite: + + Some cleanup of .xql files: removed + misleading sql-statements from db_* calls, which were + ignored due .xql files + + + Removed bug where same query-name was + used in different branches of an if-statement for + different sql statements, but the query-name lead to the + wrong result. + - - Incompatible functions (e.g. for sequences) are - replaced. + Removed multiple entries of same query + name from .xql files (e.g. the entry + "package_create_attribute_list.select_type_info" was + 7 (!) times in a single .xql file) + + + + + + - - - Tcl: - + Web Interface: + - - All packages were brought up Tcl 8.5, including - the actual Tcl idioms where appropriate (e.g. - using the safer expand operator, range indices, - dict, lassign, etc.) + + Improve Performance of WebSites created with OpenACS: + e.g. move core.js to a body requests, provide kernel + parameter ResourcesExpireInterval to specify expiration + times for resources. + + + + Much better protection against XSS attacks. + + + + Improved HTML validity (especially for admin pages) + + + + Improved admin interface: + + + + Placed all installation options to a single page. + + + + Added pagination to /admin/applications (was unusable + for large sites) + + + + New admin pages for subsites linked from + site-wide-admin package (/acs-admin). + + + + Added explanatory text to several admin pages. + + + + + + Add lightweight support for ckeditor4 for + templating::richtext widget (configurable via package + parameter "RichTextEditor" of acs-templating. ckeditor4 + supports mobile devices (such as iPad, ...) + + - - The code was updated to prefer byte-compiled functions - instead of legacy functions from ancient Tcl versions. + Templating: + + + + Improved theme-ability: Moved more information into theme + packages in order to create responsive designs, reduce + hard-coding of paths, HTML etc. + + + + Improved include-handling: All includes are now + theme-able, interfaces of includes can be defined with + "ad_include_contract" (similar to ad_page_contract). + + + + Improved them-ability for display_templates. One can now + provide a display_template_name (similar to the sql + statement name) to refer to display templates. This + enables reusability and is theme-able. + + + Dimensional slider reform (ad_dimensional): + Removed hard-coded table layout from dimensional slider. Add + backwards compatible templates Move hard-coded styles into + theme styling + + + Notification chunks are now theme-able as well (using ad_include_contrat) + + + + Complete template variable suffixes (adding noi18n, + addressing bug #2692, full list is now: noquote, noi18n, literal) + + + + Added timeout and configurable secrets for signed url + parameters to export_vars/page_contracts. + This can be used to secure sensitive operations + such as granting permissions since a link can be set to + timeout after e.g. 60 seconds; after that, the link is + invalid. A secret (password) can be set in section + ns/server/$server/acs parameter "parametersecret". + + For example, one can use now "user_id:sign(max_age=60)" in + export_vars to let the exported variable expire after 60 seconds. + + + - - The code works with NaviServer and AOLserver. + + Misc: + + + Added ability to show ns_log statements of current request + to developer support output when developer support is + activated (controlled via package parameter "TclTraceLogServerities" + in the acs-tcl package parameters) + + + + Added ability to save data sent by + ns_return in files on the file system. This can be used to + validate HTML content also for password protected pages + (controlled via package parameter "TclTraceSaveNsReturn" in + the acs-tcl package parameters) + + + + New api function "ad_log" having the same interface as + ns_log, but which logs the calling information (like URL + and call-stack) to ease tracking of errors. + + + Use per-thread caching to reduce number of + mutex lock operations and lock contention on various caches + (util-memoize, xo_site_nodes, xotcl_object_types) and nsvs + (e.g ds_properties) + + + Improved templating of OpenACS core documentation + + + + Improved Russian Internationalization + + + + Make pretty-names of acs-core packages more consistent + + + + Mark unused functions of acs-tcl/tcl/table-display-procs.tcl as deprecated + + + + Many more bug fixes (from bug tracker and extra) and + performance improvements. + + + + + Version numbers: + + + Require PostgreSQL 9.0 (End Of Life of PostgreSQL 8.4 was July 2014) + + + + Require XOTcl 2.0 (presented at the Tcl conference in 2011). + + + + + + + Changes in application packages: + + + Various bug + fixes and improvements for e.g. file-storage, forums, news, + notifications, xowiki. + + + - + + + + Altogether, OpenACS 5.9.0 differs from OpenACS 5.8.1 by the + following statistics + + 3658 files changed, 120800 insertions(+), 97617 deletions(-) + + contributed by 4 committers (Michael Aram, Victor Guerra, Gustaf Neumann, Antonio Pisano) and + patch/bugfix providers (Frank Bergmann, Andrew Helsley, Felix + Mödritscher, Marcos Moser, Franz Penz, Thomas Renner). + These are significantly more changes as the differences + in the last releases. All packages of the release were tested with + PostgreSQL 9.4.* and Tcl 8.5.*. + + + For more details, consult the + raw ChangeLog. + + - API: + + + + Release 5.8.1 + + + The release contains the 78 packages of the oacs-5-8 branch. + These packages contain the OpenACS core packages, major + application packages (e.g. most the ones used on OpenACS.org), and + DotLRN. + + + + All packages have the following properties: + SQL: + - - All packages are free from calls to deprecated code - (157 functions are marked as deprecated and will be - moved into an "outdated" package in the 5.9 or 6.0 - release) - + + All packages are PostgreSQL 9.1+ compatible + (tested with PostgreSQL 9.3) + - - General overhaul of package management - + + All SQL files with stored procedures use the + recommended $$ quoting + - - Install-from-local and install-from-repository can be used - to install the provided packages based on a acs-core - installation. This means that also DotLRN can be - installed from repository or from - local into an existing OpenACS instance. - + + All SQL-functions have regular function arguments + instead of the old-style aliases + - - Install-from-repository offers filtering functions, allows - to install optionally from head-channel (for packages - not in the base channel of the installed instance). - Install-from-repository works more like an app-store, - showing as well vendor information - + + The function_args() (query-able meta-data) are + completed and fixed + - - Packages can be equipped with xml-based configuration files - (e.g. changing parameters for style packages) + + Incompatible functions (e.g. for sequences) are + replaced. + + - - Package developers can upload .apm packages via workflow - for review by core members and for inclusion to the - repository. The option is integrated with package - management, the link is offered for local packages. - We hope to attract additional vendors (universities, - companies) to make their packages available on this - path. - + Tcl: + - - New management-functions for package instances - (list, create, delete package instances) + + All packages were brought up Tcl 8.5, including + the actual Tcl idioms where appropriate (e.g. + using the safer expand operator, range indices, + dict, lassign, etc.) + + + + The code was updated to prefer byte-compiled functions + instead of legacy functions from ancient Tcl versions. + + + + The code works with NaviServer and AOLserver. + + - - - Substantially improved API browser: - - - Show just relevant parts of .xql files for a function - - - Provide syntax-highlighting for www scripts as well - + API: + - - Handle more special cases like e.g. util_memoize - + + All packages are free from calls to deprecated code + (157 functions are marked as deprecated and will be + moved into an "outdated" package in the 5.9 or 6.0 + release) + - - Provide links to Tcl functions depending on the installed - Tcl version - + + General overhaul of package management + - - Provide links to NaviServer or OpenACS functions depending - on installed version - + + Install-from-local and install-from-repository can be used + to install the provided packages based on a acs-core + installation. This means that also DotLRN can be + installed from repository or from + local into an existing OpenACS instance. + - - Syntax highlighter uses CSS rather than hard-coded markup - + + Install-from-repository offers filtering functions, allows + to install optionally from head-channel (for packages + not in the base channel of the installed instance). + Install-from-repository works more like an app-store, + showing as well vendor information + - - Significant performance improvement for large - installations - - - + + Packages can be equipped with xml-based configuration files + (e.g. changing parameters for style packages) + + + + Package developers can upload .apm packages via workflow + for review by core members and for inclusion to the + repository. The option is integrated with package + management, the link is offered for local packages. + We hope to attract additional vendors (universities, + companies) to make their packages available on this + path. + + + + New management-functions for package instances + (list, create, delete package instances) + + + + Substantially improved API browser: + + + Show just relevant parts of .xql files for a function + + + + Provide syntax-highlighting for www scripts as well + + + + Handle more special cases like e.g. util_memoize + + + + Provide links to Tcl functions depending on the installed + Tcl version + + + + Provide links to NaviServer or OpenACS functions depending + on installed version + + + + Syntax highlighter uses CSS rather than hard-coded markup + + + + Significant performance improvement for large + installations + + + + + - - - - - Altogether, OpenACS 5.8.1 differs from OpenACS 5.8.0 in - about 100,000 modifications (6145 commits) contributed by 5 - committers. - - + + + Altogether, OpenACS 5.8.1 differs from OpenACS 5.8.0 in + about 100,000 modifications (6145 commits) contributed by 5 + committers. + + Release 5.8.0 - Compatibility with PostgreSQL 9.2: - The new version installs without any need for special parameter - settings in new PostgreSQL versions. This makes it easier to use - e.g. shared or packaged PostgreSQL installations. + Compatibility with PostgreSQL 9.2: + The new version installs without any need for special parameter + settings in new PostgreSQL versions. This makes it easier to use + e.g. shared or packaged PostgreSQL installations. Compatibility with NaviServer 4.99.5 or newer Performance and scalability improvements @@ -488,7 +1556,7 @@ - + Release 5.7.0 @@ -501,7 +1569,7 @@ - + @@ -544,18 +1612,18 @@ Support for 3-chars language codes in acs-lang - Added OOXML mime types in acs-content-repository + Added OOXML mime types in acs-content-repository - + Release 5.5.0 PostgreSQL 8.3 is now fully supported, including the use of the built-in - standard version of tsearch2. + standard version of tsearch2. TinyMCE has been upgraded to 3.2.4.1 with language pack support. @@ -569,9 +1637,9 @@ combines the semantics of both. - Added new package attribute "implements-subsite-p" (default "f"). If true, - this package may be mounted as a subsite and is expected to implement subsite - semantics. Typically used by packages which extend acs-subsite. + Added new package attribute "implements-subsite-p" (default "f"). If true, + this package may be mounted as a subsite and is expected to implement subsite + semantics. Typically used by packages which extend acs-subsite. Added new package attribute "inherit-templates-p" (default "t"). If true, @@ -603,7 +1671,7 @@ - + Release 5.4.2 @@ -616,43 +1684,43 @@ More html strict work etc - + Release 5.4.1 This is a minor bugfix release. - + - + Release 5.4.0 New Templating API added to add scripts, css, etc to the HTML HEAD and BODY - sections of the generated HTML document. Please see - /packages/acs-templating/tcl/head-procs.tcl or visit the template::head procs - in the API browser for details. - + sections of the generated HTML document. Please see + /packages/acs-templating/tcl/head-procs.tcl or visit the template::head procs + in the API browser for details. + Templates have been modified to comply with HTML strict The Search package's results page has been improved TinyMCE WYSIWYG support has been added, RTE and HTMLArea support dropped acs-mail-lite's send has been cleaned up to properly encode content, to handle - file attachments, etc. "complex-send" will disappear from acs-core in a future - release. + file attachments, etc. "complex-send" will disappear from acs-core in a future + release. - + -The ChangeLogs include an annotated list of changes () since the last release and in the -entire &majorversion;.&minorversion; release sequence . + The ChangeLogs include an annotated list of changes () since the last release and in the + entire &majorversion;.&minorversion; release sequence . Release 5.3.1 @@ -662,15 +1730,15 @@ New TIPs implemented. All Core Automated Tests for Postgres pass. New Site and Blank master templates and CSS compatible with the .LRN Zen - work. Compatibility master templates are provided for existing sites. + work. Compatibility master templates are provided for existing sites. - + -The ChangeLogs include an annotated list of changes () since the last release and in the -entire &majorversion;.&minorversion; release sequence . + The ChangeLogs include an annotated list of changes () since the last release and in the + entire &majorversion;.&minorversion; release sequence . Release 5.3.0 @@ -681,7 +1749,7 @@ All Core Automated Tests for Postgres pass. - + Release 5.2.0 @@ -692,7 +1760,7 @@ This release does not include new translations. - + Release 5.1.4 @@ -704,7 +1772,7 @@ This release does not include new translations. - + Release 5.1.3 @@ -714,7 +1782,7 @@ - + Release 5.1.2 @@ -726,10 +1794,10 @@ For a complete change list, see the Change list since - 5.1.0 in . + 5.1.0 in . - + Release 5.1.1 @@ -743,133 +1811,133 @@ Bug - 1519 fixed. This involved renaming all catalog - files for ch_ZH, TH_TH, AR_EG, AR_LB, ms_my, RO_RO, FA_IR, - and HR_HR. If you work with any of those locales, you - should do a full catalog export and then import (via - /acs-lang/admin) after - upgrading acs-lang. (And, of course, make a backup of both - the files and database before upgrading.) + http://openacs.org/bugtracker/openacs/com/acs-lang/bug?bug%5fnumber=1519">Bug + 1519 fixed. This involved renaming all catalog + files for ch_ZH, TH_TH, AR_EG, AR_LB, ms_my, RO_RO, FA_IR, + and HR_HR. If you work with any of those locales, you + should do a full catalog export and then import (via + /acs-lang/admin) after + upgrading acs-lang. (And, of course, make a backup of both + the files and database before upgrading.) Other bug fixes since 5.1.0: 1785, - 1793, - and over a dozen additional bug fixes. + url="http://openacs.org/bugtracker/openacs/bug?bug_number=1785">1785, + 1793, + and over a dozen additional bug fixes. For a complete change list, see the Change list since - 5.0.0 in . + 5.0.0 in . - + - - Release 5.1.0 - - - + + Release 5.1.0 + + + Lots of little tweaks and fixes - Complete Change list since 5.0.0 in Changelog + Complete Change list since 5.0.0 in Changelog Many Bug fixes - - + url="http://openacs.org/bugtracker/openacs/core?filter%2efix%5ffor%5fversion=125273&filter%2estatus=closed">Many Bug fixes + + Release 5.0.4 - - + + New translations, including for .LRN 2.0.2. - + - + Release 5.0.3 - - + + Bug fixes: 1560, #1556. Site becomes unresponsive, requires restart - + - + Release 5.0.2 - - + + Bug fixes: #1495. Croatian enabled by default, #1496. APM automated install fails if files have spaces in their names, #1494. automated upgrade crashes (halting the upgrade process) - - - Complete Change list since 5.0.0 in Changelog - - + + + Complete Change list since 5.0.0 in Changelog + + File tagging scheme in CVS changed to follow TIP #46: (Approved) Rules for Version Numbering and CVS tagging of Packages - + - + Release 5.0.1 - - - All work on the translation server from 7 Nov 2003 to 7 Feb 2004 is now included in catalogs. - - - One new function in acs-tcl, util::age_pretty - - - Complete Change list since 5.0.0 in Changelog - - - Many documentation updates and doc bug fixes - + + + All work on the translation server from 7 Nov 2003 to 7 Feb 2004 is now included in catalogs. + + + One new function in acs-tcl, util::age_pretty + + + Complete Change list since 5.0.0 in Changelog + + + Many documentation updates and doc bug fixes + - + Release 5.0.0 - This is OpenACS 5.0.0. This version contains no known security, data loss, or crashing bugs, nor any bugs judged release blockers. This version has received manual testing. It has passed current automated testing, which is not comprehensive. This release contains work done on the translation server http://translate.openacs.org through 7 Nov 2003. - + This is OpenACS 5.0.0. This version contains no known security, data loss, or crashing bugs, nor any bugs judged release blockers. This version has received manual testing. It has passed current automated testing, which is not comprehensive. This release contains work done on the translation server http://translate.openacs.org through 7 Nov 2003. + - Please report bugs using our - - Bug Tracker at the OpenACS website. - + Please report bugs using our + + Bug Tracker at the OpenACS website. + - - You may want to begin by reading our installation documentation for - . Note that the Windows documentation is - not current for OpenACS &version;, but an alternative is to use John - Sequeira's Oasis VM - project. - + + You may want to begin by reading our installation documentation for + . Note that the Windows documentation is + not current for OpenACS &version;, but an alternative is to use John + Sequeira's Oasis VM + project. + - - After installation, the full documentation set can be found by visiting - http://yourserver/doc. - + + After installation, the full documentation set can be found by visiting + http://yourserver/doc. + - - New features in this release: - + + New features in this release: + - + Internationalization support. @@ -941,7 +2009,7 @@ Security enhancements. - + HTML quoting now happens in the templating system, greatly minimizing the chance that users can sneak malicious HTML into the pages of other users. @@ -966,14 +2034,14 @@ - + - - Potential incompatibilities: - + + Potential incompatibilities: + - + With the release of OpenACS 5, PostgreSQL 7.2 is no longer supported. @@ -984,27 +2052,27 @@ - The undocumented special handling of ~ and +variable+ in - formtemplates, found in packages/acs-templating/resources/*, - has been removed in favor of using <noparse> and - \@variable\@ (the standard templating mechanisms). Locally - provided formtemplate styles still using these mechanisms - will break. + The undocumented special handling of ~ and +variable+ in + formtemplates, found in packages/acs-templating/resources/*, + has been removed in favor of using <noparse> and + \@variable\@ (the standard templating mechanisms). Locally + provided formtemplate styles still using these mechanisms + will break. - Serving backup files and files from the CVS directories is turned off by default via the acs-kernel parameter - ExcludedFiles in section request-processor (The variable provides a string match glob list of files and is defaulted to "*/CVS/* *~") + Serving backup files and files from the CVS directories is turned off by default via the acs-kernel parameter + ExcludedFiles in section request-processor (The variable provides a string match glob list of files and is defaulted to "*/CVS/* *~") - + - ($Id$) + ($Id$) @@ -1029,27 +2097,27 @@ Release Notes for 4.5 - + - + - - + +