Add news

news/gayoub/2015-12-31@11:54:03.rst

@@ -0,0 +1,34 @@
+Radicale 1.1
+============
+
+Radicale 1.1 is out!
+
+
+1.1 - Law of Nature
+-------------------
+
+One feature in this release is **not backward compatible**:
+
+* Use the first matching section for rights (inspired from daald)
+
+Now, the first section matching the path and current user in your custom rights
+file is used. In the previous versions, the most permissive rights of all the
+matching sections were applied. This new behaviour gives a simple way to make
+specific rules at the top of the file independant from the generic ones.
+
+Many **improvements in this release are related to security**, you should
+upgrade Radicale as soon as possible:
+
+* Improve the regex used for well-known URIs (by Unrud)
+* Prevent regex injection in rights management (by Unrud)
+* Prevent crafted HTTP request from calling arbitrary functions (by Unrud)
+* Improve URI sanitation and conversion to filesystem path (by Unrud)
+* Decouple the daemon from its parent environment (by Unrud)
+
+Some bugs have been fixed and little enhancements have been added:
+
+* Assign new items to corret key (by Unrud)
+* Avoid race condition in PID file creation (by Unrud)
+* Improve the docker version (by cdpb)
+* Encode message and commiter for git commits
+* Test with Python 3.5