[0ce187]: / CHANGES  Maximize  Restore  History

Download this file

1233 lines (1060 with data), 55.2 kB

Version 1.12.0  (October 2019)

Upgrade Instructions

  Run: `pip install -r requirements.txt` to install updated dependencies

  If you wish to opt-in existing users to username notification emails, run:
  `paste script your-ini-file.ini allura/scripts/set_default_user_notifications.py`

Username mentions and profile page changes:
 * [#8284] Implement the notification email sender
 * [#8285] Add a preference area for user mentions notifications
 * [#8323] Trigger notification task per each artifact creation/modification and add tests
 * [#8324] documentation for user mentions feature
 * [#8330] Nicer user-project urls (for underscores) and titles

 * [#8335] Generic search doesn't do permission checks

 * [#8332] Fix slowness on some large files in code repos
 * [#8334] Python-ombed has no timeout by default
 * [#8313] Make saved search cache expiry configurable, disable-able

 * [#8318] Admin option to generate password reset link
 * [#8331] Remove export controls settings

For Developers
 * [#8314] @memoize on methods should still allow garbage collection
 * [#8321] Unhandled error in Antispam class
 * [#8320] Upgrade various packages
 * [#8325] Upgrade more packages
 * Update docs to match git/httpd config from [12f1d6]
 * Publicize XSS vulnerability in 1.11.1 changes

Version 1.11.1  (July 2019)

Upgrade Instructions

  Run: `pip install -r requirements.txt` to install updated dependencies
  If using docker, run: `docker-compose up -d --no-deps --build http`

New Features
 * [#8283] Add infotip for user mentions

Bug Fixes:
 * [#8315] XSS vulnerability when adding another user to a project
 * [#8312] Flash message regression due to TG upgrade
 * [#8317] Docker image for git/http not working for pushes
 * [#8316] Award/accolades error if project is removed
 * [#8299] More precise markdown @username regex

For Developers
 * Improve .ini notes about static caching in production
 * [#8300] Update to py3-compatible Pypeline pkg
 * [#8311] Split up and organize requirements.txt
 * Publicize security fix in 1.11.0 changes

Version 1.11.0  (June 2019)

New Features
 * [#5461] Option to subscribe to forums and other types of threads, when posting
 * [#8253] Adding reaction support for comments
 * [#8263] Indicate current reaction of comment
 * [#8274] Add optional HaveIBeenPwned checks for password changes
 * [#8281] Enable user mentions in markdown editor
 * [#8282] Implement autocomplete list to selected users for mentioning

Upgrade Instructions

  Run: `pip install -r requirements.txt` to install updated dependencies
  Run: `python setup.py develop` in the `Allura` subdirectory
  Recommended: `pip uninstall -y WebFlash WebError Pylons Tempita simplejson Routes` to remove old dependencies
  Recommended, after upgrade is complete: in mongo, run `db.repo_commitrun.drop()` to free up storage space
  To enable haveibeenpwned.com password checks:
    Add to your .ini file the `auth.hibp_password_check` and following settings from `development.ini` and set to true.
    Run: `paste script your-ini-file.ini allura/scripts/backfill_previous_login_details.py`

 * [#8303] CVE-2019-10085 Apache Allura XSS vulnerability in ticket user dropdown selector

Code Repositories
 * [#6440] incorrect diff encoding (original in ru_RU.UTF-8)
 * [#8264] AssertionError from git branch lock file
 * Clear localStorage of merge request descriptions after successful create or edit

Discussion Forums
 * [#8237] Moving discussion thread breaks attachments

 * [#8261] Embed youtube videos without cookies
 * [#8269] External link redirects should be 302 instead of 301
 * [#8270] External link tool: rel=nofollow, omit from sitemap
 * Track menu mount_point explicitly, fixes [#8270] regression of unconfigurable external links
 * [#8289] Parse error in allura.tasks.mail_tasks.route_email
 * Fix project-wide search with unicode terms
 * Use correct vars in flash error message, when trying to send too many messages
 * For fields like username/email/password fields, set some autocomplete/capitalize hints

 * [#8302] Screenshot caption inputs not clickable in chrome
 * [#8256] Drag-to-reorder on touch screens
 * [#8280] Faster spam controls in discussions

 * [#8271] Remove CommitRun usage
 * [#8272] Really big artifact_feed queries
 * [#8298] Use jinja caching settings for EW core widgets
 * Lazy load /tree controller (self._commit.tree can run compute_tree_new and svn info2 for example), and run .ls() only once

For Developers
 * [#8081] Subscriptions page should have the issues' Title column - migration script bugfixes
 * [#8093] Developing Mobile Web View
 * [#8222] TestForumMessageHandling fails occasionally
 * [#8259] Update docker & docs for newer Ubuntu LTS
 * [#8265] Update spam filter plugins
 * [#8268] Make TroveCategory shortname unique per trove type
 * [#8273] Upgrade TurboGears and WebOb partially
 * [#8276] Turbogears 2.3.2 upgrade followup fixes
 * [#8277] UnicodeDecodeErrors with weird url params
 * [#8278] Track previous login details
 * [#8279] Additional login security checks
 * [#8286] Upgrade TG/etc more, remove pylons etc
 * [#8287] Backfill all previous_login_details - NEEDS SCRIPT
 * [#8288] Remove genshi templates, update EasyWidgets to py3-compatible
 * [#8290] Move previous_login_details to a separate collection
 * [#8291] Upgrade timermiddlware
 * [#8295] error with latest EasyWidgets and debug=false
 * [#8296] Regression on branches with "/" in name
 * [#8301] Fix some issues with encoding in urls
 * Release script: sort tags better (like 1.10 after 1.9)
 * Avoid git directory clashes in tests
 * Remove vagrant config
 * Fix linter test when certain number of files are being linted, and files list is empty
 * Upgrade colander and its dependencies
 * Remove unused menus() function
 * Update Node.js 4.x to 10.x
 * Update our git repo URL

Version 1.10.0  (October 2018)

New Features

 * [#8230] Make markdown checklists interactive
 * [#6923] Support emoji shortcodes
 * [#6299] Support attachments on blog posts and new forum topics

Upgrade Instructions

  Run: `pip install -r requirements.txt` to install updated dependencies

  Run: `paster script your-ini-file.ini ../scripts/migrations/034-update_subscriptions_ticket_and_mr_titles.py` in Allura dir

  If you have your own .ini file (recommended), add `disable_entry_points.allura.theme.override = responsive` to it

 * [#8255] Escape html on wiki & blog diff views

Uploads & attachments
 * [#2578] Handle BMP images
 * [#6560] if same filename used, screenshot thumbnail not update
 * [#8043] Animated gif attachment silently converted to static gif
 * [#8238] Delete screenshot doesn't show any confirmation
 * [#8239] Screenshots lightbox
 * Add validation for screenshot file input

 * [#7459] Show password requirements on forms
 * [#8244] Warn user if attempting to send messages when messaging is disabled
 * [#8081] Subscriptions page should have the issues' Title column
 * [#8233] Add "title" to envelope icon

Discussion Forums
 * [#8232] DuplicateKeyError can happen on forum thread ids
 * Make forums admin inline editing layout better

 * [#8225] Component delete everything end up with 404
 * [#8242] When deleting module and user at permissions page still gives 404
 * [#8247] Project Categorization select and button are attached together
 * [#8248] Module rename dialog accepts empty inputs
 * Enforce a format for GA tracking id
 * Fix _id var name (affects user searches where *anonymous/None is in results)

Code Repositories
 * [#8231] Forking a repo doesn't keep the default branch

 * [#8246] Set Home dialog validation fix

 * [#8249] Blog revert gives 405 Method Not Allowed

For Developers
 * [#8093] Developing Mobile Web View
 * [#8240] Personal Dashboard - Add dashboard docs
 * [#8241] SMTP maximum allowed line length
 * [#8243] Template extension point to wrap all content
 * [#8245] Rename "row" and "column" classes
 * Restore srcset support for img tags in HTML
 * Upgrade paster packages to latest versions
 * Allow more admin page customization via some div classes, and jinja block
 * Santize more in paging_sanitizer() to avoid errors on invalid URL params
 * Error handling around invalid pagination limits

Version 1.9.0  (September 2018)

New Features

 * Personal Dashboard, showing your own tickets, merge requests, projects, etc
 * [#8196] Save content before form submission
 * [#8085] Add support for checkboxes to the markdown converter

Upgrade Instructions

  Run `pip install -r requirements.txt` to install updated dependencies

  Run: `paster ensure_index development.ini` in Allura dir

 * [#8212] Github import error on deleted users
 * [#8217] Content doesn't get saved when rate limit is hit
 * Improve new external link dialog
 * Fix scrollbar issue in "get link" dialog
 * Add search help about specific fields, to blog, chat, discussion, wiki tools
 * Audit log table fits better
 * Make project status UI more prominent
 * Better project import validation

 * [#8199] 2FA recovery codes file - line endings
 * Don't list your own u/username project as going to be orphaned when disabling your account
 * Only float profile project icon to left, avoid possible emoji img like in "Allura™"

 * [#8186] Make antispam form post expiration configurable
 * [#8197] Site admin searches match better
 * [#8198] Ability to remove activity entries
 * [#8210] Use different tmp dir for code snapshots
 * [#8211] Use different tmp dir for project exports

 * [#1699] Fix incoming email for wiki pages with space in the title
 * Show wiki edit link & login prompt, based on actual perms, not just whether user is logged in

Code Repositories
 * [#6070] Make code snapshots based on directory
 * [#8194] Persist the list of commits on Merge requests
 * [#8200] Update GitPython to support git >= 2.15
 * [#8201] Mask/hide email addresses in commit messages
 * [#8214] Compute merge request commits in background
 * Avoid calling _git.heads unnecessarily

 * [#6353] Pre-fill "private" using URL param
 * [#8149] Bulk Delete for tickets
 * [#8213] Nested replies don't update ticket timestamp
 * [#8224] Ticket subscriptions orphaned when moving tickets
 * Avoid error when closing a private ticket created by a deleted user

For Developers
 * [#8195] More test coverage for rate limiting
 * Use correct capitalization for solr "OR"
 * Upgrade jinja to 2.10 and avoid bytecode versioning problems
 * wrap export controls area on metadata admin page
 * Don't generate SHA1 files any more, per ASF policy update
 * Provide another master template block to hook in after the "block head" that many individual templates are using (without calling super)
 * Support video_url field in project import
 * Add a note to the debug section about how to do it with docker
 * Make debug pages and post permalinks work correctly when behind a proxy (like docker)
 * refreshrepo.py option to control creating activity, firing webhooks, etc
 * Option in refreshrepo.py to clean commits after certain date
 * Publicize previous security fix in changelog

Version 1.8.1  (March 2018)

New Features
 * [#8192] StopForumSpam filter and moderation+spam update
 * [#8193] Allow rate-limiting of comments

 * [#4841] Anonymous updates should be moderated
 * [#8182] Improve category management screens
 * [#8183] Browse Commits graph should support hi-dpi
 * [#8184] Project Importer should include optional icon
 * [#8185] Allow additional domain patterns for inbound email
 * [#8187] Make forum thread subjects editable
 * [#8191] Remove html-only mailing options
 * Adds convenience property for Neighborhood shortname
 * Fix visual style on a modal cancel button
 * Add tool_data field, use ProjectRegistrationProvider shortname validator, cleanup
 * Ensure after a pwd reset, you can still log in.  Test improvements.

 * [#8189] Fix slow forum listings
 * [#8188] Config options for some scm limit params

 * [#8190] HTTP response splitting vulnerability CVE-2018-1319
 * Remove md5 from our release script, per latest ASF dist policy
 * Publicize previous security fix in changelog

Version 1.8.0  (February 2018)

New Features

 * Notify user of password changes, and more login audit logging
 * [#7908] Docker setup for production environment

Upgrade Instructions

  Run `pip install -r requirements.txt` to install updated dependencies

  To subscribe merge request creators to their own merge requests, run:
  paster script config-file.ini ../scripts/migrations/032-subscribe-merge-request-submitters.py

Bug Fixes & Minor Improvements

 * [#8180] StaticFilesMiddleware allows directory traversal CVE-2018-1299
 * [#8155] Record logins to audit log
 * [#8156] Notify user of password changes
 * [#8158] Add antispam measures to login page
 * [#8159] Loosen ip requirements for antispam checks

 * [#6342] Errors in ForgeLinkPattern parsing
 * [#8160] UnicodeEncodeError processing inbound email
 * [#8169] Updating markdown cache should not affect last_updated
 * [#8172] Markdown dialog shows same text repeatedly
 * [#8176] Don't show related artifacts that user can't view
 * Make Youtube embed work better with different CSS
 * Allow a legacy icon (no original stored) to still be served when a larger width is requested
 * If small icon requested, allow resizing down from old icons even if we don't have newer fullsize original
 * Add a stylized search button to sidebar search boxes
 * When reindexing, set c.app based on current artifact to avoid "Ambiguous link..."
 * Make sure fontawesome never is downloaded twice, since we always provide it
 * Upgrade to pygments 2.2 (includes faster HTML rendering for long lines)

Code Repositories:
 * [#7896] Better plaintext mail for commit notifications
 * [#8048] Better email subjects for merge request updates
 * [#8157] Improvements to multiple commits in single notification
 * [#8164] Merge requests should notify the submitter of changes HAS MIGRATION SCRIPT
 * Handle repo's upstream fork being gone, rather than whole sidebar being blank
 * Fix git merge requests to not update project last_updated when viewed.
 * Show a root directory icon in the repo directory breadcrumbs too
 * If a user can "write" to a MR but not "post" to it, still let them reject their MR
 * Clarify a bit that a repo refresh is different than just refreshing the page
 * Put the disabled attr on the merge button, not the icon within it
 * Handle git 2.x output for last-commit detection
 * Fix url encoding of diff urls
 * Ensure markdown always gets unicode input (e.g. for rendering files from a repo)
 * Fix encoding errors noticed in test.log when running tests with weird-chars.git repo

 * [#8167] errors when updating blog post, if feed item doesn't exist

 * [#8171] Changing your name should update your activity records
 * [#8173] Empty activity pages have floating "1"

 * [#8175] Better permission handling for non-existent wiki pages

 * [#8177] Search bin counts include deleted items
 * [#8178] Configurable invalidation delay for bin counts update
 * Don't error on search_feed if ticket has unresolvable reporter
 * Avoid errors on ticket search if filter=123 or =foo instead of json dict

 * Better labels & buttons for creating new forum
 * Cache Thread.last_post, which avoids dupe queries when the prop is accessed frequently, e.g. in allura/templates/widgets/threads_table.html
 * Include thread subject on spam check (for first post of forum threads)

 * [#8162] When purging a project, admin users missing audit log
 * [#8174] Improve messaging around icon uploads
 * Improve user skills interface:
 * Allow subprojects within User-projects to be removed (since you can create them, after all)
 * Fix positioning of Create project button
 * Add username to admin user detail page title
 * Provide convenience link on admin user detail page to remove all their projects
 * Stronger delete tool messaging (since some people may use it while on an individual thread page)

For Developers:
 * [#8161] Switch from React to Preact - or upgrade to React 16
 * [#8168] Remove TreesDoc usage
 * [#8179] Use PreferencesProvider for contacts and availability fields
 * If an entry point is specified incorrectly, provide helpful error message and continue
 * Flash message positioning moved CSS
 * Add **kw to various @expose'd methods to avoid errors from extra url params
 * Make merge instructions textarea height/width controllable by theme CSS
 * Allow packages to have their own test.ini used automatically from their TestController tests
 * Fix & clean up breadcrumbs link logic (loop scoping changed in jinja 2.9.x)
 * Adds subnav to some account pages, allow explicit selection of current nav item
 * Replace g.url usage with h.absurl; have it always use config.base_url so it works fine behind proxies, etc
 * Adds extra content block for masthead, Adds optional textbox placeholders
 * update jinja version; handle new jinja filter args and loop var scoping
 * Add support for a size param in project_icon_srcs
 * Tests can sometimes convert markdown in "0 seconds" making the caching not work, so use a slightly negative number
 * Provide a AuthProvider hook to do things after login
 * Release script: push single tag instead of all tags

Deployment & Configuration:
 * Better bearer token https check; Unauthorized instead of Forbidden
 * Provide a good index for last_post queries, so mongo won't ever pick the 'timestamp' index which can be very slow
 * Config option to customize the default user avatar image
 * Remove SF branding from default icon (on profile pages), allow overriding
 * Upgrade docker-compose file to v2 format
 * Replace forgemail.url with base_url
 * Include Date header in email, instead of assuming mail service will add it
 * Ticket custom fields that are "number" need to be indexed in solr as double, not int
 * Optional support for much faster cchardet, used in really_unicode()
 * Use nofollow on raw (download) and mode switching links, to reduce crawling within repos a little bit

Version 1.7.0  (June 2017)

New Features

 * [#8143] Support hi-res logos
 * Adds ability for neighborhood home to use Wiki home content

Upgrade Instructions

  Run `pip install -r requirements.txt` to install updated dependencies

Bug Fixes & Minor Improvements

 * [#8140] After password change, change current session id
 * update Pypeline for .rst XSS fix
 * [#5867] Table display too wide, displaying very wide content in comments
 * [#6016] Personal Contacts Remove button not working
 * [#8120] CSS problem in help tooltip
 * Allow for a lot more text in activity entries; do real truncation client-side
 Code Repositories:
 * [#7811] Coloring of long lines in diffs stops too early
 * [#7814] Showing diffs for renamed files
 * [#8144] When pushing multiple commits, email/rss list them backwards
 * [#8142] Allow more configuration of types of checkout commands
 * Remove unneeded broken icon link
 * [#7839] Failed to change permission of discussion
 * [#7232] some unmoderated posts missing from in-line discussion view
 * [#8021] Surface to spammy users to site admins
 * [#8055] Moderate page has wrong params for next/prev page
 * [#8073] Prevent pending users from being added to project ACLs
 * [#8148] Error exporting with certain attachments
 * Remove space in middle of URL that shows where a new tool will be installed at
 * Fix broken export control link
 * [#8059] Ticket search's dropdown filter choices should not show options from deleted tickets
 * [#8150] Bulk edit change comment not shown as meta
 * [#8154] Ticket searches not matching properly
 * On new ticket page, hide helper text that was showing at bottom of page; regression from [#8145] most likely.  Rules copied from jquery-ui.css which isn't included on that page
 * [#8112] Filter out comments from rss feeds
 * Fix RSS updates to blog posts, when post has comments.
 For Developers:
 * [#8145] Minimize jquery ui JS
 * [#8146] Index error with mongo 3.4
 * [#8152] UnicodeDecodeError on svn tarball export's cleanup
 * [#8153] Stronger no-cache headers
 * Updates to installation (libffi-dev needed for cffi package if not installing from wheel)
 * Some SVN errors have critical info after the "Unable to connect" lines (e.g. unreadable repo formats from a newer SVN versions), and should not be treated like an empty/missing dir
 * Latest ubuntu requires locales pkg for locale-gen cmd
 * Move "stylistic" rules from navbar.css to site_style.css so that different themes can more easily style the nav bar
 * Remove unneeded backslashes
 * Upgrade jquery.lightbox_me.js so it can work with jQuery 2 (no $.browser)
 * Change the ForgeUserStats tests' git repos to be unique from each other so they can be run in parallel safely
 * Update link to SVN patch for recursive repos
 * Allow spam checks where artifact=None; text fixes; for [ca8b596]
 * Update six to latest, to match with latest setuptools' six requirement
 * Fix inner_grid for right_bar. Closing quote and variable scoping were wrong.  Not used in core allura currently, so hadn't been a problem
 * Removes neighborhood cache
 * Avoid importer requests hanging indefinitely
 * Better debugging with docker

Version 1.6.0  (December 2016)

New Features
 * Multifactor authentication and recovery codes
 * Add git-http docker container
 * Per-thread subscriptions in discussion forums [#7981]

Bug Fixes & Minor Improvements

 * Specify python 2.7 and ubuntu 16.04 in docs
 * [#6876] Handle revoked OAuth tokens for GitHub import
 * [#8132] Fix comment threading when email In-Reply-To header isn't useful
 * [#8125] Require password when confirming new email address
 * Add rel=nofollow to links in user profiles
 * Includes "seconds" in ago() helper
 * Remove src="#" that was causing extra requests to the same page
 * Fix iframe sanitization so that closing tag is okay, which had been putting closing tags in the wrong place
 * Good text wrapping on project lists
 * Remove weird notch from project list when project has award, and using 2 or 3 column display
 * [#8135] Improve admin categorization page
 Code Repositories:
 * [#5496] Git browse view stalls on "Loading commit details ..."
 * [#8001] Error with git status "T" in a commit
 * [#8131] refresh repo task uses wrong query
 * Remove message about browser not supporting canvas
 * Adds commit id to notification email subject
 For Developers:
 * [#8062] Naming of docker image is incorrect in docker-compose during initial build using git
 * Update docker images, pysolr
 * Update for newer `docker-compose logs` syntax
 * Fix RAML syntax (queryRequired wasn't coming through as bool in the type def), other minor tweaks
 * Split up pylint test into chunks that can be run with nose multiprocess; move pyflakes chunks into parallelized pattern
 * Various other test improvements
 * Remove requirements from setup.py

Version 1.5.0  (August 2016)

New Features
 * [#3593] Add a guided tour after project registration
 * [#8088] Design changes to Discussions
 * Added project count and new design for neighborhood listing
 * Design changes to list attachments. Added lightbox_me to view images
 * Updated design of tool listing
 * Added refresh commits button to merge requests
 * Added emoji rendering via twemoji

Bug Fixes & Minor Improvements

 * [#4644] Don't whitelist form elements in markdown processing
 * [#8006] Large timeline performance issue in activity stream
 * [#8082] Rate limit artifact creation per-user NEEDS INDEX
 * [#8094] Improve project creation UX
 * [#8110] moderation queue items with long lines break layout
 * Added optional parameter metalink in sendmail function that adds a view button in email clients
 * Move help/fullscreen/preview icons on markdown editor to the right
 * Fix how far lists inside comments can go; a proper fix for [#6248]
 * Compressed PNG images losslessly using OptiPNG (-o6 -zm1-9)
 * No rate limiting for anonymous user; on wiki page edit check perms before rate limit
 * Whitelist posts for members of a project
 Code Repositories:
 * [#6409] CSS & JS on commit view missing
 * [#7949] Better listing of files changed in a certain commit
 * [#7965] Improve git/hg/svn endpoints for rest api
 * [#8048] Better email subjects for merge request updates
 * [#8078] Missing notification when using the one-click merge button
 * [#8090] Show merge requests in sidebar, even if there are 0
 * Added link items of owner column to filter by assigned_to
 * Improve design of merge requests listing filter
 * Fix for scm-ssh-key to be visible only if allow upload ssh key is true
 * Speed up checking of newly forked repo (patterned after tarball, merge request pages)
 * Use authored date instead of committed date in merge requests
 * [#8087] Make Columns resizable in ticket table and ticket search
 * [#8104] Skip creating metapost if list of changes is empty
 * [#8106] tracker: can't reply to comment which was just moderated Approved
 * [#8108] tracker markdown text editor handles end key incorrectly
 * [#8071] Create wiki page button should work without admin access
 * [#5194] For newly registered projects, don't send new wiki page email
 * [#7858] /categories URLs needs to use unique ids
 * Don't error out when reindexing a post/thread that has been deleted
 * Specify title for /nf/admin/new_projects page
 * [#8077] Add author profile picture information to the post inside response from the API
 * [#8092] REST API for User Activity does not work due to missing attribute
 For Developers:
 * [#8040] Upgrade SimpleMDE and contribute our toggleCodeBlock
 * [#8079] ensure_index command should not drop indexes
 * [#8109] Reduce gridfs index creation
 * Update copyright year.
 * Adds a jinja block for specifying css classes on body element
 * Remove modernizr and some unused related classes.
 * Updated readme
 * Minor updates to release script
 * Do not buffer output from gunicorn (or taskd/mail containers that extend this one), useful when using print statements during dev
 * Stop tracking ForgeGit/forgegit/tests/data/testgit.git/FETCH_HEAD file which changes values based on local machine when running tests
 * Add a few helpful notes for Docker installation, move login info to Post-setup section so Docker installers see it too

Version 1.4.0  (April 2016)

Upgrade Instructions

 To show a custom logo, update your .ini file with logo.* settings (see development.ini for examples)
 To show custom header links, set global_nav in the .ini file

New Features
 * [#7919] [#7920] New admin nav bar
 * [#5940] Add options for site logo and links in header
 * [#8023] [#8024] Site notification admin interface
 * [#6662] [#8051] Add attachments to Export
 * [#7987] Standardize fenced blocks in markdown

Bug Fixes & Minor Improvements

 Code Repositories:
 * [#8029] Submitter should be able to reject merge request
 * [#8042] Better handing of tmp dirs during merge
 * [#8072] Change "asked you to merge" text
 * Remove .ts from list of known binary extensions; allow repo settings to override binary blacklist
 * Encode username for git
 * [#7998] Adding attachment to wiki loses your text changes
 * [#7929] Enable voting on tickets by default
 * [#8069] Ticket search error: undefined field assigned_to
 * [#8061] Attachments not visible if ticket status is 'pending'
 * [#4153] RSS feed for blog should not show revisions or deleted posts
 * [#8031] Show blog search box
 * [#7145] When deleting a tool, the solr call should be a bg task
 * [#7682] Add confirmation dialog to award/awardgrant delete
 * [#8020] Easy way to view all posts from a certain user, and flag as spam
 * [#8033] create-allura-sitemap.py broken
 * [#8037] Change "Label" admin option to "Rename"
 * [#8057] Handle user-projects better in project delete form
 * When deleting a user project, actually do it - not just disable the user
 * [#4849] Pages are more printer-friendly
 * [#7978] Activity page fixes
 * [#8003] Bugs in attachments to comments
 * [#8005] Subprojects not checked for 'deleted' flag
 * [#8010] Markdown editor does not load when url hash contains slashes
 * [#8013] New Users should not be displayed in /u/wiki/home until email is verified
 * [#8036] Update modal css (simple-flat-dark)
 * [#8046] Don't duplicate titles on neighborhood pages
 * [#8066] Don't error out on missing users
 * Add login redirect to the nav "Log In" link
 * better tool descriptions
 For Developers:
 * [#7907] Use standardized solr installation
 * [#7921] Remove old tool configuration page
 * [#8032] Set up primary emails for test users (paster setup-app)
 * [#8034] Fire event for any menu changes
 * [#8035] Finalize frontend eslint/jscs setup
 * [#8038] Support mongo 3.x
 * [#8039] Change jslint to use an npm tool instead of java
 * [#8041] Update regexes to match DNS host rules better
 * [#8044] API for current site notification
 * [#8047] Akismet filter needs to send original metadata when reporting spam/ham
 * [#8054] Remove Google Code importers
 * Add audit log messages to disable_users.py script
 * Docker fixes
 * Add clear_user_data and from_username helper methods
 * Add guardfile for livereload of frontend changes
 * Delete bootstrap tasks instead of running them; 30-40% speedup in test run time
 * new admin APIs, new _nav.json param
 * remove AdminModal widgets, use JS directly
 * remove sidebar_menu_widgets and admin_menu_widgets, using JS directly instead
 * upgrade existing react code to 0.14
 * better calculation of tool/subproject ordinal values when installing

Version 1.3.2  (December 2015)

Upgrade Instructions

 To enable faster commit views, by skipping copy detection, update the development.ini file to set
 scm.commit.git.detect_copies and scm.commit.hg.detect_copies to false.

New Features

 * [#6797] Move API docs from sf.net wiki to RAML.  Browse at https://forge-allura.apache.org/p/allura/rest-api-docs
 * [#7922] Add "admin" section to the left sidebar of all tools
 * [#7924] Update icon set to FontAwesome
 * [#7999] Admin page to really delete projects
 * [#8004] Cleaner project nav, tool icons removed
 * [#7955] Add more formatting support to markdown editor


 * [#5694] Set max limit on limit param
 * [#8011] Served SVG images can execute JS

Bug Fixes & Minor Improvements

 * [#7957] Document how to run allura with gunicorn/uwsgi/mod_wsgi
 * [#7995] Some docker config & doc improvements
 * [#7911] Remove "bin" terminology from saved searches pages
 Code Repositories:
 * [#7403] [Allura|Bug] - Typo found in initial Git command description.
 * [#7538] If diff is empty, it shouldn't show "empty file" [ss7532]
 * [#7913] Handle parsing of the output from git 2.4.0+
 * [#7925] Speed up diff processing with binary files
 * [#7963] Speed up commit view by disabling copy detection with option
 * [#7822] Should not show draft blog post changes in activity stream
 * [#7871] Send email notifiction on wiki page delete
 * [#7923] Left sidebar should show appropriate links when viewing tool options
 * [#7943] Limit the "_discuss" results from the tickets api.
 * [#7948] Cursor position often wrong in new markdown editor
 * [#7950] Markdown editor should have max height
 * [#7970] Expand urlopen retry conditions
 * [#7994] Fix comments split across two threads, not all comments showing
 * [#8016] Dialog 'cancel' link in wrong place
 * [#7946] Error setting channel in Chat's options
 * [#7953] API endpoints error when using access_token as URL param
 * [#7984] Fix layout at bottom of subscriptions page
 * [#7990] Change link on new_projects admin page
 * [#7997] image attachments visible on posts (replies) awaiting moderation
 * [#8007] Broken icon images when running under gunicorn
 * [#8014] Bug: removed upsert() method needed by TracWikiImporter
 * [#7959] Need to set focus when phone validation overlay appears
 * [#7960] clean_phone_number function is too eager to prepend 1-
 * [#7969] Option to force phone validation language
 * [#7979] Phone validation interfering with project import
 * [#7991] Option to limit phone validation usage
 For Developers:
 * [#7976] JSX and ES6 support, via Broccoli toolchain
 * [#8026] Remove jquery.file_chooser.js
 * [#8027] Fix licensing of several files
 * [#7964] test_merge_request_detail_view fails (intermittent)
 * [#7980] Fix pep8 and pyflakes violations
 * [#8015] Activitystream needs ming config option
 * [#8028] Use virtualenv inside docker

Version 1.3.1  (August 2015)

Upgrade Instructions

 To enable CORS headers for the rest APIs, use the cors.* settings in the development.ini file.
 If you have your own .ini file, enable git tag & branch caching speedups by setting: repo_refs_cache_threshold = .01

New Features

 * [#5943] Post-setup instructions
 * [#6373] Document administrative commands
 * [#7897] Live syntax highlighting for markdown editing
 * [#7927] Allow CORS access to rest APIs
 * [#7540] Ticket notifications should include links to attachments


 * [#7947] XSS vulnerability in link rewriting
 * [#7942] In project admin - user permissions, removing a custom group needs to use POST
 * [#7685] Subscribe/unsubscribe action should use POST

Bug Fixes & Minor Improvements

 * [#4020] Date picker in milestone editor doesn't flip between months
 * [#4802] Wiki edit link is not very discoverable
 * [#7310] "Maximize" should stick
 Code repositories:
 * [#7873] Git branch & tag speedups  -- NEEDS INI
 * [#7894] Don't update merge request timestamps incorrectly
 * [#7932] Fix pagination issue in the commit browser
 * [#7899] Issue with downloading files from repo with spaces in name
 * [#7906] Fix login check on ApacheAccessHandler.py
 * [#7880] Forums mail not getting sent that require moderation
 * [#7930] Bug: viewing a thread updates project mod_date
 Project Admin:
 * [#7884] Move add/edit Features to Metadata section
 * [#7885] Tooltip for project admin
 * [#7898] Icon upload/edit is not clear
 * [#7803] Fix taskd_cleanup to search for right process name
 * [#7889] Improve markdown logic for cached vs threshold limits
 * [#7890] Neighborhood cache preventing saving admin changes
 * [#7916] Error when handling user-profile URLs of users with invalid names.
 * [#7928] Site admin search tables can overflow the page width
 * [#7903] No mention about small letters in user registration
 * [#7909] Use dashes when suggesting project shortnames
 * [#7915] Move Allura installation instructions into the docs
 For Developers:
 * [#7809] Update install/docker to ubuntu 14.04
 * [#7891] Remove zarkov integration code

Version 1.3.0  (June 2015)

Upgrade Instructions

 * Run: cd Allura; paster script development.ini allura/scripts/trim_emails.py

New Features

 * [#4542] Implement webhooks
 * [#7832] APIs to manage webhooks
 * [#7829] Webhooks documentation
 Merge requests:
 * [#7830] One-click merge
 * [#7865] Config options to disable one-click merge requests
 * [#7866] Run can_merge in background, and cache results
 * [#7882] Option to use a tmp dir for git ops on merge request view
 * [#7872] Show markdown preview/help buttons for merge requests
 Phone verification:
 * [#7868] Phone verification system
 * [#7881] Clean up phone numbers before using them
 * [#7887] Better messaging for phone validation
 * [#7806] Create a docker image for Allura
 * [#7886] Config options to limit ticket & wiki page creation
 * [#7840] Support Authorization header for OAuth
 * [#7633] API for has_access
 * [#6057] Adding an external link should be one step, not two
 * [#7850] Ability to close discussion on a ticket
 * [#6107] Disable email posting for the forum? [ss3579]


 * [#7786] Invalidate pwd reset tokens after email change
 * [#7893] CSRF checks don't work on login

Bug Fixes & Minor Improvements

 * [#6017] Should show attachment changelog when ticket gains an attachment
 * [#5467] Create Issue Button Should Always Appear (Only possibly refer to an explanation for why it was disabled).
 * [#7834] Bug: viewing a ticket updates its 'updated' date
 * [#7874] UnicodeEncodeError on ticket attachment diff
 Code Repositories:
 * [#7837] Use repo directly instead of DiffInfoDoc
 * [#7843] Handle quotes in filenames on commit view
 * [#7857] Retry svnsync repo clone failures
 * [#7825] Update "new commits" email template
 * [#7836] Merge request shows 0 commits, if upstream has new commits
 * [#7841] wiki code to not show delete authors.
 User Profile:
 * [#7072] User can't access personal subscriptions page [ss6565]
 * [#7833] Trim emails before saving them to mongo NEEDS SCRIPT
 Tools Configuration:
 * [#7817] Replace "mount point" field with URL field, on tool creation forms
 * [#7820] Validate URLs when configuring external link tool
 * [#7864] Error on google code import with paginated comments
 * [#7854] Decode html entities in importers; and make taskd easier to debug
 Activity Stream:
 * [#7823] Commit activity is assigned to wrong person
 * [#7082] Filter deleted, unmoderated, or spam artifacts from Activity Stream
 * [#7888] has_activity_access/deleted error
 * [#7892] script/task to disable list users
 For Developers:
 * [#7827] Upgrade jQuery to latest version
 * [#7835] Update theme for the documentation.
 * [#7855] Upgrade docutils, Pygments and Babel, so docs can be built easily
 * [#7869] During tests, apply patches only once
 * [#7870] Clean up .ini files
 * [#1731] Cannot delete a post, after deleting its parent
 * [#7852] Don't update mod time when viewing artifact creates a cache
 * [#7856] Error looking up user by email address when email is invalid
 * [#7876] projects macro display_mode=list is missing CSS

Version 1.2.1  (February 2015)

Bug Fixes & Minor Improvements

 * [#5726] RSS feed for discussion stopped 12/13/2012? [ss2637]
 * [#6248] long lines in markdown lists get truncated on the right [ss4073]
 * [#7772] Type text is splitted in more lines if separated by spaces in bulk edit
 * [#7813] Handle uppercase in email address all the time
 * [#7815] KeyError: 'name'
 * [#7808] Check for wiki presence before importing it
 * [#7831] Logout issue
 * [#7816] Show/manage user's pending status
 * [#7821] More accurate audit logs when changing user's status
 * [#7824] Cache neighborhood record
 For developers:
 * [#7516] Timing may case test_set_password_sets_last_updated to fail
 * [#7795] test_version_race fails occassionally
 * [#7819] New email address lookup helpers fail on None

Version 1.2.0  (December 2014)

Upgrade Instructions

 * Edit Allura/development.ini and set: activitystream.enabled = true
 * Run: mongo allura scripts/migrations/030-email-address-_id-to-email--before-upgrade.js
 * Run: mongo allura scripts/migrations/030-email-address-_id-to-email--after-upgrade.js
 * Run (optional): mongo allura scripts/migrations/030-email-address-_id-to-email--cleanup.js
 * Run: cd Allura; paster ensure_index development.ini
 * Run: cd Allura; paster script development.ini ../scripts/migrations/031-set-user-pending-to-false.py
 * Run: cd Allura; paster script development.ini allura/scripts/remove_duplicate_troves.py

New Features

 * [#7097] New profile page design
 * [#7156] Turn on activitystreams by default
 * Admin page to search for projects
 * Admin pages to search, view, and edit user details
 * [#7524] User audit trail, for site admins
 * [#7593] Allow site admins to add user audit entries
 * LDAP improvements
 * [#7409] Configurable max & min password lengths
 * [#7432] Password expiration
 * [#7451] Remember me option on login
 * [#7372] Allow users to disable their own accounts
 * [#2286] Ability to restrict tools per neighborhood
 * [#4019] Add an easy way to filter ticket queries by open/closed without knowing Solr syntax
 * [#4905] button to subscribe to a wiki
 * [#7134] Added option to allow overriding repo clone URL
 * [#7381] Google code importer should handle Apache-Extras/EclipseLabs projects

Removed functionality:

 * [#1687] Remove pre-oauth API keys (use OAuth now)
 * [#7013] Remove broken openid support

Bug Fixes & Minor Improvements:

 * [#4602] Artifact links to closed tickets should have strikethrough
 * [#4987] Artifact links within a tool should match within tool first
 * [#4703] "Related" artifacts should indicate project/tool if referencing other project
 * [#6305] Merge email notifications when possible
 * [#7213] Discussion edit/reply non-functional in IE11 (at least)
 * [#7378] RSS feeds shouldn't include comments held for moderation
 * [#7679] project admin listings should not include disabled users
 Users & Authentication:
 * [#6677] User profile's list of projects is slow to build
 * [#5414] Typo on user prefs page
 * [#3815] return_to field not created in LoginForm
 * [#7085] error on activity rss feed for users
 * [#7164] Make activity widgets show 5 items if possible
 * [#7410] Show more info in password recovery flow
 * [#7436] /auth/preferences cleanup
 * [#7452] Require an email address be verified before it is set as primary
 * [#7480] Track last session info
 * [#7484] OAuth app names don't need to be globally unique NEEDS ENSURE_INDEX
 * [#7492] Clean up incomplete sentence in activity feed
 * [#7523] Better to go to /auth/preferences after email addr verification
 * [#7526] Fix mail headers in email verification email
 * [#7527] Email address associations need better user associations NEEDS MONGO MIGRATION
 * [#7543] Password recovery should not confirm email addr existance
 * [#7545] return_to param should be validated for relative URLs
 * [#7585] Require password entry for changes to email settings
 * [#7635] Add autofocus to login form
 * [#7636] Fix forgotten pwd link on login overlay
 * [#7688] Redirect to password expiration page after login
 * [#7704] Option to require email for user registration NEEDS MIGRATION
 * [#7715] Handle + in email address url params
 * [#7717] Better existing email addr handling
 * [#7732] Be able to use secure cookies and SSLMiddleware
 * [#7756] Ensure user always go to pwd expired form, when expired
 * [#7759] After resetting pwd and logging in, don't redir back to pwd reset form
 * [#7761] Disabling a user does not remove/disable his primary email
 * [#7787] Ldap error when logging in with unicode in username or password
 * [#7794] "Page Size" preference must actually affect pagination
 * [#7799] Changing password should invalidate other sessions
 * [#5939] Missing icons on permission edit page
 * [#6495] Screenshot admin UI improvements
 * [#6834] Inconsistent display of new user in Permissions
 * [#6949] Error on export: artifact ref and cleanup
 * [#7014] Trove category editing improvements
 * [#7075] Screenshot macro incorrectly includes text about sorting
 * [#7275] Add users broken in IE11
 * [#7293] Create Trove Category browse page
 * [#7347] Add URL and comment fields to AwardGrant
 * [#7351] When export control is True, it always records a change in the audit log
 * [#7613] Integrate sortable.js to the new_projects page
 * [#7675] Fix error when deleted permission group is still referenced
 Code Repositories:
 * [#5175] Merge requests should have a good <title>
 * [#5176] Merge requests should show the date
 * [#6164] Ability to edit merge requests
 * [#6301] Track changes to merge requests
 * [#6902] Merge request to branch list commits against master
 * [#7295] Bigger text inputs for merge requests
 * [#5472] JS spinner uses a lot of CPU
 * [#5700] Replace "git branch --set-upstream" with "git branch --set-upstream-to"
 * [#5769] Can't select code via double- or triple-click
 * [#6764] Git test failures on 1.8.3
 * [#7021] Handle pgp-signed git commits
 * [#7051] 500 error with large number of repos
 * [#7069] unable to view/process merge requests when fork is deleted
 * [#7127] "Download snapshot" background too tall
 * [#7207] git repos without master branch behave poorly
 * [#7325] Uninitialized git repo allows forking.
 * [#7333] svn web import tool breaks repos
 * [#5948] Status on individual Milestone view always shows Open
 * [#6019] List current user first in user-drop-downs
 * [#4701] Add current ticket's milestone to email notification
 * [#4981] Ticket voting buttons should only display if you have permission to vote
 * [#7399] JS errors on ticket bulk edit prevent submission
 * [#7495] 'url' missing on MovedTicket models
 * [#7560] Avoid weird permissions when anonymous creates a private ticket
 * [#7566] Milestone admin page can be very slow
 * [#7528] XSS on wiki page and preview
 * [#7107] Add confirmation to "Revert to Version" button
 * [#7168] Markdown macro to load content from repository
 * [#7202] Use https for youtube embed
 * [#7353] Cannot delete wiki entries
 * [#7294] "related" section header not aligned properly
 * [#7647] Script to clean up, or code to handle, Dupe Key errors on wiki page_history
 * [#6930] Email notification for a blog post rename stating the opposite
 * [#7218] Feedburner doesn't like Blog RSS feed
 URL Shortener:
 * [#7324] Fix incorrect div width on URL shortening tool
 * [#7208] DOAP API for projects
 * [#7292] User profile API
 * [#7267] Change TroveCategory event API
 * [#7507] Project API errors on unicode screenshot name
 * [#7508] Add project creation date to API
 * [#7659] Allow tools to add fields to project json API
 * [#7722] API for disabled users should 404
 * [#7789] Return more fields in ticket API search results
 * [#7114] Make imports work on user projects
 * [#7124] Validate Trac URLs before importing
 * [#7111] Refactor tool importers to use target_app for g.entry_points
 * [#7160] Trac-Tickets Importer Rejects URL Containing IP Address
 * [#7177] Trac ticket error: astimezone() cannot be applied to a naive datetime
 * [#7580] Ticket attachments aren't imported in Allura importer
 * [#7801] Issues import from GitHub is broken
 * [#6561] Clean up setup-app output
 * [#6701] Integrate allura authorization with Git/SVN (over HTTP)
 * [#7128] Change SVN's browse commits graph to direct SCM access
 * [#7163] Create read perms on ForgeActivity app - NEEDS MONGO CMD
 * [#7214] Fix pytidylib install; admin page when tools not installed
 * [#7224] Timermiddleware should measure mongo write ops too
 * [#7277] Incubator graduation items
 * [#7287] Update docs/scm_host.rst with info about ApacheAuthHandler.py
 * [#7316] Review & update scm_host docs
 * [#7309] add_project form lists all tools, including several that won't work
 * [#7307] Broken handling of InvalidDocument: BSON document too large
 * [#7513] Fixing imported wiki pages with slashes in titles
 * [#7510] Test extracting Allura tickets for Apache move
 * [#7582] Script to set up MovedTicket records for tickets we're moving to Apache
 * [#7628] Clean up dupe trove categories / test_filtering fails occasionally NEEDS CMD
 * [#7683] Make collection of birthdate configurable
 * [#7800] Standardize IP addr lookup
 * [#7027] Cache /nf/tool_icon_css better
 * [#7181] users_with_named_role should query for the name role only
 * [#7185] project list macro makes unnecessary queries
 * [#7186] Need index on artifact_feed (project_id, pubdate) NEEDS ENSURE_INDEX
 * [#7199] filter projects in create-allura-sitemap.py
 * [#7472] Thread view counts shouldn't trigger add_artifact tasks
 * [#7562] Remove unnecessary monq_task 'args' index NEEDS ENSURE_INDEX
 * [#7644] Make /nf/admin/new_projects faster
 For developers:
 * [#7802] Easier to make a custom theme based on main theme
 * [#7401] Allow custom middleware
 * [#7029] AuthProvider should be able to add routes to /auth/
 * [#7154] Expand AdminExtension to support site-admin pages
 * [#7130] Blob.next_commit and prev_commit should be removed
 * [#7142] Better conditional around sending zarkov events
 * [#7173] Improve auth docstrings
 * [#7178] error with parallel tests: 'solr' is None
 * [#7215] Test suite timing out
 * [#7239] Update feedparser
 * [#7260] Tests create trove categories unnecessarily
 * [#7305] Document SCM code and merge repo.py into repository.py
 * [#7329] Update ForeignIdProperty('User') for latest ming
 * [#7579] Use sendsimplemail instead of sendmail in some cases
 * [#7581] TestSVNRepo.test_log fails with svn 1.8
 * [#7804] Use OAuth token for github project validation
 * [#7805] Improve GitHubOAuthMixin

Version 1.1.0  (February 2014)

Upgrade Instructions

 * Run ensure_index command
 * 3rd party tools that do not use EasyWidgets will need {{lib.csrf_token()}} added to each <form>

New Features

 * [#6777] Create a site-wide notification mechanism
 * Improved activity stream display and events
 * [#6694] Form to send message to a user
 * [#6783] Create a process to reset forgotten passwords
 * [#6804] API to install a tool
 * [#6692] API for exports
 * [#6692] Simpler oauth API via bearer tokens
 * [#5475] Javascript not required for most forms any more
 * [#5424] Provide instructions for running git/hg/svn services
 * [#6896] Developer architecture docs
 * [#4808] Factor out SourceForge-specific bits of Allura

Bug Fixes & Minor Improvements:

 * Many fixes and improvements for GitHub, Google Code, Trac and Allura importers
 Code Tools:
 * [#7006] hide misleading message on Browse Commits page
 * [#6796] Render all (not just readme) markdown files in repos
 * [#6801] Options to parallelize last_commit_ids
 * [#6826] Mass edit emails have invalid To: address
 * [#6821] Change hg browser to get "last commit" info from hg instead of mongo (if ForgeHg installed)
 * [#6894] SVN/Git refresh hooks fail for redirects
 * [#6905] better code snapshot status UX
 * [#6938] AttributeError on fork listing page
 * [#6982] SCM views should parse user/email pairs better
 * [#7022] UnicodeDecodeError on side-by-side diff text
 * [#6111] remove markdown rendering of commit messages, keep artifact linking
 * [#4671] Delete old-style LastCommitDoc code
 * [#6603] Certain code snapshots take forever even to queue up
 * [#6686] Change git browser to get "last commit" info from git instead of mongo
 * [#6743] unicode paths in code browser 500 error
 * [#6852] Maximize view for ticket lists
 * [#6803] Labels should be set without hitting enter
 * [#6893] Former team member unassigned from ticket on metadata update
 * [#2778] Tickets: milestone names are bound once they are equal
 * [#4812] Title field for new tickets mistaken as search bar
 * [#5749] setting to specify a default milestone
 * [#6088] Ticket search help open in new window
 * [#6328] Use In-Reply-To: and References: headers for outgoing ticket emails
 * [#6381] Allura tickets system intermittently discards replies to comments
 * [#7047] ticket bulk_edit task sometimes doesn't call add_artifacts
 * [#4429] ticket bulk-edit forcibly always sets all custom boolean fields to True
 * [#6646] bulk edit to add labels
 * [#6752] bulk edit to change "private" field
 * [#6979] Bulk edit on some milestones with ":" gives empty set
 * [#6906] Fatal error when replying to tracker item
 User profile:
 * [#6833] Choice of social networks should be configurable
 * [#7062] Set first email address as 'primary' automatically
 * [#6676] User profile page should show date joined
 * [#7063] Add last_edited field to discussion REST API
 * [#7065] Slow post queries happening on invalid URLs
 * [#6864] Add spam button for comments
 * [#6910] Emails with empty or missing From: should be treated as anonymous
 * [#6917] User block list not stopping posts-via-email
 * [#5182] prevent out-of-office replies to allura notifications
 * [#6249] Use a stable Sender: header in email notifications
 * [#4373] wiki diff incorrectly shows a lot of changes
 Project admin:
 * [#6848] Coalesce scripts/migrations/*trove*.py into command/create_trove_categories.py
 * [#6865] Project admin for categories should be sorted
 * [#6866] Audit trail adds fb & twitter values even if they don't change
 * [#6795] TroveCategory.children is slow
 * [#6889] possible XSS on /p/add_project/
 * [#5502] Prevent adding certain tools multiple times
 * Cache markdown rendering results
 * [#6971] Task manager can't set c.project for user-projects
 * [#7009] /nf/tool_icon_css doesn't preserve https for URLs
 * improved smtp_server error handling
 * [#4091] ensure_index takes for ever looping over every single project
 * [#4723] Don't link to user-project when Anonymous
 * [#5330] taskd leaves defunct git processes around
 * [#6713] Slow /auth/bare_openid?url=/user/registration
 * [#6484] Move ForgeWiki mediawiki importer (GPL dep) into standalone importer - NEEDS CONFIGTREE
 * [#7005] allura.tasks.repo_tasks.clone clobbers Project record
 For developers:
 * [#7028] severely stunted landing page html after vagrant install
 * [#6393] Allow plugins to register new markdown macros
 * [#6994] Test improvements/speedups
 * [#6942] Make custom tool icons work properly
 * [#7119] Add config switch to disable template overriding
 * [#6714] Rename & move User.project_role()
 * [#6716] __json__ should return plain dicts
 * [#6388] Tool to inspect performance, particularly between commits

Version 1.0.1  (October 2013)

Upgrade Instructions

 * Run ensure_index command
 * Add bulk export and importer_upload_path INI settings (see development.ini)

New Features

 * [#6422] Added release script and DISCLAIMER, cleaned up NOTICE, LICENSE, and README files
 * Added GitHub importers for Project, Code, Wiki, and Tickets
 * Added Tickets importer for Google Code
 * Added Allura exported Tickets importer
 * [#3154] Allura data export

Bug Fixes & Minor Improvements:

 * Improvements to importer infrastructure
 * Additions to Tracker API
 * Fixes for Trac importer
 * Performance improvements for code snapshots
 * [#5561] Maximize view for wide code files
 * [#5775] Allura Code Viewer: provide "copied from" link in history view
 * [#6284] Allura Code Viewer: show SVN revision in commit browser
 * [#6626] Regression: SVN urls don't default to HEAD revision
 * [#6629] "list index out of range" error on git _iter_commits_with_refs
 * [#6695] timeout & loop detection in LCD logic
 * [#6529] Login overlay
 * [#4595] Revisions to /nf/admin/new_projects
 * [#5966] Script to move wiki
 * [#6100] URL-Redirection for moved tickets
 * [#6392] Per tool user bans
 * [#6431] Upgrade to ming 0.4.x to avoid extraneous count() queries
 * [#6539] Timeouts on approving moderated comments [ss4838]
 * [#6545] Show forum stats graph
 * [#6604] IE9 json parsing vulnerability
 * [#6654] Tracker stats template error
 * [#6685] add faulthandler to smtp_server
 * [#6699] Provide a way to add additional Timers to AlluraTimerMiddleware

Version 1.0.0  (August 2013) (unreleased)

 * Initial ASF Incubation release