forked from epandurski/cmbarter
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathCHANGES
260 lines (209 loc) · 9.38 KB
/
CHANGES
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
July 12th, 2018
v1.16.5 -- Use reCAPTCHA 2
July 12th, 2017
v1.16.4 -- Fixed CSS styling for input tags.
June 14th, 2017
v1.16.3 -- Fixed XHTML-MP (WAP 2.0) validation problem.
-- Fixed minor problem in the installation guide.
June 13th, 2017
v1.16.2 -- Minor UI fixes.
-- Minor fixes in docker images.
-- Minor change in the installation guide.
-- Use iptables to limit the maximum rate of incoming new
connections in the "proxy" docker image. This should
guarantee that the database can not be overloaded -- the
bottleneck will be the proxy server or the web servers.
June 10th, 2017
v1.16.1 -- Use pgbouncer in "web" docker image.
-- The "tasks" image responds to SIGTERM.
-- Improved visual style on hand-held devices.
June 5th, 2017
v1.16.0 -- Support for different password hashing methods.
-- Increased the default minimum password length to 10.
-- Minor change in the database schema.
-- Improved docker support.
-- Fixed possible leak of sensitive info when replying to emails.
-- Adopted semantic versioning scheme.
In the future, when an incompatible change in the database
schema is made -- the major version number will be
incremented.
May 25th, 2017
v1.15 -- Added support for Docker.
-- Uses cookie-based sessions instead of file-based sessions.
September 12th, 2016
v1.14 -- Fixed issues with supporting Django 1.10.
April 4th, 2016
v1.13 -- Minor changes to supprt future versions of Django (1.10)
-- Minor updates in the "reCAPTCHA" handlig.
June 28th, 2014
v1.12 -- Minor changes to the installation guide.
-- Dropped support for Python 2.6.
October 30th, 2013
v1.11 -- Improved the way session files are garbage-collected. This
closes a potential DoS-attack vector.
October 17th, 2013
v1.10 -- Fixed a serious security problem in the WAP-application.
-- Disabled "django.middleware.gzip.GZipMiddleware" because of
the newly discovered "BREACH" attack against Django's CSRF
protection. For more information check this link:
https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/
-- Now CMB automatically maintains a whitelist of IP-addresses.
Site administrators can use this whitelist to configure their
firewall to protect their web-server(s) from DoS attacks.
-- Improved CuriousORM module. Now "CuriousORM" is a separate
project and has its own repository at
https://github.com/epandurski/CuriousORM/
-- Now CMB's source code can be effortlessly transformed to work
with Python 3. To do this, find all "PYTHON3"-tagged comments
in the code and make the suggested substitutions. Then run
"2to3" on the entire source tree. (You may skip
"curiousorm.py" because it already is Python3 compatible.)
-- Added "show_whitelist.py" command-line tool.
-- Added "show_emails.py" command-line tool.
-- Minor UI improvements.
-- Minor bug-fixes.
-- Closed few potential DoS-attack vectors.
-- Better support for new versions of Django.
-- Improved installation guide.
May 8th, 2013
v1.9 -- New, *much* faster algorithm for finding cycles.
-- Minor UI improvements.
-- Better support for PyPy.
-- Dropped support for Python 2.5.
April 2nd, 2013
v1.8.6 -- CMB can work with PyPy now.
-- Added a pure-python implementation of the AES cipher
algorithm. It is used when PyCrypto is not available.
-- Closed a potential DoS-attack vector.
-- Minor improvements and fixes.
February 26th, 2013
v1.8.5 -- More anti-DoS measures.
Most importantly, now DoS-attacks against the web-server are
never propagated to the database server. Therefore it is now
possible to have several web-servers, exposed to different
levels of DoS-attack thread, connected to the same database,
not interfering with each other. That is: An attack on one
of the web-servers will not overload the database, and
therefore will have no impact on the other web-servers.
-- Minor improvements and bug-fixes.
February 15th, 2013
v1.8.4 -- Added "schedule_turns.py" command-line tool. It allows
administrators to easily change turns' time and period in
the database.
-- Minor improvements and bug-fixes.
January 30th, 2013
v1.8.3 -- Minor improvements and fixes.
-- Minor changes to the manual.
January 24th, 2013
v1.8.2 -- The command line tools are improved and moved to the root
"cmbarter" directory. So, they are much more convenient to
use now.
-- Dropped support for Django version 1.3 or earlier.
-- Minor improvements and code refactoring.
-- Some files have new names.
January 19th, 2013
v1.8.1 -- Minor changes to support Django 1.5.
December 10th, 2012
v1.8 -- Greatly improved documentation. Now there is a comprehensive
installation guide, as well as a localization guide. Everything
goes in nice PDF documents.
-- Minor improvements and fixes.
November 30th, 2012
v1.7.5 -- Fixed a potentially dangerous XSS vulnerability.
-- The installation procedure has been significantly simplified.
-- Minor improvements and fixes.
November 24th, 2012
v1.7.4 -- Fixed a potentially dangerous security issue.
-- Implemented support of the "HTTP Strict Transport Security"
specification.
-- Minor improvements and bug-fixes.
-- Minor changes to the manual.
November 17th, 2012
v1.7.3 -- Improved flexibility of the algorithm for finding cycles. Now
command-line parameters can be used to control the duration of
the calculation process.
-- Minor improvements and bug-fixes.
-- Minor code refactoring.
November 6th, 2012
v1.7.2 -- Payments are not allowed in products that do not have their
price-per-unit field set.
-- Faster algorithm for finding cycles.
-- Minor refactoring.
September 26th, 2012
v1.7.1 -- Minor improvements and fixes.
September 8th, 2012
v1.7 -- CMB can be configured to require a registration key
in order for users to sign up.
-- CMB can be configured to work without an external
dependency on reCAPTHCA.
-- Users can change their usernames.
-- Minor improvements and bug-fixes.
-- Minor changes to the manual.
July 23th, 2012
v1.6.2 -- Minor bug-fixes.
-- Minor changes to the manual.
December 14th, 2011
v1.6.1 -- Minor bug-fixes.
December 2nd, 2011
v1.6 -- Added WAP 2.0 support.
Now users can make and receive payments conveniently, from any
Internet-connected cell phone. Nobody is punished for having
a too old phone.
-- Minor user interface improvements and fixes.
October 30th, 2011
v1.5 -- Added "Email my customers" functionality.
-- Added transaction notifications by email.
-- Many user interface improvements and fixes.
-- Improved performance.
-- Improved database locking, preventing possible deadlocks while
performing a trading turn.
-- Implemented various mechanisms for preventing successful DoS
attacks.
-- Minor changes to the manual.
September 7th, 2011
v1.4 -- Implemented new product/trader discovery mechanism.
The idea is that traders can make their list of partners
publicly available. This way they say: "I trust this guys. I
checked them out."
There are 2 ways users can view other users' partners:
1) They can click on the name of the partner in their partners
list, then click on the "view trusted traders" link. This way,
they can view the partners of their partners.
2) They can use the public search page that is generated for
every trader. For example:
https://multiswap.net/search/751181894/?q=alex
This search-URL can be used in any third-party website.
-- Minor changes to the manual.
August 25th, 2011
v1.3.2 -- Fixed a subtle bug allowing traders to issue a hand-crafted
POST-request so as to remove a product from their price-list
with no notification sent to the customes having deposits
outstanding.
-- Minor usability improvements.
May 29th, 2011
v1.3.1 -- Fixed a minor CSS-bug.
May 17th, 2011
v1.3 -- Improved usability on small-screen devices.
-- Minor user interface improvements and fixes.
-- Minor changes to the manual.
Feb 19th, 2011
v1.2 -- Added functionality for making electronic payments. Now you
can use CMB for issuing tradecredit-backed currency. These
currencies are not only redeemable by the businesses that
issued them, but are tradeable via an online marketplace that
matches currency holders with other tradecredit-backed
currencies they want.
-- Many user interface improvements and fixes.
-- Minor changes to the manual.
Jan 4th, 2011
v1.1 -- Added i18n full support.
-- Added Bulgarian translation.
-- Some directories have new locations.
-- Added "gimpfiles" directory.
-- Changed the way password hashes are calculated. Now
16-character "salt" is prepended to the password before the
SHA-256 is calculated.
-- Minor changes to the manual.
-- Minor user interface improvements and fixes.
November 22th, 2010
v1.0 -- This is the first stable release.