From 949a8f982af7baf0c08c19c146ac078729af227a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alexis=20M=C3=A9taireau?= Date: Tue, 19 Oct 2021 19:26:44 +0200 Subject: [PATCH] Update changelog. Based on the work done in #570 and #834 by @Natim and @Glandos. --- CHANGELOG.rst | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 42adf4b7..75f5ffd1 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -9,12 +9,13 @@ This document describes changes between each past release. Breaking changes ---------------- -- Include project code into project authentication token. This invalidates all existing API tokens and invitation links from previous versions (#802) +- Include project code into project authentication token. This invalidates all existing API tokens and invitation links from previous versions (#802 #843) - Drop support for Python 2 (#483) - Drop support for Python 3.5 (#571) - Drop support for MySQL (#743) - Require MariaDB version 10.3.2 or above (#632) - Enable session cookie security by default (#845) +- Change token path authentication to /{project}/join/{token} (#843) The minimum supported version is now Python 3.6, and the project is tested with up to Python 3.9 @@ -28,13 +29,14 @@ Security - Add CSRF validation on destructive actions (#796) - Ask for private code to delete project or project history (#796) - Add headers to mitigate Clickjacking, XSS, and other attacks: `X-Frame-Options`, `X-XSS-Protection`, `X-Content-Type-Options`, `Content-Security-Policy`, `Referrer-Policy` (#845) +- Add URL validation to external link to prevent XSS (#846) Added ----- - Allow to import previously exported json data (#518) - Add new optional field "external link" in bill form (#429) -- Add currencies to project and bills (#541) +- Add optional currencies to project and bills (#541, #864) - Add new statistics showing monthly expenses (#526) - Add pagination to the list of bills (#480) - Add sorting, pagination, and searching to the admin dashboard (#538) @@ -57,6 +59,12 @@ Changed - Display "flash messages" persistently instead of making them disappear (#856) - Improve menu bar spacing, put history and settings in a submenu (#739) - Change Dockerfile to install python dependencies at build time (#793) +- Updating project settings doesn't require to enter or update project code (#774) +- Bump dependencies: WTForms (#768) jinja2 (#753) itsdangerous (#756) flask (#755 #757 #764) +- Remove requirements files in favor of setup.cfg pinning (#558) +- Make language choice persistent (#547) +- Flash messages must be dimissed manually (#856) +- Increased the font size of the logo (#828) Fixed ----- @@ -65,12 +73,17 @@ Fixed - Fix order of participants in the statistics page (#608) - Clarify project edition form: private code is not required (#774) - Fix Python dependency contraints to be less strict +- Improve documentation (#781 #819 #821) +- Fix datepicker that was displayed twice on some browsers (#221) +- Members weight are now rounded to 2 decimal (#838) Documentation ------------- - Reorganize "Contributing" documentation to be more accessible to new contributors - Improve documentation regarding database migrations (#569) +- Added a page about `the security model `_ (#858) + 4.1.5 (2020-07-26) ==================