Version 1.1.2 (released 11-Aug-2009) * security fix: validate the 'view' parameter to avoid XSS attack * security fix: avoid printing illegal parameter names and values * add optional support for character encoding detection (issue #400) * fix username case handling in svnauthz module (issue #419) * fix cvsdbadmin/svnadmin rebuild error on missing repos (issue #420) * don't drop leading blank lines from colorized file contents (issue #422) * add file.ezt template logic for optionally hiding binary file contents Version 1.1.1 (released 03-Jun-2009) * fix broken query form (missing required template variables) (issue #416) * fix bug in cvsdb which caused rebuild operations to lose data (issue #417) * fix cvsdb purge/rebuild repos lookup to error on missing repos * fix misleading file contents view page title Version 1.1.0 (released 13-May-2009) * add support for full content diffs (issue #153) * make many more data dictionary items available to all views * various rcsparse and tparse module fixes * add daemon mode to standalone.py (issue #235) * rework helper application configuration options (issues #229, #62) * teach standalone.py to recognize Subversion repositories via -r option * now interpret relative paths in "viewvc.conf" as relative to that file * add 'purge' subcommand to cvsdbadmin and svndbadmin (issue #271) * fix orphaned data bug in cvsdbadmin/svndbadmin rebuild (issue #271) * add support for query by log message (issues #22, #121) * fix bug parsing 'svn blame' output with too-long author names (issue #221) * fix default standalone.py port to be within private IANA range (issue #234) * add unified configury of allowed views; checkout view disabled by default * add support for ranges of revisions to svndbadmin (issue #224) * make the query handling more forgiving of malformatted subdirs (issue #244) * add support for per-root configuration overrides (issue #371) * add support for optional email address mangling (issue #290) * extensible path-based authorization subsystem (issue #268), supporting: - Subversion authz files (new) - regexp-based path hiding (for compat with 1.0.x) - file glob top-level directory hiding (for compat with 1.0.x) * allow default file view to be "markup" (issue #305) * add support for displaying file/directory properties (issue #39) * pagination improvements * add gzip output encoding support for template-driven pages * fix cache control bugs (issue #259) * add RSS feed URL generation for file history * add support for remote creation of ViewVC checkins database * add integration with Pygments for syntax highlighting * preserve executability of Subversion files in tarballs (issue #233) * add ability to set Subversion runtime config dir (issue #351, issue #339) * show RSS/query links only for roots found in commits database (issue #357) * recognize Subversion svn:mime-type property values (issue #364) * hide CVS files when viewing tags/branches on which they don't exist * allow hiding of errorful entries from the directory view (issue #105) * fix directory view sorting UI * tolerate malformed Accept-Language headers (issue #396) * allow MIME type mapping overrides in ViewVC configuration (issue #401) * fix exception in rev-sorted remote Subversion directory views (issue #409) * allow setting of page sizes for log and dir views individually (issue #402) Version 1.0.9 (released 11-Aug-2009) * security fix: validate the 'view' parameter to avoid XSS attack * security fix: avoid printing illegal parameter names and values Version 1.0.8 (released 05-May-2009) * fix directory view sorting UI * tolerate malformed Accept-Language headers (issue #396) * fix directory log views in revision-less Subversion repositories * fix exception in rev-sorted remote Subversion directory views (issue #409) Version 1.0.7 (released 14-Oct-2008) * fix regression in the 'as text' download view (issue #373) Version 1.0.6 (released 16-Sep-2008) * security fix: ignore arbitrary user-provided MIME types (issue #354) * fix bug in regexp search filter when used with sticky tag (issue #346) * fix bug in handling of certain 'co' output (issue #348) * fix regexp search filter template bug * fix annotate code syntax error * fix mod_python import cycle (issue #369) Version 1.0.5 (released 28-Feb-2008) * security fix: omit commits of all-forbidden files from query results * security fix: disallow direct URL navigation to hidden CVSROOT folder * security fix: strip forbidden paths from revision view * security fix: don't traverse log history thru forbidden locations * security fix: honor forbiddenness via diff view path parameters * new 'forbiddenre' regexp-based path authorization feature * fix root name conflict resolution inconsistencies (issue #287) * fix an oversight in the CVS 1.12.9 loginfo-handler support * fix RSS feed content type to be more specific (issue #306) * fix entity escaping problems in RSS feed data (issue #238) * fix bug in tarball generation for remote Subversion repositories * fix query interface file-count-limiting logic * fix query results plus/minus count to ignore forbidden files * fix blame error caused by 'svn' unable to create runtime config dir Version 1.0.4 (released 10-Apr-2007) * fix some markup bugs in query views (issue #266) * fix loginfo-handler's support for CVS 1.12.9 (issues #151, #257) * make viewvc-install able to run from an arbitrary location * update viewvc-install's output for readability * fix bug writing commits to non-MyISAM databases (issue #262) * allow long paths in generated tarballs (issue #12) * fix bug interpreting EZT substitute patterns * fix broken markup view disablement * fix broken directory view link generation in directory log view * fix Windows-specific viewvc-install bugs * fix broke query result links for Subversion deleted items (issue #296) * fix some output XHTML validation buglets * fix database query cache staleness problems (issue #180) Version 1.0.3 (released 13-Oct-2006) * fix bug in path shown for Subversion deleted-under-copy items (issue #265) * security fix: declare charset for views to avoid IE UTF7 XSS attack Version 1.0.2 (released 29-Sep-2006) * minor documentation fixes * fix Subversion annotate functionality on Windows (issue #18) * fix annotate assertions on uncanonicalized #include paths (issue #208) * make RSS URL method match the method used to generate it (issue #245) * fix Subversion annotation to run non-interactively, preventing hangs * fix bug in custom syntax highlighter fallback logic * fix bug in PHP CGI hack to avoid force-cgi-redirect errors Version 1.0.1 (released 20-Jul-2006) * fix exception on log page when use_pagesize is enabled * fix an XHTML validation bug in the footer template (issue #239) * fix handling of single-component CVS revision numbers (issue #237) * fix bug in download-as-text URL link generation (issue #241) * fix query.cgi bug, missing 'rss_href' template data item (issue #249) * no longer omit empty Subversion directories from tarballs (issue #250) * use actual modification time for Subversion directories in tarballs Version 1.0 (released 01-May-2006) * add support for viewing Subversion repositories * add support for running on MS Windows * generate strict XHTML output * add support for caching by sending "Last-Modified", "Expires", "ETag", and "Cache-Control" headers * add support for Mod_Python on Apache 2.x and ASP on IIS * Several changes to standalone.py: - -h commandline option to specify hostname for non local use. - -r commandline option may be repeated to use more than repository before actually installing ViewCVS. - New GUI field to test paging. * add new, better-integrated query interface * add integrated RSS feeds * add new "root_as_url_component" option to embed root names as path components in ViewCVS URLs for a more natural URL scheme in ViewCVS configurations with multiple repositories. * add new "use_localtime" option to display local times instead of UTC times * add new "root_parents" option to make it possible to add and remove repositories without modifying the ViewCVS configuration * add new "template_dir" option to facilitate switching between sets of templates * add new "sort_group_dirs" option to disable grouping of directories in directory listings * add new "port" option to connect to a MySQL database on a nonstandard port * make "default_root" option optional. When no root is specified, show a page listing all available repositories * add "default_file_view" option to make it possible for relative links and image paths in checked out HTML files to work without the need for special /*checkout*/ prefixes in URLs. Deprecate "checkout_magic" option and disable by default * add "limit_changes" option to limit number of changed files shown per commit by default in query results and in the Subversion revision view * hide CVS "Attic" directories and add simple toggle for showing dead files in directory listings * show Unified, Context and Side-by-side diffs in HTML instead of in bare text pages * make View/Download links work the same for all file types * add links to tip of selected branch on log page * allow use of "Highlight" program for colorizing * enable enscript colorizing for more file types * add sorting arrows for directory views * get rid of popup windows for checkout links * obfuscate email addresses in html output by encoding @ symbol with an HTML character reference * add paging capability * Improvements to templates - add new template authoring guide - increase coverage, use templates to produce HTML for diff pages, markup pages, annotate pages, and error pages - move more common page elements into includes - add new template variables providing ViewCVS URLs for more links between related pages and less URL generation inside templates * add new [define] EZT directive for assigning variables within templates * add command line argument parsing to install script to allow non-interactive installs * add stricter parameter validation to lower likelihood of cross-site scripting vulnerabilities * add support for cvsweb's "mime_type=text/x-cvsweb-markup" URLs * fix incompatibility with enscript 1.6.3 * fix bug in parsing FreeBSD rlog output * work around rlog assumption all two digit years in RCS files are relative to the year 1900. * change loginfo-handler to cope with spaces in filenames and support a simpler command line invocation from CVS * make cvsdbadmin work properly when invoked on CVS subdirectory paths instead of top-level CVS root paths * show diff error when comparing two binary files * make regular expression search skip binary files * make regular expression search skip nonversioned files in CVS directories instead of choking on them * fix tarball generator so it doesn't include forbidden modules * output "404 Not Found" errors instead of "403 Forbidden" errors to not reveal whether forbidden paths exist * fix sorting bug in directory view * reset log and directory page numbers when leaving those pages * reset sort direction in directory listing when clicking new columns * fix "Accept-Language" handling for Netscape 4.x browsers * fix file descriptor leak in standalone server * clean up zombie processes from running enscript * fix mysql "Too many connections" error in cvsdbadmin * get rid of mxDateTime dependency for query database * store query database times in UTC instead of local time * fix daylight saving time bugs in various parts of the code Version 0.9.4 (released 17-Aug-2005) * security fix: omit forbidden/hidden modules from query results. Version 0.9.3 (released 17-May-2005) * security fix: disallow bad "content-type" input [CAN-2004-1062] * security fix: disallow bad "sortby" and "cvsroot" input [CAN-2002-0771] * security fix: omit forbidden/hidden modules from tarballs [CAN-2004-0915] Version 0.9.2 (released 15-Jan-2002) * fix redirects to Attic for diffs * fix diffs that have no changes (causing an infinite loop) Version 0.9.1 (released 26-Dec-2001) * fix a problem with some syntax in ndiff.py which isn't compatible with Python 1.5.2 (causing problems at install time) * remove a debug statement left in the code which continues to append lines to /tmp/log Version 0.9 (released 23-Dec-2001) * create templates for the rest of the pages: markup pages, graphs, annotation, and diff. * add multiple language support and dynamic selection based on the Accept-Language request header * add support for key/value files to provide a way for user-defined variables within templates * add optional regex searching for file contents * add new templates for the navigation header and the footer * EZT changes: - add formatting into print directives - add parameters to [include] directives - relax what can go in double quotes - [include] directives are now relative to the current template - throw an exception for unclosed blocks * changes to standalone.py: add flag for regex search * add more help pages * change installer to optionally show diffs * fix to log.ezt and log_table.ezt to select "Side by Side" properly * create dir_alternate.ezt for the flipped rev/name links * various UI tweaks for the directory pages Version 0.8 (released 10-Dec-2001) * add EZT templating mechanism for generating output pages * big update of cvs commit database - updated MySQL support - new CGI - better database caching - switch from old templates to new EZT templates (and integration of look-and-feel) * optional usage of CVSGraph is now builtin * standalone server (for testing) is now provided * shifted some options from viewcvs.conf to the templates * the help at the top of the pages has been shifted to separate help pages, so experienced users don't have to keep seeing it * paths in viewcvs.conf don't require trailing slashes any more * tweak the colorizing for Pascal and Fortran files * fix file readability problem where the user had access via the group, but the process' group did not match that group * some Daylight Savings Time fixes in the CVS commit database * fix tarball generation (the file name) for the root dir * changed default human-readable-diff colors to "stoplight" metaphor * web site and doc revamps * fix the mime types on the download, view, etc links * improved error response when the cvs root is missing * don't try to process vhosts if the config section is not present * various bug fixes and UI tweaks