------------------------------------------------------------------- Thu Dec 18 19:30:57 UTC 2025 - Ákos Szőts - Update to 3.5.10 * Add: [logging] option to log response header on debug loglevel * Add: logging of broken contact items during PUT * Add: [server] max_resource_size option * Add: support PROPFIND/max-resource-size by max_resource_size (capped to 80% of max_content_length) * Extend: [auth] imap: add fallback support for LOGIN towards remote IMAP server (replaced in 3.5.0) * Extend: [logging] with profiling log per reqest or regular per request method * (see also https://github.com/Kozea/Radicale/wiki/Performance-Tuning) * Extend: add selected XML query properties to request result log line for improved timing analysis incl. logwatch support * (see also https://github.com/Kozea/Radicale/wiki/Server-Statistics) * Improve: logging of broken calendar items during PUT * Improve: remove unnecessary open+read for mtime+size cache * Fix: improper detection of HTTP_X_FORWARDED_PORT on MOVE * Adjust: [logging] header/content debug log indended by space to be skipped by logwatch ------------------------------------------------------------------- Mon Dec 1 08:40:59 UTC 2025 - Ákos Szőts - Update to 3.5.9 * Extend: [auth] add support for type http_remote_user * Extend: logging of invalid sync-token with user, path, remote host and useragent * Fix: typo related to collection delete hook (can cause OOM error) ------------------------------------------------------------------- Sun Nov 9 11:44:40 UTC 2025 - Ákos Szőts - Enable Argon2 support for testing and as a recommendation - Update to 3.5.8 * Extend [auth]: re-factor & overhaul LDAP authentication, especially for Python's ldap module * Fix: out-of-range timestamp on 32-bit systems * Fix: format_ut problem on 32-bit systems * Feature: extend logging with response size in bytes and flag served as plain or gzip * Feature: [storage] strict_preconditions: new config option to enforce strict preconditions check on PUT in case item already exists [RFC6352#9.2] * Doc: Telugu translation ------------------------------------------------------------------- Sun Sep 28 09:11:54 UTC 2025 - Ákos Szőts - Update to 3.5.7 * Extend: [auth] dovecot: add support for version >= 2.4 * Fix: report/getetag with enabled expand * Adjust: use of option [auth] ldap_ignore_attribute_create_modify_timestamp for support of Authentik LDAP server ------------------------------------------------------------------- Wed Sep 17 15:02:38 UTC 2025 - Ákos Szőts - Use the provided "rights" example file as the base config file (instead of an empty one) - Update to 3.5.6 * Fix: broken start when UID does not exist (potential container startup case) * Improve: user/group retrievement for running service and directories * Extend/Improve: [auth] ldap: group membership lookup * Add: [auth] remote_ip_source: set the remote IP source for auth algorithms ------------------------------------------------------------------- Fri Aug 22 07:57:21 UTC 2025 - Ákos Szőts - Set "radicale" as the syslog identifier (replacing the generic "python3") when started via systemd - Update to 3.5.5 * Improve: [auth] ldap: do not read server info by bind to avoid needless network traffic * Improve: add details about platform and effective user on startup * Improve: display owner+permissions on directories on startup, extend error message in case of missing permissions * Improve: add options [logging] trace_on_debug and trace_filter for supporting trace logging * Improve: catch items having tzinfo only on dtstart or dtend set for whatever reason, overtake tzinfo from the other one * Improve: conditional log level for base_prefix strip action depending on auth and web type * Fix: [storage] broken support of 'folder_umask' * Fix: logging ignores not retrievable get_native_id if not supported by OS * Fix: report with enabled expand honors now provided filter proper * Fix: catch case where getpwuid is not returning a username * Fix: add support for query without comp-type * Fix: expanded event with dates are missing VALUE=DATE * Fix: storage hook path now added to DELETE, MKCOL, MKCALENDAR, MOVE, and PROPPATCH * Feature: add hook for server-side e-mail notification * Add: [hook] dryrun: option to disable real hook action for testing, add tests for email+rabbitmq * Add: storage hook placeholder now supports "request" and "to_path" (MOVE only) ------------------------------------------------------------------- Wed May 28 20:02:32 UTC 2025 - Ákos Szőts - Update to 3.5.4 * item filter enhanced for 3rd level supporting VALARM and honoring TRIGGER (offset or absolute) * add Caddy config file example (see contrib directory) ------------------------------------------------------------------- Wed May 21 06:40:59 UTC 2025 - Ákos Szőts - Update to 3.5.3 * Add: [auth] htpasswd: support for Argon2 hashes * Add: [auth] urldecode_username: optional decode provided username (e.g. encoded email address) * Improve: catch error on calendar collection upload and display problematic item content on debug level ------------------------------------------------------------------- Thu May 1 06:31:41 UTC 2025 - Ákos Szőts - Update to 3.5.2 * Adjust: [auth] ldap: use ldap_user_attr either first element of list or directly * Fix: use value of property for time range filter * Fix: return 204 instead of 201 in case PUT updates an item * Add: [auth] ldap: option ldap_security (none, startls, tls) for additional support of STARTTLS, deprecate ldap_use_ssl * Extend: log PYTHONPATH on startup if found in environment ------------------------------------------------------------------- Wed Apr 16 05:51:57 UTC 2025 - Ákos Szőts - Update to 3.5.1 * Add: option [auth] ldap_ignore_attribute_create_modify_timestamp for support of Authentik LDAP server * Extend: [storage] hook supports now placeholder for "cwd" and "path" (and catches unsupported placeholders) * Extend: log and create base folders if not existing during startup * Fix: auth/htpasswd related to detection and use of bcrypt * Fix: location of lock file for in case of dedicated cache folder is activated - Restored Radicale.rpmlintrc, still needed ------------------------------------------------------------------- Sat Mar 22 23:36:45 UTC 2025 - Richard Rahl - Update to 3.5.0: * Default type for authentication changed from "none" to "denyall" to prevent unexpected access after initial installation (secure-by-default) * Reverse proxy base prefix stripping was adjusted/fixed, in case of issues check new option and your reverse proxy configuration * InfCloud WebUI can be now be served "bundled", see https://github.com/Kozea/Radicale/wiki/Client-InfCloud * Add: option [auth] type oauth2 by code migration from https://gitlab.mim-libre.fr/alphabet/radicale_oauth/-/blob/dev/oauth2/ * Add: option [auth] type pam by code migration from v1, add new option pam_serivce * Add: option [server] script_name for reverse proxy base_prefix handling * Add: on-the-fly link activation and default content adjustment in case of bundled InfCloud (tested with 0.13.1) * Add: warning in case of started standalone and not listen on loopback interface but trusting external authentication * Adjust: [auth] imap: use AUTHENTICATE PLAIN instead of LOGIN towards remote IMAP server * Adjust: Change default [auth] type from "none" to "denyall" for secure-by-default * Improve: relax mtime check on storage filesystem, change test file location to "collection-root" directory * Improve: WebUI * Improve: log client IP on SSL error and SSL protocol+cipher if successful * Improve: catch htpasswd hash verification errors * Improve: add support for more bcrypt algos on autodetection, extend logging for autodetection fallback to PLAIN in case of hash length is not matching * Fix: catch OS errors on PUT MKCOL MKCALENDAR MOVE PROPPATCH (insufficient storage, access denied, internal server error) * Test: skip bcrypt related tests if module is missing * Fix: proper base_prefix stripping if running behind reverse proxy * Cosmetics: extend list of used modules with their version on startup * Review: Apache reverse proxy config example - Enable upstream tests - Remove Radicale.rpmlintrc, as that is not needed anymore ------------------------------------------------------------------- Mon Jan 13 21:00:07 UTC 2025 - Ákos Szőts - Update to 3.4.0 * Add: option [auth] cache_logins/cache_successful_logins_expiry/cache_failed_logins for caching logins * Improve: [auth] log used hash method and result on debug for htpasswd authentication * Improve: [auth] htpasswd file now read and verified on start * Add: option [auth] htpasswd_cache to automatic re-read triggered on change (mtime or size) instead reading on each request * Improve: [auth] htpasswd: module 'bcrypt' is no longer mandatory in case digest method not used in file * Improve: [auth] successful/failed login logs now type and whether result was taken from cache * Improve: [auth] constant execution time for failed logins independent of external backend or by htpasswd used digest method * Drop: support for Python 3.8 * Add: option [auth] ldap_user_attribute * Add: option [auth] ldap_groups_attribute as a more flexible replacement of removed ldap_load_groups - Update to 3.3.3 * Add: display mtime_ns precision of storage folder with condition warning if too less * Improve: disable fsync during storage verification * Improve: suppress duplicate log lines on startup * Contrib: logwatch config and script * Improve: log precondition result on PUT request - Update to 3.3.2 * Fix: debug logging in rights/from_file * Fix: ignore empty RRULESET in item * Fix: also remove 'item' from cache on delete * Fix: set PRODID on collection upload (instead of vobject is inserting default one) * Fix: buggy cache file content creation on collection upload * Add: option [storage] use_cache_subfolder_for_item for storing 'item' cache outside collection-root * Add: option [storage] filesystem_cache_folder for defining location of cache outside collection-root * Add: option [storage] use_cache_subfolder_for_history for storing 'history' cache outside collection-root * Add: option [storage] use_cache_subfolder_for_synctoken for storing 'sync-token' cache outside collection-root * Add: option [storage] folder_umask for configuration of umask (overwrite system-default) * Add: option [storage] use_mtime_and_size_for_item_cache for changing cache lookup from SHA256 to mtime_ns + size * Add: option [auth] uc_username for uppercase conversion (similar to existing lc_username) * Add: option [logging] storage_cache_action_on_debug for conditional logging * Improve: avoid automatically invalid cache on upgrade in case no change on cache structure * Improve: log important module versions on startup * Improve: auth.ldap config shown on startup, terminate in case no password is supplied for bind user ------------------------------------------------------------------- Wed Nov 27 14:00:09 UTC 2024 - Ákos Szőts - Update to 3.3.1 * Add: option [auth] type=dovecot * Add: option [server] protocol + ciphersuite for optional restrictions on SSL socket * Enhancement: log content in case of multiple main components error * Enhancement: [storage] hook documentation, logging, error behavior (no longer throwing an exception) * Fix: expand does not take timezones into account * Fix: expand does not support overridden recurring events * Fix: expand does not honor start and end times - Update to 3.3.0 * Adjustment: option [auth] htpasswd_encryption change default from "md5" to "autodetect" * Adjustment: switch from setup.py to pyproject.toml (but keep files for legacy packaging) * Adjustment: 'rights' file is now read only during startup * Add: option [auth] type=ldap with (group) rights management via LDAP/LDAPS * Add: option [rights] permit_overwrite_collection (default=True) which can be also controlled per collection by rights 'O' or 'o' * Enhancement: permit_delete_collection can be now controlled also per collection by rights 'D' or 'd' * Fix: only expand VEVENT on REPORT request containing 'expand' * Cleanup: Python 3.7 leftovers ------------------------------------------------------------------- Fri Aug 30 04:42:28 UTC 2024 - Ákos Szőts - Cleaned up unnecessary BuildRequires - Update to 3.2.3 * Add: support for Python 3.13 * Fix: Using icalendar's tzinfo on created datetime to fix issue with icalendar * Fix: typos in code * Enhancement: Added free-busy report * Enhancement: Added 'max_freebusy_occurrences` setting to avoid potential DOS on reports * Enhancement: remove unexpected control codes from uploaded items * Enhancement: add 'strip_domain' setting for username handling * Enhancement: add option to toggle debug log of rights rule with doesn't match * Drop: remove unused requirement "typeguard" * Improve: Refactored some date parsing code ------------------------------------------------------------------- Tue Jun 18 17:37:27 UTC 2024 - Ákos Szőts - Update to 3.2.2 * Enhancement: add support for auth.type=denyall (will be default for security reasons in upcoming releases) * Enhancement: display warning in case only default config is active * Enhancement: display warning in case no user authentication is active * Enhancement: add option to skip broken item to avoid triggering exception (default: enabled) * Enhancement: add support for predefined collections for new users * Enhancement: add options to enable several parts in debug log like backtrace, request_header, request_content, response_content (default: disabled) * Enhancement: rights/from_file: display resulting permission of a match in debug log * Enhancement: add Apache config file example (see contrib directory) * Fix: "verify-collection" skips non-collection directories, logging improved ------------------------------------------------------------------- Fri Jun 7 07:20:17 UTC 2024 - Ákos Szőts - Filtered out false positive rpmlint error message - Update to 3.2.1 * Enhancement: add option for logging bad PUT request content * Enhancement: extend logging with step where bad PUT request failed * Fix: support for recurrence "full day" * Fix: list of web_files related to HTML pages * Test: update/adjustments for workflows (pytest>=7, typeguard<4.3) ------------------------------------------------------------------- Sun May 5 10:21:51 UTC 2024 - Ákos Szőts - Update to 3.2.0 * Enhancement: add hook support for event changes+deletion hooks (initial support: "rabbitmq") * Dependency: pika >= 1.1.0 * Enhancement: add support for webcal subscriptions * Enhancement: major update of WebUI (design+features) * Adjust: change default loglevel to "info" * Enhancement: support "expand-property" on REPORT request * Drop: support for Python 3.7 (EOSL, can't be tested anymore) * Fix: allow quoted-printable encoding for vObjects ------------------------------------------------------------------- Mon Mar 18 08:22:57 UTC 2024 - Ákos Szőts - Update to 3.1.9 * Add: support for Python 3.11 + 3.12 * Drop: support for Python 3.6 * Fix: MOVE in case listen on non-standard ports or behind reverse proxy * Fix: stricter requirements of Python 3.11 * Fix: HTML pages * Fix: Main Component is missing when only recurrence id exists * Fix: passlib don't support bcrypt>=4.1 * Fix: web login now proper encodes passwords containing %XX (hexdigits) * Enhancement: user-selectable log formats * Enhancement: autodetect logging to systemd journal * Enhancement: test code * Enhancement: option for global permit to delete collection * Enhancement: auth type 'htpasswd' supports now 'htpasswd_encryption' sha256/sha512 and "autodetect" for smooth transition * Improve: Dockerfiles * Improve: server socket listen code + address format in log * Update: documentations + examples * Dependency: limit typegard version < 3 * General: code cosmetics ------------------------------------------------------------------- Sun Jan 15 10:06:31 UTC 2023 - Ákos Szőts - Security fortifications (provided by systemd) ------------------------------------------------------------------- Thu Jul 14 22:11:43 UTC 2022 - Ákos Szőts - Update to 3.1.8 * Fix setuptools requirement if installing wheel * Tests: Switch from python setup.py test to tox * Small changes to build system configuration and tests ------------------------------------------------------------------- Wed Jun 22 18:47:02 UTC 2022 - Ákos Szőts - Add python passlib as a recommendation as it is needed for htpasswd authentication ------------------------------------------------------------------- Mon Jun 13 10:37:57 UTC 2022 - Jan Engelhardt - Trim filler wording from descriptions. ------------------------------------------------------------------- Mon Apr 25 06:20:20 UTC 2022 - Ákos Szőts - Update to 3.1.7 * Fix random href fallback ------------------------------------------------------------------- Tue Apr 19 09:30:05 UTC 2022 - Paolo Stivanin - Update to 3.1.6: * Ignore 'Not a directory' error for optional config paths * Fix upload of whole address book/calendar with UIDs that collide on case-insensitive filesystem ------------------------------------------------------------------- Tue Feb 8 22:20:29 UTC 2022 - Ákos Szőts - Update to 3.1.5 * Ignore configuration file if access is denied * Use F_FULLFSYNC with PyPy on MacOS * Fallback if F_FULLFSYNC is not supported by the filesystem ------------------------------------------------------------------- Tue Feb 1 22:00:25 UTC 2022 - Ákos Szőts - Update to 3.1.4 * Fallback if RENAME_EXCHANGE is not supportd by the filesystem * Assume POSIX compatibility if sys.platform is not win32 ------------------------------------------------------------------- Wed Jan 26 22:09:11 UTC 2022 - Ákos Szőts - Update to 3.1.3 * Redirect '…/.well-known/caldav' and '…/.well-known/carddav' to base prefix * Warning instead of error when base prefix ends with '/' ------------------------------------------------------------------- Sat Jan 22 07:29:12 UTC 2022 - Ákos Szőts - Update to 3.1.2 * Verify that base prefix starts with '/' but doesn't end with '/' * Improve base prefix log message * Never send body for HEAD requests (again) ------------------------------------------------------------------- Wed Jan 19 17:01:23 UTC 2022 - Ákos Szőts - Minimum Python version changed from 3.6.0 to 3.6 to be able to compile it on Leap 15.3 and 15.2 - Update to 3.1.1 * Workaround for contact photo bug in InfCloud * Redirect GET and HEAD requests under /.web to sanitized path * Set Content-Length header for HEAD requests * Never send body for HEAD requests * Improve error messages for from_file rights backend * Don't sanitize WSGI script name ------------------------------------------------------------------- Mon Jan 3 09:47:24 UTC 2022 - Ákos Szőts - Fix download URL * This release contains a "v" in front of the version number in the URL ------------------------------------------------------------------- Mon Dec 27 08:23:49 UTC 2021 - Ákos Szőts - Update to 3.1.0 * Single element in PROPPATCH response * Allow multiple and elements * Improve log messages * Fix date filter * Improve sanitization of collection properties * Cancel mkcalendar request on error * Use renameat2 on Linux for atomic overwriting of collections * Command Line Parser * Disallow abbreviated arguments * Support backend specific options and HTTP headers * Optional argument for boolean options * Load no config file for --config without argument * Allow float for server->timeout setting * Fix is-not-defined filter in addressbook-query report * Add python type hints * Add multifilesystem_nolock storage * Add support for Python 3.9 and 3.10 * Drop support for Python 3.5 * Fix compatibility with Evolution (Exceptions from recurrence rules) ------------------------------------------------------------------- Tue Sep 28 07:06:52 UTC 2021 - Thorsten Kukuk - system-user-radicale.conf: remove leading spaces, SLE15 does not like them [bsc#1190203] ------------------------------------------------------------------- Sun Aug 22 07:31:36 UTC 2021 - Ákos Szőts - Add firewalld service description for Radicale Based on the previous work of Martin Haas ------------------------------------------------------------------- Sun Aug 22 06:56:19 UTC 2021 - Ákos Szőts - Migrate legacy user creation to sysusers.d(5) ------------------------------------------------------------------- Sat Jun 19 07:40:36 UTC 2021 - Ákos Szőts - Fix error message "Address family for hostname not supported" (EAFNOSUPPORT) when trying to bind to a non-loopback address during startup ------------------------------------------------------------------- Sat Apr 3 10:21:00 UTC 2021 - Ákos Szőts - Remove code for v1 -> v2/v3 upgrading since v1 times are long gone ------------------------------------------------------------------- Thu Dec 10 10:18:57 UTC 2020 - Ákos Szőts - Remove %{?systemd_requires} macro as it is not always needed - Give full path of the interpreter in the .service file as a security hardening - URL update for upgrading from v1.x ------------------------------------------------------------------- Thu Oct 8 19:32:00 UTC 2020 - Ákos Szőts - Removed Radicale.logrotate since there's no /var/log/radicale anymore ------------------------------------------------------------------- Tue Sep 15 06:25:11 UTC 2020 - Ákos Szőts - Radicale 3.0.6 * Allow web plugins to handle POST requests - Remove /var/log/radicale since it's become unused by now - Remove duplicated rights and users file listings - Add DOCUMENTATION.md into %doc ------------------------------------------------------------------- Fri Sep 11 07:29:30 UTC 2020 - Ákos Szőts - Start using openSUSE built-in python packaging scripts - Wait with startup until network comes online. This helps the situation where a non-localhost address is given to be listened on - Updated package description ------------------------------------------------------------------- Tue Sep 8 12:54:27 UTC 2020 - Paolo Stivanin - Update to 3.0.5 * Start storage hook in own process group * Kill storage hook on error or exit * Try to kill child processes of storage hook * Internal Server: Exit immediately when signal is received (do not wait for clients or storage hook to finish) ------------------------------------------------------------------- Fri Aug 21 09:57:59 UTC 2020 - Paolo Stivanin - Update to 3.0.4 * small fixes ------------------------------------------------------------------- Mon May 25 07:21:43 UTC 2020 - Paolo Stivanin - Update to 3.0.2 * Use 403 response for supported-report and valid-sync-token errors * Internal server: Handle missing IPv6 support * Fix XML error messages ------------------------------------------------------------------- Wed May 20 11:51:18 UTC 2020 - Paolo Stivanin - Update to 3.0.0 * Parallel write requests * Support PyPy * Protect against XML denial-of-service attacks * Check for duplicated UIDs in calendars/address books * Only add missing UIDs for uploaded whole calendars/address books * Switch from md5 to sha256 for UIDs and tokens * Code cleanup * Multiple configuration files separated by : * Optional configuration files by prepending file path with ? * Check validity of every configuration file and command line arguments separately * Bind to IPv4 and IPv6 address, when both are available for hostname * Set default address to localhost:5232 * Remove settings for SSL ciphers and protocol versions (enforce safe defaults instead) * Remove settings for file locking because they are of little use * Remove daemonization * Use md5 as default for htpasswd_encryption setting * Move setting realm from section server to auth * Use permissions RW for non-leaf collections and rw for address books/calendars * New permission i that only allows access with HTTP method GET See https://github.com/Kozea/Radicale/blob/master/NEWS.md for more info. ------------------------------------------------------------------- Thu Nov 29 10:10:46 UTC 2018 - Ákos Szőts - Added python3-systemd for direct systemd journal logging - Upgrade messages from 1 to 2 now appear in update logs and shown after transaction - Radicale 2.1.11 * Fix moving items between collections ------------------------------------------------------------------- Wed Aug 29 17:51:59 UTC 2018 - szotsaki@gmail.com - Radicale 2.1.10 * Update required versions for dependencies * Get RADICALE_CONFIG from WSGI environ * Improve HTTP status codes * Fix race condition in storage lock creation * Raise default limits for content length and timeout * Log output from hook ------------------------------------------------------------------- Sun Apr 22 10:32:26 UTC 2018 - szotsaki@gmail.com - Radicale 2.1.9 * Specify versions for dependencies * Move WSGI initialization into module * Check if REPORT method is actually supported * Include rights file in source distribution * Specify md5 and bcrypt as extras * Improve logging messages * Windows: Fix crash when item path is a directory ------------------------------------------------------------------- Sun Sep 24 06:07:41 UTC 2017 - szotsaki@gmail.com - Radicale 2.1.8 * Flush files before fsync'ing - Radicale 2.1.7 * Don't print warning when cache format changes * Add documentation for BaseAuth * Add is_authenticated2(login, user, password) to BaseAuth * Fix names of custom properties in PROPFIND requests with D:propname or D:allprop * Return all properties in PROPFIND requests with D:propname or D:allprop * Allow D:displayname property on all collections * Answer with D:unauthenticated for D:current-user-principal property when not logged in * Remove non-existing ICAL:calendar-color and C:calendar-timezone properties from PROPFIND requests with D:propname or D:allprop * Add D:owner property to calendar and address book objects * Remove D:getetag and D:getlastmodified properties from regular collections ------------------------------------------------------------------- Sat Sep 16 19:59:41 UTC 2017 - szotsaki@gmail.com - Radicale 2.1.6 * Fix content-type of VLIST * Specify correct COMPONENT in content-type of VCALENDAR * Cache COMPONENT of calendar objects (improves speed with some clients) * Stricter parsing of filters * Improve support for CardDAV filter * Fix some smaller bugs in CalDAV filter * Add X-WR-CALNAME and X-WR-CALDESC to calendars downloaded via HTTP/WebDAV * Use X-WR-CALNAME and X-WR-CALDESC from calendars published via WebDAV ------------------------------------------------------------------- Mon Aug 28 04:42:45 UTC 2017 - szotsaki@gmail.com - Radicale 2.1.5 * Add --verify-storage command-line argument * Allow comments in the htpasswd file * Don't strip whitespaces from user names and passwords in the htpasswd file * Remove cookies from logging output * Allow uploads of whole collections with many components * Show warning message if server.timeout is used with Python < 3.5.2 ------------------------------------------------------------------- Mon Aug 7 03:13:45 UTC 2017 - szotsaki@gmail.com - Radicale 2.1.4 * Fix incorrect time range matching and calculation for some edge-cases with rescheduled recurrences * Fix owner property - Radicale 2.1.3 * Enable timeout for SSL handshakes and move them out of the main thread * Create cache entries during upload of items * Stop built-in server on Windows when Ctrl+C is pressed * Prevent slow down when multiple requests hit a collection during cache warm-up ------------------------------------------------------------------- Tue Jul 25 05:08:35 UTC 2017 - szotsaki@gmail.com - Radicale 2.1.2 * Remove workarounds for bugs in VObject < 0.9.5 * Error checking of collection tags and associated components * Improve error checking of uploaded collections and components * Don't delete empty collection properties implicitly * Improve logging of VObject serialization ------------------------------------------------------------------- Sat Jul 1 16:16:29 UTC 2017 - szotsaki@gmail.com - Radicale 2.1.1 * Add missing UIDs instead of failing * Improve error checking of calendar and address book objects * Fix upload of whole address books - Radicale 2.1.0 * Built-in web interface for creating and managing address books and calendars * can be extended with web plugins * Much faster storage backend * Significant reduction in memory usage * Improved logging * Include paths (of invalid items / requests) in log messages * Include configuration values causing problems in log messages * Log warning message for invalid requests by clients * Log error message for invalid files in the storage backend * No stack traces unless debugging is enabled * Time range filter also regards overwritten recurrences * Items that couldn't be filtered because of bugs in VObject are always returned (and a warning message is logged) * Basic error checking of configuration files * File system locking isn't disabled implicitly anymore, instead a new configuration option gets introduced * The permissions of the lock file are not changed anymore * Support for sync-token * Support for client-side SSL certificates * Rights plugins can decide if access to an item is granted explicitly * Respond with 403 instead of 404 for principal collections of non-existing users when ``owner_only`` plugin is used (information leakage) * Authentication plugins can provide the login and password from the environment * new ``remote_user`` plugin, that gets the login from the ``REMOTE_USER`` environment variable (for WSGI server) * new ``http_x_remote_user`` plugin, that gets the login from the ``X-Remote-User`` HTTP header (for reverse proxies) - Radicale 2.0.0 * Support Python 3.3+ only, Python 2 is not supported anymore * Keep only one simple filesystem-based storage system * Remove built-in Git support * Remove built-in authentication modules * Keep the WSGI interface, use Python HTTP server by default * Use a real iCal parser, rely on the "vobject" external module * Add a solid calendar discovery * Respect the difference between "files" and "folders", don't rely on slashes * Remove the calendar creation with GET requests * Be stateless * Use a file locker * Add threading * Get atomic writes * Support new filters * Support read-only permissions * Allow External plugins for authentication, rights management, storage and version control ------------------------------------------------------------------- Mon Jun 26 20:30:05 UTC 2017 - szotsaki@gmail.com - Radicale 1.1.4 - Use shutil.move for --export-storage Sat May 27 13:18:20 UTC 2017 - szotsaki@gmail.com - Radicale 1.1.3 - Add a --export-storage=FOLDER command-line argument (by Unrud, see #606) ------------------------------------------------------------------- Mon May 1 08:48:53 UTC 2017 - szotsaki@gmail.com - Radicale 1.1.2 - Security fix: Add a random timer to avoid timing oracles and simple bruteforce attacks when using the htpasswd authentication method. - Various minor fixes. ------------------------------------------------------------------- Thu Dec 15 17:49:18 UTC 2016 - mrueckert@suse.de - downgrade requires to recommends for apache2-utils. it is not really needed for all setups. - add recommends for optional features: python3-dulwich -> git support python3-passlib + python3-bcrypt-> bcrypt support ------------------------------------------------------------------- Sun Apr 24 10:04:38 UTC 2016 - bosim@opensuse.org - Removed _source and added actual tar ball source - Added firewall config - Added python3 requirement ------------------------------------------------------------------- Fri Jan 15 09:22:21 UTC 2016 - szotsaki@gmail.com - Radicale 1.1.1 - Fix the owner_write rights rule ------------------------------------------------------------------- Fri Jan 1 12:39:18 UTC 2016 - szotsaki@gmail.com - Radicale 1.1 - Improve the regex used for well-known URIs (by Unrud) - Prevent regex injection in rights management (by Unrud) - Prevent crafted HTTP request from calling arbitrary functions (by Unrud) - Improve URI sanitation and conversion to filesystem path (by Unrud) - Decouple the daemon from its parent environment (by Unrud) - Assign new items to corret key (by Unrud) - Avoid race condition in PID file creation (by Unrud) - Improve the docker version (by cdpb) - Encode message and commiter for git commits - Test with Python 3.5 ------------------------------------------------------------------- Fri Sep 18 18:18:55 UTC 2015 - szotsaki@gmail.com - Radicale 1.0 - Enhanced performances (by Mathieu Dupuy) - Add MD5-APR1 and BCRYPT for htpasswd-based authentication (by Jan-Philip Gehrcke) - Use PAM service (by Stephen Paul Weber) - Don't discard PROPPATCH on empty collections (Markus Unterwaditzer) - Write the path of the collection in the git message (Matthew Monaco) - Tests launched on Travis ------------------------------------------------------------------- Wed Jan 21 08:33:41 UTC 2015 - szotsaki@gmail.com - Radicale 0.10 - Support well-known URLs (by Mathieu Dupuy) - Fix collection discovery (by Markus Unterwaditzer) - Reload logger config on SIGHUP (by Élie Bouttier) - Remove props files when deleting a collection (by Vincent Untz) - Support salted SHA1 passwords (by Marc Kleine-Budde) - Don't spam the logs about non-SSL IMAP connections to localhost (by Giel van Schijndel) ------------------------------------------------------------------- Fri Oct 24 15:23:43 UTC 2014 - szotsaki@gmail.com - Radicale 0.9 - Custom handlers for auth, storage and rights (by Sergey Fursov) - 1-file-per-event storage (by Jean-Marc Martins) - Git support for filesystem storages (by Jean-Marc Martins) - DB storage working with PostgreSQL, MariaDB and SQLite (by Jean-Marc Martins) - Clean rights manager based on regular expressions (by Sweil) - Support of contacts for Apple's clients - Support colors (by Jochen Sprickerhof) - Decode URLs in XML (by Jean-Marc Martins) - Fix PAM authentication (by Stepan Henek) - Use consistent etags (by 9m66p93w) - Use consistent sorting order (by dnnr) - Return 401 on unauthorized DELETE requests (by Eduard Braun) - Move pid file creation in child process (by Mathieu Dupuy) - Allow requests without base_prefix (by jheidemann) ------------------------------------------------------------------- Fri Aug 8 19:34:27 UTC 2014 - szotsaki@gmail.com - Adding missing config/log files and directories - Adding logrotate script - Fixing bnc#890094 -------------------------------------------------------------------- Fri Aug 8 18:02:22 UTC 2014 - szotsaki@gmail.com - Addressing an issue when creating new groups and users for Radicale (bnc#890093) -------------------------------------------------------------------- Wed Sep 25 08:15:49 UTC 2013 - szotsaki@gmail.com - Radicale 0.8 - New authentication and rights management modules (by Matthias Jordan) - Experimental database storage - Command-line option for custom configuration file (by Mark Adams) - Root URL not at the root of a domain (by Clint Adams, Fabrice Bellet, Vincent Untz) - Improved support for iCal, CalDAVSync, CardDAVSync, CalDavZAP and CardDavMATE - Empty PROPFIND requests handled (by Christoph Polcin) - Colon allowed in passwords - Configurable realm message ------------------------------------------------------------------- Thu Sep 27 08:55:00 UTC 2012 - szotsaki@gmail.com - branch from mrueckert version (thank you for the .spec file) - Radicale 0.7.1 - Many address books fixes - New IMAP ACL (by Daniel Aleksandersen) - PAM ACL fixed (by Daniel Aleksandersen) - Courier ACL fixed (by Benjamin Frank) - Always set display name to collections (by Oskari Timperi) - Various DELETE responses fixed Thu Apr 21 13:28:25 UTC 2011 - mrueckert@suse.de - initial package (v0.5)