Release 0.25.0.0

Highlighted Features

• Compress all images to improve PageSpeed (Martin Wright)
• Prevent spam users using the "about me" page to propagate spam (Gareth Rees)
• Format incoming message HTML with <p> and <br> tags (Liz Conlan)
• Add an interface to calculate transaction stats per user (Gareth Rees)
• Fixed bug in OutgoingMessage.template_changed which allowed a new request to
  be submitted without changes to the default text if:
  • the site (theme) overrode the core default text via default_letter
  • the authority name contained any characters which were encoded as
    HTMLEntities
  • a global censor rule changed the template text
    Only the first case is known to affect a live site (Liz Conlan)
• There is now the ability to flag a request to have incoming mail rejected at
  SMTP time - requires special configuration at the MTA level. For more information on
  usage, see the documentation on spam handling (Louise Crow)
• The raw email associated with an incoming message can now be downloaded from
  the admin page for that message without having to view the raw email first
  (Louise Crow)
• Improve sharing options on request sidebar (Gareth Rees, Martin Wright)
• Added a library to give a spam score to a user (Gareth Rees)
• Add ARIA landmark roles to improve accessibility (Martin Wright)
• Add an endpoint to view outgoing message mail server logs and display them
  in the request thread (Gareth Rees)
• Prevent the search and list routes from processing non-HTML requests
  (Liz Conlan)
• Add accepted formats to commonly probed routes (Gareth Rees)
• Added a helper and new lib file to standardise click tracking with Google
  Analytics events (Liz Conlan)
• Migrated from using the legacy ga.js Google Analytics code to the current
  "universal" analytics.js version (Liz Conlan)
• Bug fixes for the graph generation scripts (Liz Conlan)
• Improved DMARC handling (Louise Crow)
• Added a workaround for a compatibility issue with Xapian character encoding
  (Louise Crow)
• Minor accessibility improvements (Martin Wright)
• Add a task to output a CSV of the requests made to the top 20 authorities
  (Nick Jackson)
• Allow local code coverage to be generated by setting COVERAGE=local in the
  environment when running rspec (Liz Conlan)
• Refactored OutgoingMailer to get "To:", "From:" and "Subject:" from the
  OutgoingMessage instance (Gareth Rees)
• Show the delivery status of outgoing messages (Gareth Rees, Zarino Zappia)
• Added a rake task, themes:check_help_sections to identify missing help
  templates and sections in themes that are referred to in Alaveteli. Removed
  example help templates from core to alavetelitheme. (Louise Crow)
• Added a new config option ENABLE_ANNOTATIONS to allow turning off the
  annotations feature (comments on requests) (Steve Day, Gareth Rees)
• Added some early-stage scripts (script/current-theme,
  script/diff-theme-override) to help with upgrading theme overrides. Both
  have a -h option with usage information (Gareth Rees)
• Make it clearer that user's names will be displayed in public (Gareth Rees)
• The holding pen is now hidden by default in the front end interface (Louise Crow)

Upgrade Notes

• UserController#set_profile_about_me has been deprecated. If you have
  overridden it in your theme, you will need to port your customisations to
  UserProfile::AboutMeController. You should also update
  set_profile_about_me routes to edit_profile_about_me (for GET requests)
  and profile_about_me (for PUT requests).
• AboutMeValidator has been deprecated. The behaviour is now directly included
  in User.
• Run bundle exec rake themes:check_help_sections to check that your theme
  contains all the necessary help files. The example files have now been moved
  from Alaveteli to the example theme alavetelitheme.
• The upgrade of Google Analytics affects any custom GA scripts embedded in
  template pages. You will need to go through your theme customisations to see
  whether or not you are affected. Changes include:
  • There is no longer a pageTracker object on the page, you must make your
    calls against ga instead
  • Core function calls like _getTracker and _trackEvent have been
    replaced by newer equivalents
  • The main method of tracking page views has changed from
    pageTracker._trackPageView() to ga('send', 'pageview')
  • The main method of sending tracking events has changed from
    pageTracker._trackEvent(category, action) to
    ga('send', 'event', category, action)
    Full information on how to check and adjust for these changes is available
    in Google's migration guide
• There are some database structure updates so remember to rake db:migrate
• This release includes an update to the commonlib submodule - you
  should be warned about this when running rails-post-deploy.

Release 0.24.1.0

Highlighted Features

• Removed many cases of dynamic string composition, making Alaveteli easier to
  localise (Liz Conlan, Louise Crow).

Upgrade Notes

• Please update any overridden templates in the list below so that the phrases in
  them will be translated correctly.

Release 0.24.0.0

Highlighted Features

• Stopped enforcing line lengths in plain text emails for a better experience
  when using small screen clients such as mobile phones (Liz Conlan)
• Added Google Analytics tracking code to log an event when a widget button
  is clicked (Liz Conlan)
• Fix crash when neither Geoip nor Gaze are configured (Alfonso Cora)
• Added a system of checkboxes to allow admins to delete multiple incoming
  messages (ie spam) that are associated with a request (Liz Conlan)
• Added a new cron job to run the holding pen cleanup task once a week.
  (Liz Conlan)
• Improved the holiday reminder email that gets sent to site admins once a year
  (Liz Conlan)
• Extracted ResponseController#show_response in to several actions in a new
  FollowupsController (Liz Conlan, Gareth Rees)
• Added links to AskTheEU from Alaveteli sites
  installed in an EU country (Gareth Rees)
• Stopped generating code coverage reports locally. You can still view code
  coverage reports on https://coveralls.io/github/mysociety/alaveteli
  (Gareth Rees)
• Added OutgoingMessage::Template module and extracted templates to classes
  in this module (Gareth Rees)
• Added some experimental methods for sending requests to an external reviewer
  (Gareth Rees)
• Added some experimental methods for retrieving exim mail server logs for a
  specific OutgoingMessage (Gareth Rees)
• Improved the organisation of the items in the admin nav bar (Gareth Rees)
• Global and Public Body censor rules can now be managed through the admin UI
  (Gareth Rees)
• Added non-destructive methods to apply censor rules and text masks (Gareth
  Rees).
• Improve handling of long translations in logged in nav (Zarino Zappia)
• Better support for setting up a thin cluster (Liz Conlan)
• Added onscreen instructions to the Vagrant box (Liz Conlan)
• The UK-specific SPECIAL_REPLY_VERY_LATE_AFTER_DAYS has been removed. See
  mysociety/whatdotheyknow-theme#287 for how we've
  re-implemented this in WhatDoTheyKnow.
• Stop outgoing messages being displayed with forced line breaks (Liz Conlan).
• Reduce risk of duplicate request urls (Liz Conlan).
• Better image for pages when shared on Facebook (Zarino Zappia)
• Official support added for ruby 2.1.5 and 2.3.0 (Louise Crow)
• Ported the graph generation shell scripts to Ruby (Liz Conlan)
• Official support added for Debian Jessie (Liz Conlan)
• Improved some translation strings and added some missing wrappers (Gareth
  Rees)
• Deprecated some UK-specific code (Gareth Rees)
• Improve speed of the 'old unclassified' requests query by adding a cached
  field to InfoRequest to keep track of when the last public response was
  made (Liz Conlan).
• Improved error messages in script/switch-theme.rb (Zarino Zappia)

Upgrade Notes

• The following methods have been replaced:

  • CensorRule#apply_to_text!: CensorRule#apply_to_text
  • CensorRule#apply_to_binary!: CensorRule#apply_to_binary
  • IncomingMessage#apply_masks!: IncomingMessage#apply_masks
  • InfoRequest#apply_censor_rules_to_text!: InfoRequest#apply_censor_rules_to_text
  • InfoRequest#apply_censor_rules_to_binary!: InfoRequest#apply_censor_rules_to_binary
  • AlaveteliTextMasker#apply_masks!: AlaveteliTextMasker#apply_masks
  • AlaveteliTextMasker#apply_pdf_masks!: AlaveteliTextMasker#apply_pdf_masks
  • AlaveteliTextMasker#apply_binary_masks!: AlaveteliTextMasker#apply_binary_masks
  • AlaveteliTextMasker#apply_text_masks!: AlaveteliTextMasker#apply_text_masks

  Note that you will need to assign the return value from the new methods, e.g:

- censor_rule.apply_to_text!(text)
+ censored_text = censor_rule.apply_to_text(text)

• To switch to running multiple thin servers with nginx:
  • stop the running processes using service alaveteli stop
  • regenerate your SysVinit daemon file using the instructions at:
    http://alaveteli.org/docs/installing/manual_install/#thin (but don't restart the site yet!)
  • Edit the upstream alaveteli directive in your /etc/nginx/sites-available/alaveteli_https
    (or /etc/nginx/sites-available/alaveteli if you are not running your site over SSL) file
    as per http://alaveteli.org/docs/installing/manual_install/#running-over-ssl so that nginx knows how to use
    the extra server processes
  • restart your site with service alaveteli start
• There's been a minor change to config/sysvinit-passenger.example. You should
  regenerate this file: http://alaveteli.org/docs/installing/manual_install/#passenger
• Add a 256x256 image named logo-opengraph.png to
  YOUR_THEME_ROOT/assets/images, to be shown next to pages from your site when
  shared on Facebook.
• The crontab needs to be regenerated to include the new modifications:
  http://alaveteli.org/docs/installing/manual_install/#generate-crontab
• 5af81d9 includes a migration that runs over all info requests in the
  database. This might take some time, so you should ideally schedule this
  outside of busy periods.

Release 0.23.2.0

Highlighted Features

• Improve speed of the 'old unclassified' requests query by adding a cached
  field to InfoRequest to keep track of when the last public response was made (Liz Conlan).

Upgrade Notes

• There are a couple of database structure updates so remember to rake db:migrate

Release 0.23.1.0

Highlighted Features

• Remove blocks of spaces in translation strings (Louise Crow).

Upgrade Notes

• There should be no action necessary.

Release 0.23

Highlighted Features

• Various major design and markup improvements to the layout, home page and
  request page (Martin Wright).
• Adds basic opt-in two factor authentication. Enable it globally with
  ENABLE_TWO_FACTOR_AUTH (Gareth Rees).
• Fixes a bug which caused request titles to be HTML escaped twice
  when setting up a new request track while not logged in (Liz Conlan).
• Extracted UserController#signchangepassword to PasswordChangesController
  (Gareth Rees).
• Added configuration for RESTRICT_NEW_RESPONSES_ON_OLD_REQUESTS_AFTER_MONTHS.
  (Gareth Rees).
• Performance improvements when finding sibling info request events (Gareth
  Rees).
• Increased the maximum length of a track query and added a warning if
  this new limit is exceeded (Liz Conlan).
• Refactor of InfoRequest (Liz Conlan).
• Improved placeholder logo (Zarino Zappia).
• Improve mobile layout on authority list page (Martin Wright).
• Improve handling of associated records when destroying parents (Liz Conlan).
• Major refactoring of InfoRequest#receive (Gareth Rees).
• Santitze invalid UTF-8 in mail server logs while processing them (Steven Day,
  Gareth Rees).
• Fixes for several edge case bugs (Liz Conlan).
• Add more classes to markup to make style customisation easier (Martin Wright).
• Adds reCAPTCHA to the public authority change request form if there is no
  logged in user (Gareth Rees).
• Rename #follow_box to #track-request to prevent add blockers hiding the
  button allowing users to follow a request (Martin Wright).
• Improved handling of invalid UTF-8 attachment text (Louise Crow).
• Add domain to exception notification subject line (Gareth Rees).
• Fixes incorrectly updating url_name when a banned user record is updated
  (Gareth Rees).
• Definition lists are now easier to read and follow, greatly improves help
  pages (Martin Wright).
• The sorting on PublicBodyController#list now uses COLLATE to sort in the
  correct order for a locale if a collation is available for the language. See
  http://alaveteli.org/docs/developers/i18n/#internationalised-sorting for
  adding collations. This requires PostgreSQL >= 9.1.12. (Gareth Rees)
• The new widget template can now be translated (Gareth Rees).
• Improved locale switcher markup and code (Martin Wright, Gareth Rees).
• OpenGraph markup added to improve the appearance of Alaveteli links on social
  media (Owen Blacker).
• Request graph cron job no longer errors if there are no requests in a
  particular state (Petter Reinholdtsen).
• Refactoring of user controller for shorter methods and clearer syntax (Caleb
  Tutty)
• New rake task stats:list_hidden for printing a list of requests with hidden
  material (Louise Crow).
• Rspec is upgraded to version 3, and specs have been upgraded to modern
  syntax (Louise Crow).
• Standard filters and parameter whitelisting added to admin controllers
  (James McKinney, Louise Crow)
• Alaveteli now uses a local GeoIP database by default to find the country for
  HTTP requests (and tell users if there is an Alaveteli in their country),
  rather than the mySociety Gaze service. This should improve performance and
  reliability (Ian Chard).
• The 'Return-Path' header for mails from users is now set to an email address on
  the Alaveteli domain so that SPF checks should pass (Louise Crow).
• Debian Squeeze is no longer supported as an OS to run Alaveteli on. It is
  end-of-life in Feb 2016 and only packages Ruby 1.8.

Upgrade Notes

• Version 0.23 does not support Ruby 1.8.7.

• If you are running Alaveteli on Debian Squeeze, you should upgrade your OS to
  Debian Wheezy before upgrading to this release. This
  Debian upgrade guide
  can guide you through the process. If you have
  questions about upgrading OS, please don't hesitate to ask on the
  alaveteli-dev group.
  If you're not ready to upgrade to Wheezy, you can still upgrade Alaveteli if
  you install Ruby 1.9 or 2.0 yourself, but be aware that we will no longer be
  testing package installation on Squeeze and that OS security updates will no
  longer be produced by Debian after Feb 2016.

• The install script site-specific-install.sh sets the default ruby to 1.9. You
  can do this manually with the same commands http://git.io/vlDpb

• If you are running Debian Wheezy, install poppler-utils from wheezy-backports:
  http://git.io/vlD1k

• This release adds geoip-database to the list of required packages. You can
  install it with sudo apt-get install geoip-database. If you don't want to
  or can't use a local GeoIP database, set GEOIP_DATABASE' to an empty string in config/general.yml`.

• Make sure that your 'blackhole email address' is configured to be
  discarded by your MTA - see our postfix
  and exim
  setup documentation.

• This release introduces a new default homepage - if you want to keep your existing
  homepage layout, copy the old homepage templates to your theme before upgrading and
  check that you have translations for them in your theme-locale directory.

• UserController#signchangepassword has been deprecated and password changing
  moved to a separate controller, PasswordChangesController. If you still need
  the old action, add the following route to your theme's
  lib/config/custom_routes.rb:

  match '/profile/change_password' => 'user#signchangepassword',
  :as => :signchangepassword

  If you do this, you'll also need to change any url helpers from new_password_change_path
  to signchangepassword_path.

• This release takes the first steps to deprecate the link_button_green class, which
  will be removed in a future release. We've added contextually relevant
  classes to these elements. Please update your themes to ensure you're
  no longer using link_button_green for styling.

• The InfoRequest methods law_used_short, law_used_act and law_used_with_a
  have been deprecated and will be removed in a future release. The new method
  law_used_human has been supplied instead which takes a key to access the
  equivalent information of the original methods, e.g. law_used_human(:full),
  law_used_human(:short) etc. As the law_used_with_a functionality does not
  appear to be in use, if you do still need this functionality in future you
  may need to override the LAW_USED_READABLE_DATA hash to ensure it has a
  :with_a key value pair for each law you are supporting before calling
  law_used_human(:with_a).

• Please upgrade the syntax in any theme specs you have to be compatible with
  rspec 3. Useful resources:

  • https://relishapp.com/rspec/docs/upgrade
  • http://yujinakayama.me/transpec/

• There are a couple of database structure updates so remember to rake db:migrate

• This release includes an update to the commonlib submodule - you
  should be warned about this when running rails-post-deploy.

Release 0.22.4.0

Highlighted Features

• Set the return-path for the contact form mail (Louise Crow).

Upgrade Notes

• There should be no action necessary.

Release 0.22.3.0

Highlighted Features

• Added additional transaction stats to /version.json endpoint (Gareth Rees).
• Added additional transaction stats to stats:show rake task (Gareth Rees).

Upgrade Notes

• There should be no action necessary.

Release 0.22.2.0

Highlighted Features

• Adds filtering of incoming mail based on a spam score from SpamAssassin.
  Requests over a threshold can be discarded or sent to the holding pen.
  See http://alaveteli.org/docs/customising/config#incoming_email_spam_action
  for configuration instructions (Gareth Rees).

Upgrade Notes

• There should be no action necessary.

Release 0.22.1.0

Highlighted Features

• The source code now uses two-space indentation (Gareth Rees).
• A FACEBOOK_USERNAME configuration option is now available (Gareth Rees).
• The json API for public bodies
  now includes statistics on the number of requests, number of visible successful classified requests,
  and number of successful, overdue, not held requests (Ross Jones).

Upgrade Notes

• There should be no action necessary.
• Most templates have changed to two-space indentation. For ease of future
  upgrades you should update your overrides to match.