Release 0.22

Highlighted Features

• Upgrades and fixes for security announcements CVE-2015-3225, CVE-2015-3227 and
  CVE-2015-1840 (Louise Crow).
• Attachment text conversion to UTF-8 is now handled in a clearer way by the
  FoiAttachment model. Censor rules are applied with the appropriate encoding
  (Louise Crow).
• A rake task temp:fix_invalid_utf8 has been added to help people migrating an
  Alaveteli install from ruby 1.8.7 to a later ruby version (Louise Crow).
• An example wrapper script, config/run-with-rbenv-path has been added to run
  the mail scripts using the ruby version set by rbenv. Example code for this
  has also been added to the daemon and cron example files.
• Remove dependency on tools provided by sharutils package (Gareth Rees).
• Use rack-utf8_sanitizer to handle badly-formed UTF-8 in request URI and
  headers (Louise Crow).
• Correctly handle names with commas in ContactMailer (Louise Crow).
• Various performance improvements in InfoRequestEvent (Gareth Rees).
• Improve performance of PublicBodyController#show (Gareth Rees).
• Various performance improvements in PublicBody (Gareth Rees).
• General improvements to string encoding handling (Louise Crow).
• Allow locale specific language names (Louise Crow).
• Fix count of requests on authority page (Henare Degan).
• Added Croatian Alaveteli to the list of world FOI websites
  (Miroslav Schlossberg).
• Various code duplication cleanup (James McKinney).
• Improve error reporting on graph generation (Petter Reinholdtsen).
• Admin summary page performance improvements (Gareth Rees).
• Various performance improvements in InfoRequest (Gareth Rees).
• Add missing ttf-bitstream-vera package (Petter Reinholdtsen).
• Send mail import errors to exception notification address (Louise Crow).
• Add bullet for tracking N+1 queries in development environment. Turn on by
  setting USE_BULLET_IN_DEVELOPMENT to true (Gareth Rees).
• Performance improvement when initializing InfoRequest instances (Gareth Rees).
• root no longer required to read mail logs
• Code quality improvements to ActsAsXapian (Louise Crow).
• Don't put HTML entities in email subject lines (Henare Degan).
• Defunct authorities are removed from the list of authorities with mising
  emails on the admin summary page (Henare Degan).
• Correctly encode words to highlight (Caleb Tutty).
• The request email of a PublicBody with a blank request_email database
  attribute will not be overridden by OVERRIDE_ALL_PUBLIC_BODY_REQUEST_EMAILS
  (Henare Degan).
• Fixed a bug in the HealthChecksHelper when applying 'OK' style (Caleb Tutty).
• Keep cookies from txt files in suggested Varnish configuration (Henare Degan).
• Improvements to the Categorisation Game charts (Henare Degan).
• Destroing an InfoRequest now destroys associated Comments and CensorRules
  (Louise Crow).
• There is experimental support for using an STMP server, rather than sendmail,
  for outgoing mail. There is not yet any ability to retry if the SMTP server is
  unavailable (Caleb Tutty, Louise Crow).
• HTML 'widgets' advertising requests can be displayed on other sites in iframes.
  If ENABLE_WIDGETS is set to true in general.yml (the default is false), a link
  to the widget code will appear in the right hand sidebar of a request page.
  (Jody McIntyre, Louise Crow).
• Capistrano now caches themes (Henare Degan).
• Improve correspondence box padding (Luke Bacon).
• Improve empty PublicBody translation rejection (Henare Degan).
• New message attachment icons (Martin Wright).
• Improve localisation (Louise Crow, Petter Reinholdtsen, Gorm Eriksen).
• Update xapian-full-alaveteli for Ruby 2.1 compatibility (Louise Crow).
• Improve header search form (Luke Bacon).
• Fix 'link to this' button on touch devices (Luke Bacon).

Upgrade Notes

• Version 0.22 is the last release to support Ruby 1.8.7.

  We have an evolving upgrade guide on the wiki, and
  we're always available on the alaveteli-dev mailing list.

• Ruby version files are ignored – these are delegated to people's development
  or deployment environments. See https://goo.gl/01MCCi and e5180fa.

• Ensure all overridden Ruby source files have encoding specifier. See
  576b588.

• Memcached namespace is now dependent on Ruby version. No action required.

• Capistrano now caches themes in shared/themes. Run the deploy:setup task
  to create the shared directory before making a new code deploy.

• Example daemon files have been renamed (7af5e9d). You'll need to use the new
  names in any scripts or documentation you've written.

• Regenerate alert tracks and purge varnish daemons to get better stop daemon
  handling.

• Regenerate Varnish config so that cookies from txt files are not ignored.
  See db2db06.

• Regenerate the crontab so that root is no longer used to read mail logs.

• Give the unix application user membership of the adm group so that they can
  read the mail log files usermod -a -G adm "$UNIX_USER"

• Remove summary stats from admin summary page. They're duplicated on
  /admin/summary. No action required.

• The default branch has been changed from rails-3-develop to develop. Use
  of rails-3-develop will stop, and the branch will be removed at some point.

• Add the ttf-bitstream-vera package to provide Vera.ttf to the cron jobs.

• Alaveteli no longer requires the sharutils package.

• Remember to rake db:migrate and git submodule update

• If you handle attachment text in your theme, note that:

  • FoiAttachment#body will always return a binary encoded string
  • FoiAttachment#body_as_text will always return a UTF-8 encoded string
  • FoiAttachment#default_body will return a UTF-8 encoded string for text
    content types, and a binary encoded string for all other types.

Changed Templates

The following templates have been changed. Please update overrides in your theme
to match the new templates.

app/views/admin_general/index.html.erb
app/views/admin_public_body/edit.html.erb
app/views/comment/_comment_form.html.erb
app/views/comment/_single_comment.html.erb
app/views/general/_responsive_topnav.html.erb
app/views/help/unhappy.html.erb
app/views/public_body/show.html.erb
app/views/public_body_change_requests/new.html.erb
app/views/request/_act.html.erb
app/views/request/_followup.html.erb
app/views/request/_incoming_correspondence.html.erb
app/views/request/_outgoing_correspondence.html.erb
app/views/request/_request_listing_via_event.html.erb
app/views/request/_request_search_form.html.erb
app/views/request/_resent_outgoing_correspondence.html.erb
app/views/request/new.html.erb
app/views/request/new_bad_contact.html.erb
app/views/request/show.html.erb
app/views/request_game/play.html.erb
app/views/track/_tracking_links.html.erb
app/views/user/_user_listing_single.html.erb
app/views/user/show.html.erb

Release 0.21

Highlighted Features

• Lots of improvements in the process of making a new
  request (Martin Wright, Gareth Rees, Louise Crow):
  • Removal of confusing AJAX results in /select_authority.
  • Better layout of search/filtering options on the authority pages.
  • Better layout of the authority pages on smaller screens.
  • The dynamic list of possibly related requests for a new request
    is now limited to requests to the same authority and capped at
    three requests
  • 'Create a new account' option now more prominent than 'Sign in' on /sign_in
  • Better options for sharing your request on social media, and other
    actions to take once the request is made.
• Some general security improvements:
  • State changing admin actions are now restricted to PUT or POST methods
    to protect against CSRF attacks, and now use more standard RESTful
    routing (Louise Crow).
  • Global request forgery protection is now used (Gareth Rees).
  • Some standard security headers are added by default (Louise Crow).
  • A TTL is enforced on session cookies (Louise Crow).
• Added a new AUTHORITY_MUST_RESPOND configuration variable. Set this to
  true If authorities must respond by law. Set to false otherwise. It
  defaults to true. At the moment this just tweaks some UI text (Gareth Rees).
• New rake task for cleaning theme translations - rake gettext:clean_theme (Gareth Rees).
• There's a new admin interface for adding public holidays for the site,
  to be used in calculating request due dates. Documentation for using
  this interface is available at
  http://alaveteli.org/docs/installing/next_steps/#add-some-public-holidays (Louise Crow).
• Some interface phrases have been grouped together for easier
  translation (Gareth Rees, Louise Crow).
• Now using the bootstrap js files from the bootstrap-sass gem.
• Confusing 'web analytics' section of admin pages removed (Henare Degan)
• Banned users can no longer update their profile (Gareth Rees).
• The code that removes email addresses and mobile phone numbers from
  the public view of requests an responses has been refactored, and the
  text that's used to replace the email addresses and phone numbers can
  now be translated (Louise Crow).
• Fixed a bug with the CSV import of authorities which have the same
  name in multiple locales (Louise Crow).
• No longer need to restart webserver when compacting Xapian database (Gareth
  Rees).
• config/deploy.yml now accepts a daemon_name parameter so that Capistrano
  can deploy multiple Alaveteli instances on the same host (Gareth Rees).

Release 0.20

Highlighted Features

• Upgrade compass-rails to version 2.0.0 (Louise Crow, Вальо)
• Added a fix to ensure attachments are rendered for emails sent with Apple Mail (Gareth Rees)
• Removed the authority preview from /select_authority. Clicking an authority now goes straight to the authority page (Gareth Rees)
• Allow closure of a change request without sending an email (Louise Crow)
• The sidebar in app/views/public_body/show.html.erb has been extracted to app/views/public_body/_more_info.html.erb to make overriding it in a theme easier (Gareth Rees)
• Allow resetting of the locale pattern on the locale routing filter (Louise Crow)
• Added filtering to the requests displayed on the user profile page (Gareth Rees)
• Add a Health Check page (Gareth Rees)
• Add a user interface for managing Public Body Categories (Liz Conlan, Louise Crow)
• Improve CensorRule validations. Please see Upgrade Notes if you have added or modified a CensorRule in your theme (Gareth Rees)
• Stop the /blog page throwing an exception if a correctly configured blog has no posts (Gareth Rees)
• Fixed a CSS issue with the authority preview container (Louise Crow)
• Sensible default values have been added to some configuration parameters. See upgrade notes for additional instruction (Gareth Rees)
• general.yml-example now contains full documentation and examples (Gareth Rees)
• CSV Import fields (for /admin/body/import_csv) are now configurable. This is useful if your theme adds additional attributes to PublicBody (Steven Day)

Release 0.19

Highlighted Features

• Improved documentation at http://alaveteli.org/docs (Louise Crow, Gareth Rees,
  Dave Whiteland)
• Added mySociety Launchpad PPA to supply updated version of pdftk (Louise Crow)
• Made default maintenance page generic (Gareth Rees)
• Support additional Vagrant operating system images (Gareth Rees)
• Add SysVinit for Phusion Passenger (Gareth Rees)
• Eager loading to speed up body_request_events API action (Louise Crow)
• Ability to update the status of external requests made via the API (Liz
  Conlan)
• Removed more mySociety internal dependencies from install script and example configuration and template files (Gareth Rees)
• Improved example configuration files (Gareth Rees)
• Support Portugese locale (Louise Crow)
• Default to using UTF-8 encoded database for new installs and CI (Gareth Rees)
• Better config file generators in lib/tasks/config_files.rake (Gareth Rees)
• Improved search term highlighting (Gareth Rees)
• Added responsive styling (Louise Crow)
• Documentation tidying and redirection (Louise Crow)
• Allow a message with more than one event to be destroyed (Louise Crow)
• Makes public body stats available if configured (Gareth Rees)
• Cache-busting on request response notification emails (Gareth Rees)
• Better error handling on new requests (Louise Crow)
• Rake task for cleaning up holding pen events (rake cleanup:holding_pen)
  (Louise Crow)
• Added searching of bodies by short_name (Gareth Rees)
• Additional stats on /version.json (Gareth Rees)
• Minor tweaks to the homepage (Gareth Rees)
• Translation housekeeping (Louise Crow)
• Minor style updates to admin request edit page (Gareth Rees)

Release 0.18

Highlighted features

• There is an alternative set of stylesheets and header and footer
  templates for rendering the site in a stripped-down, responsive way
  (so that it will display appropriately on mobile devices as well as
  larger screens). This can be customised in a theme. We'll be adding
  some corresponding stylesheets shortly to alavetelitheme to provide a
  nice basic look and feel that can be customised. Eventually these
  responsive stylesheets will become the default (Louise Crow).
• Improvements in the Vagrant file (update to v2 API, configuration of
  FQDN, VirtualBox memory, development environment, better
  documentation) (Gareth Rees)
• Full date/time of correspondence now displayed on hover (Gareth Rees)
• Admins can now hide annotations in bulk from the admin interface
  (Andrew Black)
• Admins can now mark non-request email addresses as spam-targets if
  they are only receiving spam, so that email sent to these addresses no
  longer shows up in the holding pen, but is silently discarded (Gareth
  Rees)
• The contact form now has an anti-spam honeypot, and prevents double
  submission (Gareth Rees)
• Improvements to some translatable strings so that they're not composed
  on the fly according to English grammar (Louise Crow)
• Fixed bugs in text conversion under Ruby 1.9 (Rowan Crawford),
  handling of messages directing people to other instances of Alaveteli
  (Louise Crow), link-to-this popup location, 404 handling, comments on
  requests that are closed to comments, missing title tags in HTML
  attachments, PDF conversion and public body batch updates (Gareth
  Rees).

Release 0.17

Highlighted features

• There is some initial support for making a request to multiple
  authorities at once.
• There is a new form for users to request that a new authority should
  be added, or to request an update to the contact email used for an
  authority. Site admins are emailed about these requests, and can
  resolve them from the admin interface.
• For attachments where we rely on Google Document Viewer to display the
  HTML version, link to the HTTPS version where the Alaveteli site is
  served over HTTPS to avoid mixed content warnings and non display in
  some browsers (Matthew Somerville).
• The 'view requests' page now has some fragment caching backed by
  memcached to speed up serving commonly used lists of requests - e.g
  all successful requests. Like the caching introduced in release 0.16,
  this is controlled by the CACHE_FRAGMENTS parameter in the config
  file and will be on by default.
• A user's annotations can now be seen on their admin page (Andrew
  Black)
• Better detection of the quoted text of a previous email in the HTML
  parts of responses.
• Fixed bugs in the profile photos (György Peng), calendar translations
  (Mark Longair), the use of external utilities (Ian Chard), the
  internal admin authority locale handling (Mark Longair), badly formed
  attachment handling (Rowan Crawford).

Release 0.16

• Upgrade of the Rails framework to 3.2.16
• Enabling the Rails asset pipeline for managing assets (more about the
  asset pipeline at http://guides.rubyonrails.org/asset_pipeline.html).
• The all authorities csv download now uses less system resources
• Ruby 2.0 is now included in the matrix of versions we run continuous
  integration tests against
• When using capistrano, the RAILS_ENV can now be explicitly set from
  deploy.yml
• The front page and request pages once more use fragment caching backed
  by memcached to speed up serving of slow parts of these pages
• The robots.txt file has been updated to allow crawling of response
  attachment files (in original and HTML versions)
• The themes:install rake task is kinder to developers; it no longer
  removes and reclones themes, destroying local changes, and it keeps
  themes as git repositories.
• Social media elements (the blog, twitter feed) are only included if
  the appropriate config variables (BLOG_FEED and TWITTER_USERNAME) have
  been populated.
• Some fixes to the treatment of hyphenated/underscored locales so that
  public body translations are consistently stored using the underscore
  format of the locale (so 'he_IL', not 'he-IL').
• The popup message elements for temporary notices and for letting users
  know about other sites have been made consistent and now use simpler
  styles.