Kallithea 0.4.1 released

This release is a stable bugfix release, including fixes for security issues.

Most important changes since release 0.4.0 (see the source repository for a full changelog):

  • changeset: fix XSS vulnerability in parent-child navigation
  • docs: outline the challenges of specifying a locale for services (Issue #340)
  • files: avoid duplicated "Select changeset" select2 controls on file source pages (Issue #343)
  • files: fix navigation on source pages (Issue #343)
  • files: restore 'Show Authors' functionality
  • hooks: make the Python interpreter for Git hooks configurable as 'git_hook_interpreter' (Issue #333)
  • ini: fix typo i18n.enable -> i18n.enabled (Issue #339)
  • search: fix XSS vulnerability in search results. See details. This security issue was reported by Bob Hogg, many thanks!
  • setup: restrict TurboGears2 version to 2.3.x
  • style: fix mis-aligned changeset numbers in annotation view

Upgrading from 0.4.x

Please refer to the documentation for upgrade instructions.

As mentioned in these instructions, please create a new configuration file and update the Git hooks after upgrading. This is particularly relevant in relation to the changes that were made to solve Issue #333.

Upgrading from 0.3.x

Please refer to the upgrading section in the release announcement for 0.4.0 when upgrading from release 0.3.x.


We would like to thank everyone that contributed to the Kallithea repository since release 0.4.0 (the numbers are the amount of commits)...

22 Thomas De Schampheleire
 5 Mads Kiilerich
 1 Allan Nordhøy
 1 ssantos
 1 Wolfgang Scherer
 1 Étienne Gilli

... as well as everyone contributing in other ways, e.g. by reporting issues, discussing via mail or IRC, etc.

A special thanks to Bob Hogg for finding and reporting another security issue.