Skip to content

Release 0.21
Compare
Choose a tag to compare
@crowbot crowbot released this 30 Mar 15:05
· 11057 commits to develop since this release
0.21.0.0
f24cc98

Highlighted Features

  • Lots of improvements in the process of making a new
    request (Martin Wright, Gareth Rees, Louise Crow):
    • Removal of confusing AJAX results in /select_authority.
    • Better layout of search/filtering options on the authority pages.
    • Better layout of the authority pages on smaller screens.
    • The dynamic list of possibly related requests for a new request
      is now limited to requests to the same authority and capped at
      three requests
    • 'Create a new account' option now more prominent than 'Sign in' on /sign_in
    • Better options for sharing your request on social media, and other
      actions to take once the request is made.
  • Some general security improvements:
    • State changing admin actions are now restricted to PUT or POST methods
      to protect against CSRF attacks, and now use more standard RESTful
      routing (Louise Crow).
    • Global request forgery protection is now used (Gareth Rees).
    • Some standard security headers are added by default (Louise Crow).
    • A TTL is enforced on session cookies (Louise Crow).
  • Added a new AUTHORITY_MUST_RESPOND configuration variable. Set this to
    true If authorities must respond by law. Set to false otherwise. It
    defaults to true. At the moment this just tweaks some UI text (Gareth Rees).
  • New rake task for cleaning theme translations - rake gettext:clean_theme (Gareth Rees).
  • There's a new admin interface for adding public holidays for the site,
    to be used in calculating request due dates. Documentation for using
    this interface is available at
    http://alaveteli.org/docs/installing/next_steps/#add-some-public-holidays (Louise Crow).
  • Some interface phrases have been grouped together for easier
    translation (Gareth Rees, Louise Crow).
  • Now using the bootstrap js files from the bootstrap-sass gem.
  • Confusing 'web analytics' section of admin pages removed (Henare Degan)
  • Banned users can no longer update their profile (Gareth Rees).
  • The code that removes email addresses and mobile phone numbers from
    the public view of requests an responses has been refactored, and the
    text that's used to replace the email addresses and phone numbers can
    now be translated (Louise Crow).
  • Fixed a bug with the CSV import of authorities which have the same
    name in multiple locales (Louise Crow).
  • No longer need to restart webserver when compacting Xapian database (Gareth
    Rees).
  • config/deploy.yml now accepts a daemon_name parameter so that Capistrano
    can deploy multiple Alaveteli instances on the same host (Gareth Rees).
Assets 2
Loading