v2.1 Series (“Eolienne”)
v2.1.6
Bug Fixes
Queries to the REST API with filters are now significantly faster: slow database queries were reworked.
An sql error was fixed in lib/sql/grant-all.postgres.sql.
v2.1.4
Bug Fixes
CVE-2019-13122 has been fixed. Andrew Donnellan discovered an XSS via the message-id field. A malicious user could send a patch with a message ID that included a script tag. Because of the quirks of the email RFCs, such a message ID can survive being sent through many mail systems, including Gmail, and be parsed and stored by Patchwork. When a user viewed a patch detail page for the patch with this message id, the script would be run. This is fixed by properly escaping the field before it is rendered.
The
pwclientrc
samples generated by Patchwork were previously not valid INI files. This issue is resolved. (#277)
v2.1.3
Bug Fixes
#197 was the result of a issue with OzLabs instance and not Patchwork itself, and the fix included actually ended up corrupting subjects for everyone. It has now been reverted.
In the past, Patchwork used to support filtering patches that weren’t delegated to anyone. This feature was removed in v1.1.0, as part of a patch designed to support delegation to anyone. However, that feature didn’t scale and was later removed. The ability to delegate to anyone is now itself re-introduced.
v2.1.2
Upgrade Notes
django-filter 1.1 is now supported.
Django REST Framework 3.7 is now supported.
Django REST Framework 3.8 is now supported.
Django REST Framework 3.9 is now supported.
Bug Fixes
Assigning maintained projects when creating a new user in the admin page was causing an error. This is now resolved.
Long headers can be wrapped using CRLF followed by WSP (whitespace). This whitespace was not being stripped, resulting in errant whitespace being saved for the patch subject. This is resolved though existing patches and cover letters will need to be updated manually.
API resources with embedded series were not showing the
web_url
value for these series. This is now shown.
Showing comments for a non-existant patch or cover letter was returning an empty response instead of a HTTP 404. This issue is resolved for both resources.
Showing checks for a non-existant patch was returning an empty response instead of a HTTP 404. Similarly, attempting to create a new check against this patch would result in a HTTP 5xx error instead of a HTTP 404. Both issues are now resolved.
Fields added in API v1.1 are now consistently excluded when requesting API v1.0, as was intended.
v2.1.1
Bug Fixes
An issue that resulted in checks for all patches being listed for each patch is resolved. (#203)
An issue that prevented updating of delegates using the REST API is resolved. (#216)
A project’s
list_email
,list_id
andlink_name
fields can no longer be updated via the REST API. This is a superuser-only operation that, for now, should only be done via the admin interface. (#217)
It’s now possible to assign patches to existing bundles from a user’s TODO page. (#213)
The delegate and submitter fields will remain populated when moving between different pages or changing filters. (#78)
v2.1.0
Prelude
The key part of this release is a major performance fix - denormalising the project field into patch model so that counting a project’s patches doesn’t require a JOIN. This requires a migration and so isn’t suitable for a stable backport. Event listing in the API has also been sped up by refactoring the queries.
This release also includes the feature development that had accrued in the mean time and numerous bug fixes.
The REST API version has been bumped to 1.1.
New Features
Django 1.11 is now supported.
Allow list filtering into multiple projects (and email dropping) based on subject prefixes. Enable by specifying a regular expression which needs to be matched in the subject on a per-project basis (field
subject_match
). Project with emptysubject_match
field (and matchinglist_id
) serves as a default in case of no match.
The
pwclient get
command will now download patches with a.patch
extension.
Python 3.6 is now supported.
Known Issues
Series parsing in the presence of parallel mail processing is still unreliable.
Several more minor issues can be browsed on our issue tracker.
Upgrade Notes
Django 1.6 and 1.7 are no longer supported. These are no longer supported upstream and most distributions provide a newer version.
django-filter 0.11 is no longer supported. This was only used with Django 1.6 and 1.7 and is not compatible with any version supported by Patchwork.
Bug Fixes
If a patch was processed by Patchwork before series support was added, it will not have a series associated with it. As a result, it is not possible to extract the dependencies for that patch from the series. This was not previously handled correctly. A 404 is now raised if this occurs.
A nasty race condition bug that could cause patches in a series to be dropped has been fixed.
The
parsemail.sh
andparsemail-batch.sh
scripts, found inpatchwork/bin
, will now default to usingpython
rather thanpython2
for callingmanage.py
. This resolves an issue when Patchwork is deployed with a virtualenv.
API Changes
Links to related comments are now exposed when checking patch and cover letter details. The comments themselves are then available via
/patches/{patchID}/comments
and/covers/{coverID}/comments
endpoints. Please note that comments are available only since API version 1.1
Cover letters embedded in other responses now provide an mbox link, which can be used to download the cover letter and associated metadata (tags) in mbox format.
Series, patches and cover letters can be filtered by submitter using email addresses. For example:
$ curl /covers/?submitter=stephen@that.guru
Bundles can be filtered by owner, patches by delegate and checks by user using username. For example:
$ curl /bundles/?owner=stephenfin
Filters can now be specified multiple times. For example:
$ curl /patches/?state=under-review&state=rfc
This operates as a logical OR: it will retrieve patches that are either Under Review or RFC.
The
/project
endpoint now exposes asubject_match
attribute.
Messages headers that use the same key, such as
Received:
are now combined into a list. Previously only one of the values would be output. This affects the/covers
and/patches
endpoints.
Other Notes
The patch ID on the patch detail page can now be clicked to copy it. This is similar to what we already do on the patch list page.
mbox files now contain all headers from the original email. This also means the
Subject:
header included will contain the original subject and not the parsed Patchwork’s version.
Unify timezones used – use UTC for both email submissions and internal events. Please note that this change doesn’t modify already existing data so in case the instance’s timezone is UTC+XX, events will appear out of order (as if they happened earlier) for XX hours in the events API feed.