From 4a941cf5e3e586d91ed97a1153cf976b58f15def Mon Sep 17 00:00:00 2001 From: Guillaume Ayoub Date: Thu, 31 Dec 2015 12:59:46 +0100 Subject: [PATCH] Add news --- news/gayoub/2015-12-31@11:54:03.rst | 34 +++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 news/gayoub/2015-12-31@11:54:03.rst diff --git a/news/gayoub/2015-12-31@11:54:03.rst b/news/gayoub/2015-12-31@11:54:03.rst new file mode 100644 index 00000000..cf6d1da4 --- /dev/null +++ b/news/gayoub/2015-12-31@11:54:03.rst @@ -0,0 +1,34 @@ +Radicale 1.1 +============ + +Radicale 1.1 is out! + + +1.1 - Law of Nature +------------------- + +One feature in this release is **not backward compatible**: + +* Use the first matching section for rights (inspired from daald) + +Now, the first section matching the path and current user in your custom rights +file is used. In the previous versions, the most permissive rights of all the +matching sections were applied. This new behaviour gives a simple way to make +specific rules at the top of the file independant from the generic ones. + +Many **improvements in this release are related to security**, you should +upgrade Radicale as soon as possible: + +* Improve the regex used for well-known URIs (by Unrud) +* Prevent regex injection in rights management (by Unrud) +* Prevent crafted HTTP request from calling arbitrary functions (by Unrud) +* Improve URI sanitation and conversion to filesystem path (by Unrud) +* Decouple the daemon from its parent environment (by Unrud) + +Some bugs have been fixed and little enhancements have been added: + +* Assign new items to corret key (by Unrud) +* Avoid race condition in PID file creation (by Unrud) +* Improve the docker version (by cdpb) +* Encode message and commiter for git commits +* Test with Python 3.5