https://forge-allura.apache.org/p/allura/tickets/You searched for labels%3A%22sf-4%22enTue, 26 May 2026 16:12:33 -0000https://forge-allura.apache.org/p/allura/tickets/8608/Guillermo CruzTue, 26 May 2026 16:12:33 -0000https://forge-allura.apache.org/p/allura/tickets/8608/https://forge-allura.apache.org/p/allura/tickets/8601/With a link we can have a longer token for more security (still type-able if needed). And the link will defeat some MITM phishing attacks, forcing you to the right site. We can apply this to 2FA accounts too (currently being skipped) so they get the MITM protections too Downside is if you don't have email access on the same computer you're logging in to :(Dave BrondsemaFri, 01 May 2026 18:21:37 -0000https://forge-allura.apache.org/p/allura/tickets/8601/https://forge-allura.apache.org/p/allura/tickets/8597/In some very specific cases the performance of markdown can be quite badDave BrondsemaMon, 23 Feb 2026 20:20:24 -0000https://forge-allura.apache.org/p/allura/tickets/8597/https://forge-allura.apache.org/p/allura/tickets/8594/Like every quarter let's update the Python packages we use.Guillermo CruzTue, 10 Feb 2026 22:08:51 -0000https://forge-allura.apache.org/p/allura/tickets/8594/https://forge-allura.apache.org/p/allura/tickets/8592/`myfunc.post(..` and `post_event` take special params like `delay` but that would prevent the a normal `delay` parameter from being used. So we should make it `__task_delay`. Same for `flush_immediately`, and adding `priority` as an option now too. Then after that improvement, lets start using `__task_priority` in the reindex command, so they can run at a lower priority and not interfere with normal tasks.Dave BrondsemaThu, 11 Dec 2025 18:21:12 -0000https://forge-allura.apache.org/p/allura/tickets/8592/https://forge-allura.apache.org/p/allura/tickets/8588/`regex-as-re-globally` is a very hacky package (I made it, I'm ok to admit it) and it continuously has needs more fixes for every new version of python https://github.com/brondsem/regex-as-re-globally/issues?q=is%3Aissue So lets fix our regexes so we don't need itDave BrondsemaMon, 01 Dec 2025 17:36:58 -0000https://forge-allura.apache.org/p/allura/tickets/8588/https://forge-allura.apache.org/p/allura/tickets/8579/https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Clear-Site-Data Option to clear: session, cookies, and moreDillon WallsTue, 12 Aug 2025 17:44:02 -0000https://forge-allura.apache.org/p/allura/tickets/8579/https://forge-allura.apache.org/p/allura/tickets/8577/Enable the ability to add notes per projects in the `new projects` admin sectionGuillermo CruzTue, 12 Aug 2025 17:44:01 -0000https://forge-allura.apache.org/p/allura/tickets/8577/https://forge-allura.apache.org/p/allura/tickets/8576/To get compliant with https://retirejs.github.io/retire.js/ vulnerability scanningDave BrondsemaTue, 12 Aug 2025 17:44:01 -0000https://forge-allura.apache.org/p/allura/tickets/8576/https://forge-allura.apache.org/p/allura/tickets/8572/Dave BrondsemaTue, 12 Aug 2025 17:44:00 -0000https://forge-allura.apache.org/p/allura/tickets/8572/https://forge-allura.apache.org/p/allura/tickets/8568/Dave BrondsemaTue, 12 Aug 2025 17:43:59 -0000https://forge-allura.apache.org/p/allura/tickets/8568/https://forge-allura.apache.org/p/allura/tickets/8567/Like every 4 months upgrade packages and run testsGuillermo CruzTue, 12 Aug 2025 17:43:59 -0000https://forge-allura.apache.org/p/allura/tickets/8567/https://forge-allura.apache.org/p/allura/tickets/8565/There are quite a few methods that were removed or changed in the jump from pymongo3 to pymongo4. Many of these have been back-ported to pymongo3. In coordination with Ming, we should incrementally work towards pymongo4. A good way to accomplish this is to keep pymongo3 but migrate to the new api in as many places as possible.Dillon WallsTue, 12 Aug 2025 17:43:59 -0000https://forge-allura.apache.org/p/allura/tickets/8565/https://forge-allura.apache.org/p/allura/tickets/8564/One feature that I've always thought would be nice is the ability to create an "empty" merge request that represents a new chunk of work. So even If I don't have a fork, as long as I have write access to a git repo, I can "Create Merge Request" and it will default to merging master onto master. This could immediately be updated to point to a branch of your choosing. Or maybe this flow could create a branch for you! Or you could leave it pointing to master and update the MR later. But having this option to arbitrarily create new MRs will streamline the process of embarking on new work. It has the added benefit of keeping all relevant discussion happening as close as possible to the work itself. I believe GitHub has something similar to this, but I'm not 100% sure.Dillon WallsTue, 18 Jun 2024 22:32:57 -0000https://forge-allura.apache.org/p/allura/tickets/8564/https://forge-allura.apache.org/p/allura/tickets/8560/Projects can set a `tracking_id` tag if the `google_analytics` feature is enabled for the neighborhood. Doing this automatically includes the analytics.js snippet and initializes it with the project's tag on all project pages. Nifty feature. However, this is all using Google's now fully deprecated Universal Analytics. UA will be fully shutdown and deleted as of July 2024. It has been replaced by its successor Google Analytics 4 (GA4). It appears that for some time now (and for an indeterminate amount of time into the future) Google has been forwarding all UA traffic to GA4 behind the scenes. So all existing UA tags and snippets out in the wild will continue to function. This means that all projects that already have `tracking_id`s set will continue to work as expected for the foreseeable future. However #2, It is unknown whether this flow will work for new GA4 tags. For example if a new project wants to add new analytics, they will only have a GA4 tag. Will the existing UA snippet flow work with that tag? So for that reason and for the reason that GA4 has all sorts of fancy new features, it would be nice if we officially supported it going forward. Other things to consider: * Update the documentation to mention extending/overriding the `custom_tracking_js` macro in a custom theme for further analytics collection customization.Dillon WallsThu, 09 May 2024 19:09:02 -0000https://forge-allura.apache.org/p/allura/tickets/8560/https://forge-allura.apache.org/p/allura/tickets/8559/need to handle booleans like `private` and `discussion_disabled` for example (currently only works if you pass `''` and it does the wrong thing if you say "false" as a string). And custom fields based on their specified type.Dave BrondsemaMon, 10 Jun 2024 15:31:46 -0000https://forge-allura.apache.org/p/allura/tickets/8559/https://forge-allura.apache.org/p/allura/tickets/8556/`has_access` returns a TruthyCallable which can be treated as a bool or called again, which is confusing. There's lots of `has_access(...)()` syntax that can be cleaned up now. After cleanup is done (including within external plugins/extensions), we can then remove the TruthyCallable and predicate behavior of has_access, and have it return a simple bool. Code changes necessary: - `has_access(...)()` -> `has_access(...)` - `has_access(c.app, 'read')(user=user)` -> `has_access(c.app, 'read', user)` - `require(has_access(c.app, 'read'))` -> `require_access(c.app, 'read'))` If `require(...)` is used in other situations, ideally it should be changed completely. Or, change from a callable to a bool like `require(lambda: foo == bar)` -> `require(foo == bar)` but this cannot be done ahead of time, it mus be done at the time of full removal.Dave BrondsemaMon, 08 Dec 2025 22:50:55 -0000https://forge-allura.apache.org/p/allura/tickets/8556/https://forge-allura.apache.org/p/allura/tickets/8555/If a user is blocked at the tool level, they still may be able to post in discussion forums that have additional ACLs. E.g. a forum within the discussion tool, which has anonymous posting allowed, or has developer only posting.Dave BrondsemaMon, 10 Jun 2024 15:31:45 -0000https://forge-allura.apache.org/p/allura/tickets/8555/https://forge-allura.apache.org/p/allura/tickets/8540/The "Recently Updated" sort option on wiki's Browse Pages does not work correctly. It does the query and then applies a sort afterwards. So if you have more than one page of results, it only sorts within the current page not the whole set of pages.Dave BrondsemaMon, 10 Jun 2024 15:31:45 -0000https://forge-allura.apache.org/p/allura/tickets/8540/https://forge-allura.apache.org/p/allura/tickets/8539/https://docs.astral.sh/ruff/rules/#flake8-bandit-s in particular would be good, some others tooDave BrondsemaMon, 10 Jun 2024 15:31:45 -0000https://forge-allura.apache.org/p/allura/tickets/8539/https://forge-allura.apache.org/p/allura/tickets/8538/Dillon WallsMon, 10 Jun 2024 15:31:45 -0000https://forge-allura.apache.org/p/allura/tickets/8538/https://forge-allura.apache.org/p/allura/tickets/8537/- move `GoogleAnalytics` further down the page - remove `scanMessages` from `jquery.notify.js`Guillermo CruzMon, 10 Jun 2024 15:31:45 -0000https://forge-allura.apache.org/p/allura/tickets/8537/