Releases: Kozea/Radicale
2.1.0rc3
2.1.0rc2
2.1.0rc1
This release is compatible with version 2.0.0.
- Built-in web interface for creating and managing address books and calendars
- can be extended with web plugins
- Much faster storage backend
- Significant reduction in memory usage
- Improved logging
- Include paths (of invalid items / requests) in log messages
- Include configuration values causing problems in log messages
- Log warning message for invalid requests by clients
- Log error message for invalid files in the storage backend
- No stack traces unless debugging is enabled
- Time range filter also regards overwritten recurrences
- Items that couldn't be filtered because of bugs in VObject are always
returned (and a warning message is logged) - Basic error checking of configuration files
- File system locking isn't disabled implicitly anymore, instead a new
configuration option gets introduced - The permissions of the lock file are not changed anymore
- Support for sync-token
- Support for client-side SSL certificates
- Rights plugins can decide if access to an item is granted explicitly
- Respond with 403 instead of 404 for principal collections of non-existing
users whenowner_onlyplugin is used (information leakage)
- Respond with 403 instead of 404 for principal collections of non-existing
- Authentication plugins can provide the login and password from the
environment- new
remote_userplugin, that gets the login from theREMOTE_USER
environment variable (for WSGI server) - new
http_x_remote_userplugin, that gets the login from the
X-Remote-UserHTTP header (for reverse proxies)
- new
Little Big Radish
This feature is not compatible with the 1.x.x versions. See http://radicale.org/1to2/ if you want to switch from 1.x.x to 2.0.0, and see #372 if you want to know how and why these changes happened.
- Support Python 3.3+ only, Python 2 is not supported anymore
- Keep only one simple filesystem-based storage system
- Remove built-in Git support
- Remove built-in authentication modules
- Keep the WSGI interface, use Python HTTP server by default
- Use a real iCal parser, rely on the "vobject" external module
- Add a solid calendar discovery
- Respect the difference between "files" and "folders", don't rely on slashes
- Remove the calendar creation with GET requests
- Be stateless
- Use a file locker
- Add threading
- Get atomic writes
- Support new filters
- Support read-only permissions
- Allow External plugins for authentication, rights management, storage and version control
Fourth Law of Nature
- Add a
--export-storage=FOLDERcommand-line argument (by Unrud, see #606)
2.0.0rc2
Third Law of Nature
- Security fix: Add a random timer to avoid timing oracles and simple bruteforce attacks when using the htpasswd authentication method.
- Various minor fixes.
2.0.0rc1
Second Law of Nature
- Fix the owner_write rights rule
Law of Nature
One feature in this release is not backward compatible:
- Use the first matching section for rights (inspired from daald)
Now, the first section matching the path and current user in your custom rights
file is used. In the previous versions, the most permissive rights of all the
matching sections were applied. This new behaviour gives a simple way to make
specific rules at the top of the file independant from the generic ones.
Many improvements in this release are related to security, you should
upgrade Radicale as soon as possible:
- Improve the regex used for well-known URIs (by Unrud)
- Prevent regex injection in rights management (by Unrud)
- Prevent crafted HTTP request from calling arbitrary functions (by Unrud)
- Improve URI sanitation and conversion to filesystem path (by Unrud)
- Decouple the daemon from its parent environment (by Unrud)
Some bugs have been fixed and little enhancements have been added:
- Assign new items to corret key (by Unrud)
- Avoid race condition in PID file creation (by Unrud)
- Improve the docker version (by cdpb)
- Encode message and commiter for git commits
- Test with Python 3.5