MirrorMirror
/
funkwhale
mirror of https://dev.funkwhale.audio/funkwhale/funkwhale.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Version bump and changelog for 0.18.1

This commit is contained in:
Eliot Berriot 2019-01-29 14:25:19 +01:00
parent 640ed90b42
commit 4a197e5475
No known key found for this signature in database
GPG Key ID: DD6965E2476E5C27
20 changed files with 116 additions and 95 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

115
CHANGELOG
View File

@ -10,6 +10,121 @@ This changelog is viewable on the web at https://docs.funkwhale.audio/changelog.
.. towncrier .. towncrier
0.18.1 (2019-01-29)
-------------------
Upgrade instructions are available at
https://docs.funkwhale.audio/index.html
Fix Gzip compression to avoid BREACH exploit [security] [manual action required]
--------------------------------------------------------------------------------
In the 0.18 release, we've enabled Gzip compression by default for various
content types, including HTML and JSON. Unfortunately, enabling Gzip compression
on such content types could make BREACH-type exploits possible.
We've removed the risky content-types from our nginx template files, to ensure new
instances are safe, however, if you already have an instance, you need
to double check that your host nginx virtualhost do not include the following
values for the ``gzip_types`` settings::
application/atom+xml
application/json
application/ld+json
application/activity+json
application/manifest+json
application/rss+xml
application/xhtml+xml
application/xml
For convenience, you can also replace the whole setting with the following snippet::
gzip_types
application/javascript
application/vnd.geo+json
application/vnd.ms-fontobject
application/x-font-ttf
application/x-web-app-manifest+json
font/opentype
image/bmp
image/svg+xml
image/x-icon
text/cache-manifest
text/css
text/plain
text/vcard
text/vnd.rim.location.xloc
text/vtt
text/x-component
text/x-cross-domain-policy;
Many thanks to @jibec for the report!
Fix Apache configuration file for 0.18 [manual action required]
----------------------------------------------------------
The way front is served has changed since 0.18. The Apache configuration can't serve 0.18 properly, leading to blank screens.
If you are on an Apache setup, you will have to replace the `<Location "/api">` block with the following::
<Location "/">
# similar to nginx 'client_max_body_size 100M;'
LimitRequestBody 104857600
ProxyPass ${funkwhale-api}/
ProxyPassReverse ${funkwhale-api}/
</Location>
And add some more `ProxyPass` directives so that the `Alias` part of your configuration file looks this way::
ProxyPass "/front" "!"
Alias /front /srv/funkwhale/front/dist
ProxyPass "/media" "!"
Alias /media /srv/funkwhale/data/media
ProxyPass "/staticfiles" "!"
Alias /staticfiles /srv/funkwhale/data/static
In case you are using custom css and theming, you also need to match this block::
ProxyPass "/settings.json" "!"
Alias /settings.json /srv/funkwhale/custom/settings.json
ProxyPass "/custom" "!"
Alias /custom /srv/funkwhale/custom
Enhancements:
- Added name attributes on all inputs to improve UX, especially with password managers (#686)
- Disable makemigrations in production and misleading message when running migrate (#685)
- Display progress during file upload
- Hide pagination when there is only one page of results (#681)
- Include shared/public playlists in Subsonic API responses (#684)
- Use proper locale for date-related/duration strings (#670)
Bugfixes:
- Fix transcoding of in-place imported tracks (#688)
- Fixed celery worker defaulting to development settings instead of production
- Fixed crashing Django admin when loading track detail page (#666)
- Fixed list icon alignement on landing page (#668)
- Fixed overescaping issue in notifications and album page (#676)
- Fixed wrong number of affected elements in bulk action modal (#683)
- Fixed wrong URL in documentation for funkwhale_proxy.conf file when deploying using Docker
- Make Apache configuration file work with 0.18 changes (#667)
- Removed potential BREACH exploit because of Gzip compression (#678)
- Upgraded kombu to fix an incompatibility with redis>=3
Documentation:
- Added user upload documentation at https://docs.funkwhale.audio/users/upload.html
0.18 "Naomi" (2019-01-22) 0.18 "Naomi" (2019-01-22)
------------------------- -------------------------

2
api/funkwhale_api/__init__.py
View File

@ -1,5 +1,5 @@
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
__version__ = "0.18" __version__ = "0.18.1"
__version_info__ = tuple( __version_info__ = tuple(
[ [
int(num) if num.isdigit() else num int(num) if num.isdigit() else num

1
changes/changelog.d/666.bugfix
View File

@ -1 +0,0 @@
Fixed crashing Django admin when loading track detail page (#666)

1
changes/changelog.d/667.bugfix
View File

@ -1 +0,0 @@
Make Apache configuration file work with 0.18 changes (#667)

1
changes/changelog.d/668.bugfix
View File

@ -1 +0,0 @@
Fixed list icon alignement on landing page (#668)

1
changes/changelog.d/670.enhancement
View File

@ -1 +0,0 @@
Use proper locale for date-related/duration strings (#670)

1
changes/changelog.d/676.bugfix
View File

@ -1 +0,0 @@
Fixed overescaping issue in notifications and album page (#676)

1
changes/changelog.d/678.bugfix
View File

@ -1 +0,0 @@
Removed potential BREACH exploit because of Gzip compression (#678)

1
changes/changelog.d/681.enhancement
View File

@ -1 +0,0 @@
Hide pagination when there is only one page of results (#681)

1
changes/changelog.d/683.bugfix
View File

@ -1 +0,0 @@
Fixed wrong number of affected elements in bulk action modal (#683)

1
changes/changelog.d/684.enhancement
View File

@ -1 +0,0 @@
Include shared/public playlists in Subsonic API responses (#684)

1
changes/changelog.d/685.enhancement
View File

@ -1 +0,0 @@
Disable makemigrations in production and misleading message when running migrate (#685)

1
changes/changelog.d/686.enhancement
View File

@ -1 +0,0 @@
Added name attributes on all inputs to improve UX, especially with password managers (#686)

1
changes/changelog.d/688.bugfix
View File

@ -1 +0,0 @@
Fix transcoding of in-place imported tracks (#688)

1
changes/changelog.d/celery.bugfix
View File

@ -1 +0,0 @@
Fixed celery worker defaulting to development settings instead of production

1
changes/changelog.d/docker-proxy.bugfix
View File

@ -1 +0,0 @@
Fixed wrong URL in documentation for funkwhale_proxy.conf file when deploying using Docker

1
changes/changelog.d/kombu.bugfix
View File

@ -1 +0,0 @@
Upgraded kombu to fix an incompatibility with redis>=3

1
changes/changelog.d/progress.enhancement
View File

@ -1 +0,0 @@
Display progress during file upload

1
changes/changelog.d/upload.doc
View File

@ -1 +0,0 @@
Added user upload documentation

77
changes/notes.rst
View File

@ -5,80 +5,3 @@ Next release notes
Those release notes refer to the current development branch and are reset Those release notes refer to the current development branch and are reset
after each release. after each release.
Fix Gzip compression to avoid BREACH exploit [security] [manual action required]
--------------------------------------------------------------------------------
In the 0.18 release, we've enabled Gzip compression by default for various
content types, including HTML and JSON. Unfortunately, enabling Gzip compression
on such content types could make BREACH-type exploits possible.
We've removed the risky content-types from our nginx template files, to ensure new
instances are safe, however, if you already have an instance, you need
to double check that your host nginx virtualhost do not include the following
values for the ``gzip_types`` settings::
application/atom+xml
application/json
application/ld+json
application/activity+json
application/manifest+json
application/rss+xml
application/xhtml+xml
application/xml
For convenience, you can also replace the whole setting with the following snippet::
gzip_types
application/javascript
application/vnd.geo+json
application/vnd.ms-fontobject
application/x-font-ttf
application/x-web-app-manifest+json
font/opentype
image/bmp
image/svg+xml
image/x-icon
text/cache-manifest
text/css
text/plain
text/vcard
text/vnd.rim.location.xloc
text/vtt
text/x-component
text/x-cross-domain-policy;
Fix Apache configuration file for 0.18 [manual action required]
----------------------------------------------------------
The way front is served has changed since 0.18. The Apache configuration can't serve 0.18 properly, leading to blank screens.
If you are on an Apache setup, you will have to replace the `<Location "/api">` block with the following::
<Location "/">
# similar to nginx 'client_max_body_size 100M;'
LimitRequestBody 104857600
ProxyPass ${funkwhale-api}/
ProxyPassReverse ${funkwhale-api}/
</Location>
And add some more `ProxyPass` directives so that the `Alias` part of your configuration file looks this way::
ProxyPass "/front" "!"
Alias /front /srv/funkwhale/front/dist
ProxyPass "/media" "!"
Alias /media /srv/funkwhale/data/media
ProxyPass "/staticfiles" "!"
Alias /staticfiles /srv/funkwhale/data/static
In case you are using custom css and theming, you also need to match this block::
ProxyPass "/settings.json" "!"
Alias /settings.json /srv/funkwhale/custom/settings.json
ProxyPass "/custom" "!"
Alias /custom /srv/funkwhale/custom