Merge branch 'release/0.18.1'

56eca7b4 · Eliot Berriot · 640ed90b · 4a197e54 · 56eca7b4 · 56eca7b4
Verified Commit 56eca7b4 authored 6 years ago by Eliot Berriot
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -10,6 +10,121 @@ This changelog is viewable on the web at https://docs.funkwhale.audio/changelog.

 .. towncrier

+0.18.1 (2019-01-29)
+-------------------
+
+Upgrade instructions are available at
+https://docs.funkwhale.audio/index.html
+
+
+Fix Gzip compression to avoid BREACH exploit [security] [manual action required]
+--------------------------------------------------------------------------------
+
+In the 0.18 release, we've enabled Gzip compression by default for various
+content types, including HTML and JSON. Unfortunately, enabling Gzip compression
+on such content types could make BREACH-type exploits possible.
+
+We've removed the risky content-types from our nginx template files, to ensure new
+instances are safe, however, if you already have an instance, you need
+to double check that your host nginx virtualhost do not include the following
+values for the ``gzip_types`` settings::
+
+   application/atom+xml
+   application/json
+   application/ld+json
+   application/activity+json
+   application/manifest+json
+   application/rss+xml
+   application/xhtml+xml
+   application/xml
+
+For convenience, you can also replace the whole setting with the following snippet::
+
+   gzip_types
+      application/javascript
+      application/vnd.geo+json
+      application/vnd.ms-fontobject
+      application/x-font-ttf
+      application/x-web-app-manifest+json
+      font/opentype
+      image/bmp
+      image/svg+xml
+      image/x-icon
+      text/cache-manifest
+      text/css
+      text/plain
+      text/vcard
+      text/vnd.rim.location.xloc
+      text/vtt
+      text/x-component
+      text/x-cross-domain-policy;
+
+Many thanks to @jibec for the report!
+
+Fix Apache configuration file for 0.18 [manual action required]
+----------------------------------------------------------
+
+The way front is served has changed since 0.18. The Apache configuration can't serve 0.18 properly, leading to blank screens.
+
+If you are on an Apache setup, you will have to replace the `<Location "/api">` block with the following::
+
+   <Location "/">
+      # similar to nginx 'client_max_body_size 100M;'
+      LimitRequestBody 104857600
+
+      ProxyPass ${funkwhale-api}/
+      ProxyPassReverse ${funkwhale-api}/
+   </Location>
+
+And add some more `ProxyPass` directives so that the `Alias` part of your configuration file looks this way::
+
+   ProxyPass "/front" "!"
+   Alias /front /srv/funkwhale/front/dist
+
+   ProxyPass "/media" "!"
+   Alias /media /srv/funkwhale/data/media
+
+   ProxyPass "/staticfiles" "!"
+   Alias /staticfiles /srv/funkwhale/data/static
+
+In case you are using custom css and theming, you also need to match this block::
+
+   ProxyPass "/settings.json" "!"
+   Alias /settings.json /srv/funkwhale/custom/settings.json
+
+   ProxyPass "/custom" "!"
+   Alias /custom /srv/funkwhale/custom
+
+
+Enhancements:
+
+- Added name attributes on all inputs to improve UX, especially with password managers (#686)
+- Disable makemigrations in production and misleading message when running migrate (#685)
+- Display progress during file upload
+- Hide pagination when there is only one page of results (#681)
+- Include shared/public playlists in Subsonic API responses (#684)
+- Use proper locale for date-related/duration strings (#670)
+
+
+Bugfixes:
+
+- Fix transcoding of in-place imported tracks (#688)
+- Fixed celery worker defaulting to development settings instead of production
+- Fixed crashing Django admin when loading track detail page (#666)
+- Fixed list icon alignement on landing page (#668)
+- Fixed overescaping issue in notifications and album page (#676)
+- Fixed wrong number of affected elements in bulk action modal (#683)
+- Fixed wrong URL in documentation for funkwhale_proxy.conf file when deploying using Docker
+- Make Apache configuration file work with 0.18 changes (#667)
+- Removed potential BREACH exploit because of Gzip compression (#678)
+- Upgraded kombu to fix an incompatibility with redis>=3
+
+
+Documentation:
+
+- Added user upload documentation at https://docs.funkwhale.audio/users/upload.html
+
+
 0.18 "Naomi" (2019-01-22)
 -------------------------


--- a/api/funkwhale_api/__init__.py
+++ b/api/funkwhale_api/__init__.py
 # -*- coding: utf-8 -*-
-__version__ = "0.18"
+__version__ = "0.18.1"
 __version_info__ = tuple(
    [
        int(num) if num.isdigit() else num

--- a/changes/changelog.d/666.bugfix
+++ b/changes/changelog.d/666.bugfix
-Fixed crashing Django admin when loading track detail page (#666)
--- a/changes/changelog.d/667.bugfix
+++ b/changes/changelog.d/667.bugfix
-Make Apache configuration file work with 0.18 changes (#667)
--- a/changes/changelog.d/668.bugfix
+++ b/changes/changelog.d/668.bugfix
-Fixed list icon alignement on landing page (#668)
--- a/changes/changelog.d/670.enhancement
+++ b/changes/changelog.d/670.enhancement
-Use proper locale for date-related/duration strings (#670)
--- a/changes/changelog.d/676.bugfix
+++ b/changes/changelog.d/676.bugfix
-Fixed overescaping issue in notifications and album page (#676)
--- a/changes/changelog.d/678.bugfix
+++ b/changes/changelog.d/678.bugfix
-Removed potential BREACH exploit because of Gzip compression (#678)
--- a/changes/changelog.d/681.enhancement
+++ b/changes/changelog.d/681.enhancement
-Hide pagination when there is only one page of results (#681)
\ No newline at end of file
--- a/changes/changelog.d/683.bugfix
+++ b/changes/changelog.d/683.bugfix
-Fixed wrong number of affected elements in bulk action modal (#683)
--- a/changes/changelog.d/684.enhancement
+++ b/changes/changelog.d/684.enhancement
-Include shared/public playlists in Subsonic API responses (#684)
--- a/changes/changelog.d/685.enhancement
+++ b/changes/changelog.d/685.enhancement
-Disable makemigrations in production and misleading message when running migrate (#685)
--- a/changes/changelog.d/686.enhancement
+++ b/changes/changelog.d/686.enhancement
-Added name attributes on all inputs to improve UX, especially with password managers (#686)
--- a/changes/changelog.d/688.bugfix
+++ b/changes/changelog.d/688.bugfix
-Fix transcoding of in-place imported tracks (#688)
--- a/changes/changelog.d/celery.bugfix
+++ b/changes/changelog.d/celery.bugfix
-Fixed celery worker defaulting to development settings instead of production
--- a/changes/changelog.d/docker-proxy.bugfix
+++ b/changes/changelog.d/docker-proxy.bugfix
-Fixed wrong URL in documentation for funkwhale_proxy.conf file when deploying using Docker
--- a/changes/changelog.d/kombu.bugfix
+++ b/changes/changelog.d/kombu.bugfix
-Upgraded kombu to fix an incompatibility with redis>=3
--- a/changes/changelog.d/progress.enhancement
+++ b/changes/changelog.d/progress.enhancement
-Display progress during file upload
--- a/changes/changelog.d/upload.doc
+++ b/changes/changelog.d/upload.doc
-Added user upload documentation
--- a/changes/notes.rst
+++ b/changes/notes.rst
@@ -5,80 +5,3 @@ Next release notes

    Those release notes refer to the current development branch and are reset
    after each release.
-
-Fix Gzip compression to avoid BREACH exploit [security] [manual action required]
--------------------------------------------------------------------------------
-
-In the 0.18 release, we've enabled Gzip compression by default for various
-content types, including HTML and JSON. Unfortunately, enabling Gzip compression
-on such content types could make BREACH-type exploits possible.
-
-We've removed the risky content-types from our nginx template files, to ensure new
-instances are safe, however, if you already have an instance, you need
-to double check that your host nginx virtualhost do not include the following
-values for the ``gzip_types`` settings::
-
-   application/atom+xml
-   application/json
-   application/ld+json
-   application/activity+json
-   application/manifest+json
-   application/rss+xml
-   application/xhtml+xml
-   application/xml
-
-For convenience, you can also replace the whole setting with the following snippet::
-
-   gzip_types
-      application/javascript
-      application/vnd.geo+json
-      application/vnd.ms-fontobject
-      application/x-font-ttf
-      application/x-web-app-manifest+json
-      font/opentype
-      image/bmp
-      image/svg+xml
-      image/x-icon
-      text/cache-manifest
-      text/css
-      text/plain
-      text/vcard
-      text/vnd.rim.location.xloc
-      text/vtt
-      text/x-component
-      text/x-cross-domain-policy;
-
-
-Fix Apache configuration file for 0.18 [manual action required]
----------------------------------------------------------
-
-The way front is served has changed since 0.18. The Apache configuration can't serve 0.18 properly, leading to blank screens.
-
-If you are on an Apache setup, you will have to replace the `<Location "/api">` block with the following::
-
-   <Location "/">
-      # similar to nginx 'client_max_body_size 100M;'
-      LimitRequestBody 104857600
-
-      ProxyPass ${funkwhale-api}/
-      ProxyPassReverse ${funkwhale-api}/
-   </Location>
-
-And add some more `ProxyPass` directives so that the `Alias` part of your configuration file looks this way::
-
-   ProxyPass "/front" "!"
-   Alias /front /srv/funkwhale/front/dist
-
-   ProxyPass "/media" "!"
-   Alias /media /srv/funkwhale/data/media
-
-   ProxyPass "/staticfiles" "!"
-   Alias /staticfiles /srv/funkwhale/data/static
-
-In case you are using custom css and theming, you also need to match this block::
-
-   ProxyPass "/settings.json" "!"
-   Alias /settings.json /srv/funkwhale/custom/settings.json
-
-   ProxyPass "/custom" "!"
-   Alias /custom /srv/funkwhale/custom