2019-01-09 3.4

[CONFIGURATION]

* Tarball name is fixed: savannah -> savane.

[I18N]

* Update translations from TranslationProject.

* Enable French, Russian and Spanish translations.

* Make context_icon alt attribute localizable.

[FRONTEND]

* Improve page handling user's GPG keys.  Add a means to test submitted
  keys.

* Multiple cosmetic HTML improvements.

* Show shorter dates in trackers when possible; render full dates
  with ISO format.

* Fix HTML errors found with HTML_CodeSniffer.

* Fix handling user input per OBB-636261 and OBB-647866.

* Use HTTPS URLs in email notifications.

* Drop logging user's IPs.

* Disallow emgedding in frames; move JavaScript and styles to separate
  files; add a CSP header.

* Fix a few bugs.

* Make the code PHP 7.0-compatible:

** Avoid reserved names.

** Eliminate egreg*.

* Use user_delete to delete users instead of settings their status
  to 'D'.

[BACKEND]

* sv_membersh: prevent user from breaking out of scp-restricted shell

2018-05-20 3.3

[I18N]

* Missing in 3.2: savane.pot is updated.

2018-05-20 3.2

[FRONTEND]

* Multiple typo fixes.

* Language selection is rewritten. New way to select language is added
  for the case when regular browser means don't work.

* Most strings to i18n are reviewed, translator's comments are added.

* Comment preview is implemented for trackers.

* A few PHP notices and warnings are fixed.

* Some dead links are removed.

* In Markup, named links to trackers are supported, like
  [task #4913 our most important task] and
  [comment #289 my second reply].

* When deleting account, non-active groups are ignored
  per Savannah Task #14513.

* OBB-296182 is fixed.

* Getting group keyring was fixed per Savannah sr #109450.

* Due to a MySQL bug, some Unicode characters didn't display
  in tracker comments correctly, per Savannah sr #109450.

* When registering a new user account, a message explaining
  what the confirmation email looks like is shown,
  per Savannah sr #109310.

* Account Configuration -> Change GPG Key:
  a sample key is shown to explain what it should look like;
  a button to test the submitted key is added.

* Some fixes in CSS.

* In Markup, URL parts like "*checkout*" were shown in bold.

[SITE SPECIFIC CONTENT]

* Webpages (including "site-specific content") are imported to Git;
  they are localized together with frontend messages.

* Apache 2.0 is added to license list.

* Add SHA256 VCS server SSH key fingerprints to MD5 ones.

2017-05-23 3.1-cleanup2

[CONFIGURATION]

* .mo (translation files) will be installed in /usr/local/share/locale
  by default, and the $sys_localedir configuration variable should be
  set accordingly.

* $sys_appdatadir (default "/var/lib/savane") and
  $sys_trackers_attachments_dir (default
  "$sys_appdatadir/trackers_attachments")

* The behavior of SCP changed somewhere between OpenSSH 5.2 and 5.5
  (inclusive).  It now passes an extra '--' argument before the copy
  destination.  You may need to adapt your '$regexp_scp' in
  '/etc/membersh-conf.pl'.


[SITE SPECIFIC CONTENT]

* git/index.txt added: displayed in /git/index.php

* hg/index.txt added: displayed in /hg/index.php

* bzr/index.txt added: displayed in /bzr/index.php

* account/login.txt added: displayed in /account/login.php


[FRONTEND]

* New TextCHA antispam in the user registration process.


[BACKEND]

* Git, Mercurial and Bazaar support.	


[DATABASE STRUCTURE]

* Store trackers attachments on the filesystem. On large sites such as
  Savannah, there are now ~17000 files totalling >400MB, which becomes
  inconvient to handle (huge dumpfiles, etc.). The migration script
  stores files in /var/lib/savane/trackers_attachments by
  default. Files are named after their file_id, to avoid naming issues
  (duplicates, security, simplicity, etc.)


[DEVELOPER NOTES]

* Code compatible with PHP5

* Cleaner PHP code (less warnings, allowing to look for real issues)

* More secure input validation (prevents SQL injections and CSRF);
  works with register_globals=off and magic_quotes=off.

* Test Savane on http://localhost:50080/ with single line:
    make -C tests/minimal_configs/

* Build system based on autoconf & automake, plus MakeMaker for the
  Perl library

* Full UTF-8 database (including declarations and ordering)


Unreleased, Changes from 2.0 to 3.0:


     [SITE SPECIFIC CONTENT]

	* dnsbl.txt added: allow the define the DNS Blacklist to use.


     [CONFIGURATION]

	* If you intend to run SpamAssassin to filter spams posted on
	trackers, you must rebuild your conffile by running:
	`sv_update_conf --recreate`

  
     [FRONTEND]

	* Now includes a Markup language to enable users to format text 
	without allowing them to type in HTML for security reasons. It means
	that in places where HTML was allowed before (project description,
	users resume, trackers item posting preamble), the HTML must be 
	removed (task #2874).
	* Access to files attached to private items is now restricted as the
	items.
	* Added Markup to allows users to format text (task #2874).
	* Added a preview of news content when approving new items
	(bug #2121).
	* Display jobs by project type.
	* Fix a bug causing the result bar, when browsing items, to show
	as number of results the number of "item to show per page", when using
	a "modified since" additional constraint, if the number of result was
	superior to the number of "item to show per page". As result, the 
	links to items not shown on the page due to the number of "item to 
	show per page limit" were missing (bug #7566).
	* In statistics page, fields are now listed in their configured order
	(task #3775).
	* Fix a bug that was making impossible to post comment on a 
	private item to the person that submitted the item (unless he has 
	rights on the relevant tracker due to group membership), while we
	actually wants to allow him to do so (bug #7524).
	* Fix a bug causing the user profile to show the user as member of
	groups on which is only requesting for inclusion, not yet approved.
	* Now projects can create Squads: Squads are meta-users that enable 
	to share permissions, items assignation and notifications among several
	project members (task #3665).
	* User Carbon-Copy notification settings simplified and items 
	Carbon-Copy list improved. 
	Now users can always remove themselves from Carbon-Copy list of
	a given item (in the past, if you posted a comment on an item
        you could not remove you from the notification of this item in 
	particular). 
	Instead of determining from users actions on the items the
	notification, now users are simply added to the CC list of the
	item when they act on it.
	They can configure some notification to always ignore, for instance
	they can decide to skip all notifications of their own changes made
	on items, to skip all notifications unless the item is closed or its
	status changed (useful for someone that just want to know if item
	get closed but do not want to follow developers discussions).
	They can also configure the system not to add them in the Carbon-Copy 
	list automatically, when they post a comment or when they update an
	item.
	Finally, they can configure the system to remove them from the 
	Carbon-Copy list when an item assigned to them is reassigned to 
	someone else (useful for people in charge of handle item submission
	sorting, that would not care about the item destiny once the item 
	properly reassigned) (task #4080, task #3776).
	* Fix a bug causing email obsfucation to work anormally in item
	history (bug #7303).
	* Fix a bug causing "Member since info" to be missing from an user
	profile if he is member of a private group (bug #7644).
	* Make sure new project notification setup is not ignored when an
	item is reassigned to it.
	* Item pages heavily reorganized (task #3787, task #2887).
	* Fix a bug making impossible to change posting restriction if the
	news tracker was deactivated (bug #7653).
	* Remove, in fields usage configuration, inconsistant reference 
	to transitions in the case of non selectbox field (bug #7654).
	* Allow multiple file upload at once. What was the file upload 
	limit is not the total upload limit. Users can upload more files
	but the same amount of data (task #2392).
	* Detect MSIE 7 and deactivate MSIE 5/6 specific dirty hacks
	(bug #7688).
	* Make sure mailing-list reconfiguration process is not done
	before the mailing-list was actually created on the system 
	(mailman-specific, bug #7689).
	* Fix a bug causing new CC to be lost if a mandatory field was
	not filled (bug #5658).
	* Very long links are cut to avoid them to break the page layout.
	* It is now possible to lock discussions: manager can decide to 
	restrict items updates to managers and technicians (stop flamewars). 
	It is a good idea on trackers that accept anonymous comment post to
	add this as automated transition on item closing, so spammers robots
	will have less items available to spam (task #4129).
	* Account name is no longer mention in the mail sent on account
	creation to prevent too easy account creation by robots 
	(please read task #2876).
	* Shows only groups registered during the last trimester in the
	front page features boxes (bug #7743).
	* Add DNS blacklist checks (task #4127).
	* Log permissions denied and DNSbl rejections.
	* Allow an user to remove himself from all Carbon-Copy lists of
	a given group - useful when someone quit a group (task #4137).
	* Ban IPs of anonymous spammers for 6 hours (task #4141).
	* "Contributors Wanted" site menu entry moved from "Site Help" to 
	"Hosted Project submenu: it does not actually provide help to users
	but is interesting info about the groups hosted.
	* Fix a bug causing in My Items > Assigned to me groups to be missing
	after a click on (-) (bug #7760).
	* Rename "$sys_name Help" and "$sys_name Administration" in 
	"Site Help" and "Site Administration". Looks less clumsy (to be 
	consistent we should have repeated $sys_name in every menu title, 
	like $sys_name hosted projects, etc), enlight that it is site wide.
	* Fix problems accessing attached files that contains a # in their
	name (bug #7796).
	* Put an invisible trap to spambots, a field unused that will be
	considered as bogus if filled (task #4151). This will not prevent 
	tailored spambots to post, but this will definitely block the 
	others. And it is common knowledge that even old spambots are still
	used nowadays, no matter how easy it is to catch them. 


     [BACKEND]
	
	* sv_extra_merge_projects is now able, when moving items from the 
	source group, to assign items to a given category of the destination
	project (task #3830).
	* sv_extra_svn_postcommit_brigde added. Activated from SVN 
	post-commit hooks, it will add a special comment if to items if
	there reference is included in commit message (task #2594).
	* Use chmod user:group syntax, more portable than user.group 
	(bug #7729).
	* sv_update_conf now automatically try to find out the Apache 
	group (www-data, apache, etc) to use to set conffile ownership
	(bug #7758).
	* Fix a bug causing weekly export to fail to update the export 
	timestamp at the end of the month (bug #7508).


     [LIB]
	
	* User.pm: remove .authorized_keys when the key number is null.
	* Provide backward compatibility symlinks like 
	Savannah.pm -> Savane.pm (bug #5664).
	


     [DATABASE STRUCTURE]

	* Numerous spamcheck related changes (spamscore and IP fields added
	in trackers tables, spamscore, spamban tables added, etc).


------------------------------------------------------------------------------

2006-10-03, Changes from 1.4 to 2.0:

     [SITE SPECIFIC CONTENT]

	* Added forbidden_mail_domains.txt that allows to forbid users to
	associate users account with emails from arbitrarily defined domains
	(used at project registration and during email change, task #2917).
	* my/items.txt, my/groups.txt, account/index_intro.txt:
		default text moved to the interface.
	It is standard text that should not be changed. But additional text
	can still be added.
	* people/editprofile.txt deleted.
	* people/editresume.txt added, empty by default.

  
     [CONFIGURATION]

	* You must re-run sv_update_conf to regenerate a conffile in all
	cases, as the configuration file name and the default location
	changed. Now, the default is /etc/savane/savane.conf.pl instead
	of deprecated /etc/savannah/savannah.conf.pl (task #3020).
	* You must update your apache configuration to follow the
	conffile location change, if you use the default location.
	You should then have like:
	    SetEnv SAVANE_CONF /etc/savane
	If you do not use the default location but a custom one (something
	different than /etc/savannah and /etc/savane), there is nothing to
	change (task #3020).
	* You must update your apache configuration to add:

	    <Files file>
	        ForceType application/x-httpd-php
	    </Files>

	just after the similar configuration bits regarding "Files projects"
	and "Files users" (task #2888).



     [FRONTEND]

	* Code cleanups, interface cosmetics.
	* Water theme rewritten from scratch.
	* New field in group_type.php: mailing list virtual host
	* Fixed list name verification against existing user names
	* Support British locale (with d/m/y date format)
	* Fix typo (bug #5975).
	* Now feedback can be removed from the page by clicking on it, without
	reloading the page (bug #5202).
	* Feedback fixed-positionning is optional, users can select 
	relative positionning, loosing the ability to always have the 
	feedback accessible in one click without scrolling up and down. 
	Some users apparently have browsers that slow down when there is
	such fixed box on their page (even if fixed positionning is not
	something especially unusual).
	* Now boxoptions (like 'display criteria' are shown minimized by
	default and are maximized by a simple click on (+) (task #2919).
	* Does feedback transparency only using the standard CSS3 'opacity',
	no longer relying on non-standard browser specific things (Gecko
	now supports opacity).
	* Shortcut links for items are now provided. You can for instance
	type domain.org/task/?564 to get to task #564 (task #2804).
	* Now, when downloading a file attached to an item, users are
	redirected to a meta-directory that make their web browser think they
	are actually opening a real file named as the attached file was named
	before being inserted into the database.
	For instance, if you attach a file name "myfile.txt", from now on,
	the final url where you will download it will be
	domain/file/myfile.txt?file_id=nnn
	Whatever web browser you are using, he will surely propose you
	"myfile.txt" as filename, while with the previous
	 domain/tracker/download.php?file_if=nnn many web browser would
	propose you "download.php" (task #2888).
	* KDE nuvola icon theme now used for emeraud and gna themes.
	* Anonymous users have no longer any access to users email address
	(task #2938).
	* Users now can delete their account - this process cannot be undone
	(task #2208).
	* Fix a bug allowing by mistake users to associate more than one
	account to an email address (bug #5314).
	* When adding a dependency to an item, the parameters of the last
	search (restrict search to tracker or project) are now remembered
	in the result page (bug #5341).
	* Fix a bug causing mail added in originator email field to be
	missing in CC list (bug #5309).
	* It is now possible to keep only one session opened at a time,
	useful for that open many sessions on many computers without
	closing them properly and not wanting these sessions to be kept
	alive.
	* Fix a bug causing the logout page to destroy only an half of
	the session information (which is enough to destroy the session
	but unclean).
	* It is now possible to kill all sessions apart from the current
	one (bug #5258).
	* Every <font>, <b>, and <i> HTML tag has been replaced by an
	appropriate <span>, <strong>, or <em> tag. Moreover, there has
	been some effort to make Savane even more compliant with
	XHTML output (task #2882).
	* Order mailing-list by alphabetical order, more logical than
	list creation chronological order (bug #5379).
	* Fix a bug causing the recipes "Last Update" info to be
	sometimes erroneous (bug #5396).
	* Allow capitalization of theme names. It changes only the CSS file
	name and what is printer in "My Admin", nothing else (task #3015).
	* Now the top menu is a drop down menu (task #3021). There is 
	however an menu in the old fashion available as option, for people
	using browser impossible to support properly for this (like
	konqueror < 3.1, etc). This option can be set in My Account Conf
	(task #3719).
	* Savane is now fully translated to Swedish. Many thanks to
	Daniel Nylander for his work!
	* Korean translation has been removed because it not maintained 
	(only 37 translated messages remained).
	* Fixed a bug in item digest causing the announced latest comment to
	be actually the first one.
	* Mention who is the author of the latest comment shown in digest.
	* Now "originator email" text field is moved in item reassignment.
	* Fix a bug that occasionally caused a global notification to be 
	missed.
	* Warn of MSIE related layout problem, recommends to use another
	browser in case of issues - 3 more MSIE specifics hacks were
	necessary for this release. As these hacks force Savane to 
	make non-standard usage of CSS, results would be highly unpredictable
	to any web browser that interpret CSS correctly (bug #6904).
	* Remove "$InstallationName: " from the site-scope pages, useless
	as it is always mentioned at the end of the title between [ ] *
	(bug #6884).
	* Remove full description of the error from the pages titles 
	when exiting on error: this is too noisy and does not really
	matters, as people wont bookmarks such links. 
	It is cleaner not to put invite them to read the feedback 
	(bug #6919).
	* Statistics bars now have fixed line height (bug #6907).
	* Fixed a bug causing sometimes the mailing-list names to be
	enforced in a way different that the one configured for the group
	type (%PROJECT- was added while it was not configured that way)
	(bug #6962).
	* It is now possible to ask for mailing list admin password to
	be reset (task #3661).
	* Logged-in users are redirected to /my when accessing pages
	like account/register which has no purpose for a logged in user
	(bug #6972).
	* Fix a bug making impossible to project admins to configure
	their Arch or SVN viewcvs link (bug #5774).
	* Fix a bug causing the page Set Active Feature to show outdated
	info after update (was fixed in the past, the bugfix no longer
	works for an unknown reason).
	* Closed items because they were reassigned to another tracker 
	are now marked as such in a very clear way: item title, original
	submission and comments (bug #4446).
	* Propose sensible default for rank on output values when creating
	query forms (bug #2867).
	* Do not mention in feedback the internal automatic transition for
	the system 'closed on' field happening when an automatic transition
	close an item (bug #7004).
	* Fix a bug causing severals words included in a CC list, as one
	CC, to be concatened in a single word. It is cleaner, however, it
	does not change the fact that if someone put "thisguy thislogin" as
	CC, no one will get notified as it not a valid address. For this
	to work, "thisguy <thislogin>" should be entered instead 
	(bug #6889).
	* Now the system does plenty of checks to make sure the same
	notification is not sent twice. Now, for instance, he will be
	able not to add twice in To: an email that shows up because it was 
	in CC in full text + referred as a username of the submitter
	(bug #7034).
	* Warns in item pages if CC addresses look suspicious (bug #7036).
	* Reminds exactly where was an anonymous and bring him back after 
	login even if had posted an item - on POST, variables where missing 
	from the URI and the redirection was leading to "No Group Missing 
	Parameters" error (bug #6984).
	* Print a warning, when printing twice a form because of a forgotten
	mandatory field, mentioning that uploaded file must be one more time
	added - this is limitation of HTML, we cannot prefill these input
	like we do for any other inputs (bug #7007).
	* Fix a bug causing an item update to be sent if someone was clicking
	one more time on "Submit Changes & Return to this Item" (button only
	shown if you have privileges on the tracker) after closing the item
	(bug #7113).
	* In the menu, if there are external docs (extra link), consider them
	prior to the cookbook: if the users use two doc tool (allowed to do
	this by the site admin via Group Type settings), there is no reason
	to consider the external less important than the Savane one, at the
	contrary, we can assume that they made the choice to use another one
	for good reasons and we do not have to enforce anything at this
	point.
	* Now recipes that are for everybody are grouped when browsing 
	the Cookbook (task #2658).
	* Browse item pages no longer allows to  more than 150 items
	to be showned at once, unless in printer version or while
	doing digest (bug #7134).
	* Add default recipes when the local admin group is created
	(usually when installing Savane, bug #7136). 
	* Attached files size limit is now configurable, still at 512 kB by
	default. (bug #5693).
	Note: for higher values, MySQL and PHP default setup will probably
	not work.
	* Use the noreply address as originator for news item (this change
	may be discussed).
	* Items are now mixed in dependancies list. It means that now
	only the chronological order count, there is no longer first the 
	bugs, then the tasks etc (task #3736).
	* My Incoming Items & My Items pages optimized (should load faster).
	Unfortunately, My Incoming Items no longer list old items recently 
	assigned but only recent items: this was too heavy (bug #7200).
	* Hide Homepage links if pointing to nowhere.


     [MAIL EXTRA FRONTEND]

	* Fix a bug causing access to private list archives to be denied
	when the latest slash is missing in the url (bug #2228).


     [BACKEND]

	* sv_mailman can send virtual host information to Mailman.
	* sv_mailman can now reconfigure and delete lists (bug #5389,
	task #366).
		- Note that you need to call it with --keep-archives 
		if you want it not to ask mailman to remove its archives.
		- Note also that the list will be removed from both the system
		and the database.
		- Finally, note that password changes requires Mailman 
		version >= 2.1.x
	* Locking is now performed via flock(2) instead of touch(1).
	* Locks will all go into /var/lock/savane (bug #6880).
	* sv_mailman_and_mailarchivedotcom added, a script that register
	public mailing list to mail-archive.com.
	* Rely on Date::Calc instead of GNU date -d option, more portable
	(bug #5390).
	* sv_update_conf now warn if a setting is mandatory and refuse to
	proceed further if the user does not enter a setting. Output has
	been polished.
	* sv_update_conf now checks if filesystem path are valid (bug #6927).
	* Fix a bug causing sv_gpgcheckfiles to sometimes dies prematurely
	(bug #6878).
	* sv_gpgcheckfiles now refers to the Cookbook, and no longer to the 
	dead-and-buried FAQ.
	* sv_gpgcheckfiles cache now avoids possible flaws of md5 collisions
	(bug #4421);
	* Fix a bug in history content of XML exports.
	* Added dependancies in XML exports.
	* Fix a bug causing --big-cleanup option of sv_cleaner to fails in 
	some cases (bug #5489).
	* sv_mailman_checkqueue as been removed, as it is not compatible
	with Mailman =< 2.1.x which is now required by Savane (bug #2858).
	* sv_extra_export/sv_export_import removed (now longer updated,
	probably broken).
	* sv_extra_merge_projects added, a tool to merge several projects
	into one (task #3785).


     [LIB]

	* Add GetDBHash that returns a clean hash. Useful to grab data
	which may contain ',', in which case GetDB should not be used.
 	* Now depends also on Text::Wrap


     [DATABASE STRUCTURE]

	* Add mailing_list_virtual_host field in group_type
	* Remove buggy (old leftover) "Revision Tag" field from patch
	field database (bug #7154)


------------------------------------------------------------------------------

2006-02-04, Changes from 1.3 to 1.4:

     [SITE SPECIFIC CONTENT]

	* Added new status 'Orphaned/Unmaintained' in hashes.txt
	(bug #4811).


     [FRONTEND]

	* Cosmetics, typos (bug #4842, bug #4864, bug #5068, bug #5074)
	* The comparison between $HTTP_HOST and the project's base host
	is now case-insensitive to avoid infinite redirection loops
	(bug #4947).
	* Fixed a security issue with cross site scripting (XSS) during
	the submission of a new tracker item (bug #5011)
	* Fixed a bug causing attached files to be ignored during item
	reassignation (bug #4844).
	* Fixed a bug causing wrong email addresses to be used when
	notifying admins after request for membership (bug without effect
	if /etc/aliases was updated by sv_aliases, bug #4744).
	* Fixed notification to submitter if assignee changed and
	submitter is neither new nor old assignee.
	* License Other filled during submission is now printed as License
	if "License" is equal to "Other".


     [BACKEND]

	* The was a typo in the name of the default theme "emeraud" in
	sv_update_conf (bug #4975).


     [INTERNAL]

	* The PHP frontend can now use unit testing. A few tests
	are already included. This will be improved with more
	tests as development goes on.


------------------------------------------------------------------------------

2005-12-06, Changes from 1.2 to 1.3:

     [CONFIGURATION]

	Note that in the following, you must replace
	 /usr/share/savane-frontend-php/ by the path to the root of your
	savane frontend installation (where index.php is).

	* To improve security, you should add the following in your
	apache configuration file:

	       	# Restrict access into include/
	       	<Directory /usr/share/savane-frontend-php/include>
			Order Allow,Deny
			Deny from all
	       	</Directory>

	In the main section  <Directory /usr/share/savane-frontend-php>
	you should also add:

		# PHP conf
		#  to improve security
		php_admin_flag allow_url_fopen off
		php_admin_flag display_errors off

	* Still for security improvement, you should add in your php.ini, if
	you are sure that no PHP installation on your server require these:

		disable_functions = exec, passthru, popen, shell_exec, system

	This would greatly improve the overal security, making potential flaws
	in Savane unexploitable.

	* $sys_datefmt syntax is now exactly the one of strftime(), see
	 http://php.benscom.com/manual/en/function.strftime.php
	This is a deprecated option, you should use it only if you want to
	enforce a specific syntax for dates.


     [FRONTEND]

	* Cosmetics:
		- review icons position (bug #4577).
		- review Gna! theme: lighter colors to help the eye to
			accomodate.
		- add emeraud theme (based on Gna! theme and KDE "emerald"
		color theme) propose it as default during install.
		- new CSS guidelines, version 1.12 + 1.13.
		- use "blocks" css element in several places to make it
		easier to follow links.
	* Fix some XHTML errors (bug #4692).
	* The selected theme is now honoured when logging in while no cookie
	exists but a database setting (bug #4449)
	* Show only user modifiable fields in the "additional constraint"
	form, as it makes only sense to check whether this field have changed
	since a date if they can be changed (bug #4452).
	* Order alphabetically "additional constraint" fields names. Using
	the order configured for the whole form does not make sense inside
	a select box, it's not user friendly.
	* For conveniency, CanUse() now interpret both "bugs" and "bug"
	as valid argument (bug #4571).
	* Make possible to set automatic transition caused by the field
	Open/Closed on item creation (bug #4517).
	* Avoid swarming backslashes to appears in items reports when a form
	is reposted several times due to mandatory field not filled
	(bug #4618).
	* Users GPG keys are now provided as download, not included in an
	HTML page, so it easier to load the key. This way, modern desktop
	environment like KDE are able to automatically import the key,
	without requiring excessive user interaction (bug #4414).
	* Improve testconfig.php tests: fix a typo in the name of the
	variable register_long_arrays, mention that an unset variable may as
	well be set to off, add a Securing PHP config section (bug #4538,
	bug #4537).
	* When a project is approved, the patch tracker is not activated
	by default: this tracker is deprecated.
	* User permissions page, when project admins set users rights, no
	longer shows unused features (bug #2205).
	* Makes text area for item details or comments bigger.
	* Links will now be build when the string "file #nnn" appears in
	comments/text, like for "bug #nnn".
	* Feature a new tracker: the cookbook manager (task #2369,
	bug #4690, bug #2256).
	* FAQ tool was removed, the Cookbook should be used instead.
	* "Status" field is now shown by default to project members when
	posting new item for most trackers (bug #4689).
	* Various code cleanups.
	* Cleanup date formatting (bug #4570, task #2614).
	* Internal changes: Add a context guess library that will come
	handy for the coobook to know whatis appropriate to suggest to users.
	Using the old hand-filled top-tab was implying to many issues,
	especially because we would have to fill by hand subcontext info
	(main context : which tracker for example ; subcontext : what action
	 is being done, posting new item for instance).
	This implementation deprecates a lot of old things. Most notably,
	in all *_header() calls will remains context parameters, aka toptabs,
	that will actually never be used any longer).
	The new library provide context_title() and context_icon() that should
	be used to know which title and icon is appropriate for a given page
	(if a parameter title is provided in a *_header() call, it will still
	be appended to the icon). Also CONTEXT and SUBCONTEXT constant are
	defined and available.
	* Reorganize project administration pages so they look alike other
	pages, (mimic My Account Conf, for example), avoid using h3 to put
	links but only to put real titles.
	* Remove admin/groupedit-add.php, deprecated function to create
	groups. Groups should always be registered in the usual way, even
	by site admins, it is cleaner and easier to debug.
	* Show attached files mimetype (ie: image/png) along with size
	infos.
	* Fix a bug causing "Same a new item" comment post restriction to
	always refer to the restriction for new item post of the group type,
	instead of the group one if any (bug #4794).
	* Fix a bug causing items in "My Items" and "My Incoming Items" to
	look unpredictably ordered and making the page layout slow to be
	printed on screen (bug #4808).
	* Incorporate Savane User Guide as "In Depth Guide" into Savane
	(task #2598).
	* By default, all items corresponding to the query form are
	selected for the Digest.
	* While browsing item, use Item Id in reverse order, from the
	latest to the older, as default sorting criteria (bug #4447).
	* Implement interface to select items to export in xml files,
	put in a queue handled by the backend (task #2564).


     [BACKEND]

	* Implement export to xml files according to queue generated
	via the frontend (task #2565).


     [LIB]

	* Add GetDBHash that returns a clean hash. Useful to grab data
	which may contain ',', in which case GetDB should not be used.


     [DATABASE STRUCTURE]

	* Add tables necessary to make the cookbook manager running.
	* Fusion content of trackers tables *_file into trackers_file.


------------------------------------------------------------------------------

2005-09-29, Changes from 1.1 to 1.2:

     [NOTE]

	* You should configure the task tracker of the Site Administration
	project to accept comment post from logged-in users.
	This is necessary because now comment post are restricted like
	item post, an by default, the restriction effective for item post
	is used for comment post (bug #4437).


     [SITE SPECIFIC CONTENT]

	* Fix a typo in my/request_for_inclusion.txt causing the link
	provided to admins to be erroneous, $group_name being used instead
	of $unix_group_name (bug #2694).


     [FRONTEND]

	* Cosmetics:
		- display options are now shown in a specific box, with
		a specific design;
		- submenu entries are now printed in smaller size, so it is
		easier to distinguish them from main menu entries;
		- make sure "* Mandatory Field" shows up on all pages
		(bug #2859);
		- use help mouse icon when help is available;
		- use alternative colors when presenting fields in trackers.
		- item output now in clean column also for non-logged in
		users.
		- sort themes by alphabetical order
	* Fixed bug preventing the global notification list to be used for
	new submissions in some peculiar cases (task #2179).
	* Trackers forms are now redisplayed when a mandatory field is not
	filled, instead of asking users to use their browser back button
	(task #2181).
	* Mention that private projects are not shown in search results
	(task #2184).
	* Fix a bug with order set in digest that were breaking browsing
	items afterwards (task #2185).
	* Fix a bug causing manual changes to a field to be overriden by
	automatic transition even if no real transition was made
	(task #2186).
	* Fixed a bug which prevented the newly selected theme to be shown
	right away (bug #1987)
	* It's now possible to restricts comment post, in the same way it
	is possible for new item -- by default, comment restriction are the
	same as new item posting restriction (task #2195, bug #2396).
	* If an item should be finished on a certain date, it will be
	highlighted after that date has passed. This is mainly used for the
	task tracker (bug #2204)
	* It is now possible to make a field mandatory only if it was shown
	to the original submitter. It is the default for mandatory field, but
	it is also possible to make a field "mandatory whenever possible",
	which mean mandatory for anyone that is able to modify the field
	(task #2194).
	* Fix a bug causing the setting "show X items at once" to be ignored
	on browse items pages (bug #2860).
	* Items page titles now mentions the id of item + it's summary
	(truncated if too long).
	* Allows to edit all approved items (to news manager), not only the
	that were approved during the last two weeks (bug #2720).
	* Remove erroneous Group information when searching items, belonging
	to the same group only, while adding dependancies to an item
	(bug #691).
	* It is now possible to use as criteria, while browsing items, the
	fact that an item was, or wasn't, modified since a specific date
	(task #2188, task #2190).
	* When, while browsing items, both fields Summary and Original
	Submission are search criteria, it is possible to select whether
	a logical OR or a logical AND should be used between the two --
	the default and traditional behavior is an AND (task #2187).
	* Site query forms are shown before Project query forms (if any
	defined) in lists.
	* Fix xhtml error causing "My New Items" output to be quite strange,
	shown only with some specific version of some specific browser
	(bug #2846).
	* Fix erroneous comment numbering, in items comments, when a user
	selected the chronological order (non default) for comments
	printout (bug #2875).
	* Now, only 1 lost password mail per hour (and per user) can be sent
	per hour, to avoid very theoretically risk of flood or similar
	malicious usage of the lost password feature (bug #2530).
	* Fix a bug causing erroneous locale to be used in the mail sent
	to notify a user requesting group membership that his request has been
	approved (bug #635).
	* Add testconfig.php, a script useful during installation to check
        whether Apache setup is correct.
	* Provide more complete apache/apache2 conffiles.
	* Fixed numerous XHTML validation errors.
	* Fix MSIE rendering problems, still using of dirty hacks like
	nobody should put in the code if he doesnt want headaches. Nothing
	marvellous but now it behaves with MSIE like it does with CSS
	compliant browsers like Mozilla, Konqueror etc, with a tiny exception:
	the footer (copyright bla bla, powered by savane) is part of the main
	entity of the page (task #2182).
	* Cleanup input of item_id (bug #2913).
	* Provide help balloons in Display Criteria forms (bug #2914).
	* Fix harmless error message shown when a request for inclusion in
	two groups at the same time is sent (bug #2893).
	* When a project is approved, during while the "trigger creation"
	step (initiated by site admins), default notification for trackers
	are configured so project admins get notifications. So by default,
	new items dont get unnotified (bug #2882).
	* Show to the superuser the Site Administration part of the left
	menu, even if he is actually logged in as simple user. Allow to read
	local docs to superuser even he is actually logged in as simple user.
	* Fix a bug causing extra slashes to be added in text fields (if
	they were containing specific characters) while adding dependancies
	(bug #2864, bug #4406).
	* Theme updates: new themes "light2" and "softgreen" added,
	"startrek" removed (funny but not really usable).
	* Mention popular themes in site statistics.
	* Add help ballon to icons associated to users names, in item
	comments, that describe user role regarding the project or the item
	(bug #4415).
	* Disallow originator email field to be shown to anyone but anonymous
	users (required by the code, bug #4428).
	* Restrict the search box on the left menu to do only site specific
	searches, add the necessary counter-part in group areas to do group
	specific searches (bug #4429).


     [BACKEND]

	* Fix a bug causing GPG group keyrings not be correctly updated, if
	a new member of the project has his keys registered in another group
	keyring a while ago (bug #2838).
	You may have to clean up all registered keyrings by running
		rm -f `find /home -name "ascii-public-key"`
	assuming that your users account are in /home.
	* Use File::Temp to make temporary file, instead of poorly
	reinventing the wheel (bug #2852).
	* Added --big-cleanup option to sv_cleaner, to do a massive cleanup
	that, for instance, remove items of deleted groups. It is recommended
	to do a database backup the first time you use this option.
	This should run once per week, or per month (bug #1863).
	* Scripts useful only when use with another service (like a cvs
	server) that is not part of Savane have now the prefix sv_extra,
	instead of simply sv_.
	* sv_nurse_ramfs removed, way too specific, not Savane related.
	* sys_miscdir configuration option was removed, so sv_extra_backup.pl
	now takes --dumpdir as argument to replace that setting.
	* sv_reminder: cleanups that should avoid mails to be sent if no
	recipient has been determined.


     [DATABASE STRUCTURE]

	* Dates have been removed from the "Advanced" query form (too
	inconvenient in several cases), but they are now in the "By Date"
	default query form.
	* Summary and Original Submission are now part of the criteria of
	the "Advanced" query form.


------------------------------------------------------------------------------

2005-09-13, Changes from 1.0.8 to 1.1:


     [FRONTEND]

	* Fix a bug causing html content to be sent as html in items
	comments and original submission (bug #2874). This bug was only
	found in Savane 1.0.8, not in previous version.


     [DATABASE STRUCTURE]

	* Fix a typo that would create confusing between status "In Progress"
	and "Need Info" (bug #2857).


------------------------------------------------------------------------------

2005-09-02, Changes from 1.0.7 to 1.0.8:

     [OVERALL]

        * The postal address of the Free Software Foundation has been
	changed in the source files


     [FRONTEND]

	* The function utils_make_links() was rewritten to better cope
	with unusual hyperlinks and e-mail addresses (bug #2689)
	* The error message for posted files which exceed the maximum
	allowed size is much clearer now (bug #2053)
	* The list of user sessions is ordered by date, from youngest
	to oldest (bug #2561)
	* Improve the project administration interface: more details in the
	task details guiding the site administrator; shortcuts added in the
	group edit page.
	* Encoding in UTF-8 non-ASCII strings contained in From: and To:
	fields of sent mails, encoding only non-ASCII strings in the Subject:
	field, not the whole sentence (bug #2487).
	* Hide forms item remaining in the printable version (bug #2075)
	* In my items and my incomings items, there are now anchors on groups
	links, so when you click on a group name to show or hide the list of
	items related to it, you directly get on the page at the same place
	(bug #2206).
	* It's now possible to show followup comments in a quoted mode that
	should copy/paste-friendly. This would allow users to quote each
	others comments more easily.
	Since it alters drastically the content of the followup comments,
	it is only accessible via a submit button, it is not a general
	setting (bug #2291).
	It was imagined to apply also to the original content but it may
	cause several issues I'd (yeupou--gna) prefer to avoid right now.
	This feature should be considered as a draft, this topic is open
	to constructive suggestions!
	* It's now possible to vote for items. Each user can use 100 votes
	(task #1407).
	* Registration confirmation mentions the username (bug #2430).


     [DATABASE STRUCTURE]
	* The missing column "privacy_flags" was added to table
	"user_groups" (bug #2771)


------------------------------------------------------------------------------

2005-07-01, Changes from 1.0.7 to 1.0.7-2:

     [LIB]

	* Fix a stupid typo causing sv_reminder to confuse CC: and Message
	content when sending mails.


------------------------------------------------------------------------------

2005-06-30, Changes from 1.0.6 to 1.0.7:

     [CONFIGURATION]

        The configuration setting sys_top_dir has been replaced by
	sys_www_top_dir.
	While sys_top_dir was the path to the Savane package top directory,
	sys_www_top_dir is the path to the www frontend. Which means in most
	case sys_www_top_dir = sys_top_dir/frontend/php.

	This change has been made necessary for packaging purpose where there's
	no longer any relevant "top directory".

	It means that you have to recreate/update your configuration file
	using sv_update_conf.


     [OVERALL]

	The purpose of this release is to switch to encoding UTF-8.
	Why doing that? Simply to avoid clashes when users are writing
	different languages that require encoding different from the
	usual iso 8859-15 (bug #2251, bug #2257, bug #2307, bug #2440).

	This implies:
		- update of site specific content to UTF-8
		- update of the database content to UTF-8

	Every aspects of the upgrade process are, supposedly, covered by
	the README file in update/1.0.7
	Read carefully this file.

	Even if you do not expect your users to speak anything apart iso
	8859-15 encoded language, you are strongly encourage to perform the
	upgrade, since future releases will anyway be fully in UTF-8.


     [FRONTEND]

	* During the project registration, no group type is selected by
	default any longer. Users are now asked to select a group type.
	This change was wanted by GNU Savannah in order to avoid having
	plenty of groups selecting GNU Type just because it was the
	default (bug #2289).
	* CC-list is now show after item dependancies, in item details
	(bug #2169).
	* Visually mention users role related to an item: latest comment
	of the assignee is highlighted, show specifics icons for each comment
	depending on the fact that the comment author is member or admin of
	the project (bug #2170).
	* Cleanups of the default query reports. Among several changes, note
	that the "bug id" form has been removed. It was added as workaround
	back in the days when search forms where unable to find items given
	their number. This is no longer true and since it would require
	non-trivial change to have this form item behaving cleverly
	(for instance being able to find more than one item at a time), it is
	best to recommend usage of the search feature, when people are looking
	for an item given their number (bug #2194, bug #2195).
	* Add default status value "Confirmed" for support and bug trackers.
	* Properly guess archives name with numeric characters (perl
	frontend).
	* New page that list GPG keys registered in the group keyring, if any,
	and that allows to download this keyring.


     [BACKEND]

	* Removal of admin/sv_registerx_discard.pl (bug #2230).
	* Fix a bug causing urls sent by sv_reminder to be broken if
	$sys_url_topdir is different from "/" (bug #2516).
	* sv_users now creates group gpg keyrings, if started with the option
	--gpg-group-keyring
	This option has not been heavily tested. We noticed some unexplained
	yet failure, if you need to use this option, it could be useful in
	cronjobs to add a another call to sv_users, but without this option,
	first (task #1926).
	* sv_gpgcheckfiles added, a script that could make GPG checks
	on download area content. See --help for more details.
	This script is provided as it is, has not been heavily tested
	(task #1926).


     [LIB]

 	* Savannah.pm has finally been renamed Savane.pm for consistency.

------------------------------------------------------------------------------

2005-03-26, Changes from 1.0.5 to 1.0.6:

     [SITE SPECIFIC CONTENT]

	* my/index changed to my/items, as now the items page is no
	longer the main page.
	* account/change_groups_intro changed to my/groups
	* svn/index and arch/index added (useless if you do not provide
	arch or svn repositories).


     [FRONTEND]
	* Cosmetics.
	* Improve lisibility of mail notification by reducing the amount
	of information sent (task #1074).
	* Items comments are now numbered, internal links are built if
	strings like "comment #nnn" are posted inside comments (task #1072).
	* Cosmetics.
	* Changed the link to the pending projects list in the
	administration project page. It refered to the old location
	(prior to tasks tracker integration).
	* In the "Removing User(s) from Group" section, pending users
	are now listed after the members, and are explicitely marked
	as pending (task #1246)
	* During an anonymous request, the system now checks whether
	the special Originator Email field was filled. If yes, and if
	it is a valid e-mail address, it is added to the CC list.
	* Fixed a bug (double <form> tag) in the form used to set new
	passwords, that was doing nothing in w3m and other non-laxist
	browsers.
	* The link to pending projects now actually filters the tasks
	tracker items. It was preselecting the tasks category in the
	filter parameters, but not applying this filtering.
	* Removed the reference to 'fingerprint' in "Edit GPG key". When
	we use GPG keys, we need the complete key.
	* Changed the 'savannah' theme to make it comply with the CSS
	guidelines v1.10 - and with the new HTML layout
	* Permit non-logged-in users to view the registration requirements
	* Do not send notifications is the only change is cc addition/removal.
	* Mail notifications now mention dependancies changes (bug #1977).
	* Fix a bug causing date fields (like "Should start on") to be updated
	erroneously due to users timezone configuration (bug #1979).
	* Clarify the fact that one should not reply by mail to the
	notification sent: replace "This item URL is" by "Reply to this
	item at" and allow installation to configure the noreply address
	(task #1279).
	* Fixed a bug which prevented the translations for Russian, Japanese,
	and Korean to be shown to the user.
	* List groups by alphabetical order in My Groups, mention when the
	group was joined so chronological info is still available
	(bug #2080).
	* "watching users (notifications)" is more a group feature than
	an item, so it moved in My Groups (bug #2081).
	* Improve usability of my items section, enabling users to set
	a priority threshold of item they'd like to see and listing item
	chronologically instead of per tracker.
	* Add "My Incoming Items" new section that list newly assigned items,
	items unassigned for managers, new news, news to approve (task #558).
	* Quitting a project now requires confirmation (bug #2087).
	Site admins are warned, at the same time, if a project get orphaned.
	* Clean item printouts by hidding meaningless content, like submit
	buttons (bug #2075).
	* In news management, show items of the last two weeks, not only the
	latest one.
	* Bookmarks are now activated only on demand, in order to make the
	user interface easier to deal with, without unjustified redundant
	features - most web browsers provide efficient bookmarking system
	(task #1412).
	* Multiple Source Code Manager support: all relevant configuration
	pages were updated (task #1430, task #1429). It is now possible to
	attach the homepage source code to one of the SCM.
	* Fixed bug resulting in old value names being used in statistics
	(task #1457).
      	* Add mixed icons on items list to easily distinguish trackers (in
	some cases, remove previous icons, useless because open/closed is
        always shown by colors), uniformize items prefixes (task #1446).
	* Fix bug causing backslash to be added everywhere before quotes
	in mails sent on news approval or with the sendmessage to user form
	(bug #2040).
	* Filters (used when browsing items on a tracker) are now remembered
	in a tracker-specific fashion. It means that if, while browsing task,
	you select to view only open items, if you switch to the bug tracker,
	you'll no longer view only open items but items according to the
	filters you selected the last time you used the bug tracker.
	In many cases it did not made sense to share settings between
	trackers - for instance, categories are rarely found in all trackers
	(bug #1982).
	* Changing the query form type (basic, advanced...) no longer cause
	immediate refresh of the browse item page. While this could have been
	convenient in some case, it was inconsistent since all the select
	boxes of the same form was not causing the page to be reloaded. Making
	any change in the form causing such reload was neither an option, as
	it would mean in some cases having the page reloaded 3 or more time,
	just to get one specific query form (bug #2127).
	* Mailing lists page includes links to mail archives, public
	or private
	* New default for the severity field:
		1 - Wish; 2 - Minor; 3 - Normal; 4 - Important; 5 - Blocker;
		6 - Security;
	(bug #2123).
	* Clean status descriptions. Introduce new default status: Ready for
	Test, In Progress. Remind will be hidden at updated, removed
	completely on Savane fresh install, since it is a duplicate with
	Postponed (the only difference no longer exists, it was from the old
	time while open/closed was confused with "detailled" status).
	Unreproducible is renamed Works for me: more positive than the
	unreproducible (more polite to say "I cannot reproduce, it works
	for me" than "this cannot be reproduced because I cant"), it is no
	longer bug tracker specific, as it makes perfect sense when a task
	has been tested to say works for me, one step before "Done". This
	could be useful on project when testers have no manager right (and,
	so, cannot set an item to done+closed).
	* Fix cases where the form id check was not enough to prevent 
	duplicates posts (bug #6986, bug #5312).
	* Fix bug causing item export request to fail in extremely rares
	circonstances (bug #6983).



     [BACKEND]

	* Avoid potential race conditions when writing tmpfile in sv_mailman
	and sv_aliases.
	(risk are very low, anyway - and these scripts are not even supposed
	 to be running on a system where untrusted users got access).
	* Added configuration variable $sys_dbparams that allow you to
	pass additional arguments to access the database.
	* Added Savannah-specific procedures to manage download areas and
	CVS repositories.
	* Added code to manage GPG keys, and a --gpg option to sv_users
	(user GPG keyrings are still not created by default).
	* Removed Savannah-specific code to handle group 'www'.
	* Make sure the backend remove users from Savane groups they no
	longer belongs to (bug #2011).
	* Add --only-etc, --only-cvs and alike options to sv_groups.
	* Allow multiple Source Code Managers (CVS, Arch, SVN - task #1432).
	* From field of notifications sent when users ask for group inclusion
	is now the request originator address, instead of site admins address
	(bug #2065).
	* It is now possible to reset values of a specific field to the
	default ones (bug #2128).


     [DATABASE STRUCTURE]

	* Allow multiple Source Code Managers (CVS, Arch, SVN - task #1428).


------------------------------------------------------------------------------

2004-11-29, Changes from 1.0.4.2 to 1.0.5:

     [SITE SPECIFIC CONTENT]

	* Add a missing slash in the latest link provided in
	my/request_for_inclusion.txt, missing after the sys_https_url
	(bug #1780).
	* Files in cvs/* have been merged into cvs/index.txt.


     [FRONTEND]

	* i18n updates.
	* Canned Responses can now be deleted (task #734)
	* Increase opacity of feedback error background color.
	* Remove the string homepage from the top panel link, showed when
	no logo is configured. It was estimated confusing at CERN
	(task #1330-CERN).
	* In "Set tracker notifications", talk about "Global List" and not
	Carbon-Copy list when it is appropriate -- all notification list
	are Carbon-Copy list, but only the Global one affect all item
	categories (task #1319-CERN).
	* Fix a bug making impossible to users to publicly show their
	resume (bug #1783).
	* Reorganize the form submission in account main page. This change
	fix several trivial bugs related to account information update (bug
	#1785, bug #1784).
	* Remove email address from projects memberlist. This info is stored
	elsewhere; it saves us extra tests that would be needed to handle
	the case where user explicitely asked to avoid showing their
	address (bug #1791). I understand this change could be objected and
	I'm willing to revert it if someone is convincing we should not make
	that change and willing to handle in the code the specific case of
	users that want their address hidden.
	* Do not scramble email addresses showed to authenticated users
	(task #1002).
	* Fix a bug that was causing several request for inclusion to be
	inserted in the database for the same user if this one was
	reloading the page with his browser (bug #1779).
	* Add missing feedback when registration is rejected because of
	invalid username (task #1320-CERN).
	* Inactive accounts cannot see their password being changed via the
	lost password procedure. The rationale is to let inactive account
	being trashed by the backend, avoiding manual admin interference
	(bug #1781).
	* Fix xhtml compliance issue causing news item pages (showing one
	specific item) to be rendered strangely, depending on the browsers
	(task #1317-CERN).
	* Rearrange trackers mail notifications to improve lisibility
        (feel free to make proposals).
	* Mention file attachment in the "Latest Changes" section of trackers
	mail notifications (task #1322-CERN).
	* Search by ID (numbers) is now possible (task #1326-CERN).
	* Fix issue in the form allowing site-admin to change by brute force
	to change user email info stored in the database (bug #1827).
	* Users can now configured in which order item comments are printed
	(task #1328-CERN).
	* Cosmetics: highlight more clearly admins in the project memberlist.
	* Mention group type on project home page (task #1026), clean up the
	page.
	* Wording issue: in other setting of trackers administration, Bug
	was mentioned without regard of the tracker actually configured
	(bug #1838)
	* Item ID is now mandatory in query forms, with rank 0 (first to be
	shown (bug #1840).
	* Allow aliases creation for mailing-list: if a project admin was
	allowed to create a list already in the database, we assume group
	type restriction was correctly set and that he righfully did it.
	So we accept to add the list in the database but we consider it as
	an alias: we tag its status to 5, which means that the backend will
	consider the list as already existing.
	This is useful on installation like at CERN where several projects
	can share lists -- in some way, it allows you to attach a list to
	your project even if you are not admin of the project (task #1025).
	* Warn project admin that hidding field values already used in items
	of the tracker may creates problems. In the list of field values,
	occurences of field values is now printed and highlighted in case
	of problem, like hidden field value while occurences of this field
	value were found in items posted on the tracker (task #1327-CERN).
	* Right to read private item is now manager on a member-basis. Note
	that Project Admins are always allowed to read private items.
	This change implied cosmetics changes in the "Set Permissions" page
	(task #1331-CERN).
	* All trackers: "Status" is renamed into "Open/Closed", "Resolution"
	into "Status". For more details, read the archives of savane-dev,
	specifically mails posted the 2004-11-08.
	* Add two new meny entries: clean reload and printer version.
	Clean reload permits users to reload a page without risk of reposting
	data. The name of the second entry should be self-explanatory
	(task #1027).
	* Add help ballons for menu links, whenever it seems useful.
	* Return the label of fields, not their database field_name, whenever
	possible in the item history.
	* Smaller size for item history.
	* Improvement of item history lisibility: add => to explain how
	changes happened, keep the same background color for all changes
	made by the same person at the same time.
	* Fix date searches in trackers/browse page:  > was previously
	treated like >= and = was broken. Now > is strictly understood and =
	is fixed (bug #802).
	* Disallow commas in users Real Name (more details at bug #851).
	* Do not try to update pending members permissions (bug #1850).
	* Fix typo causing item id to be missing in strings "tracker #nnn
	is dependant" added to item history when a dependancy is created
	(bug #1851).
	* Field value transitions are now effective at item submission
	(task #1038).
	* Fixed a bug preventing download area url to be updated by project
	admin even when this changes was allowed by group type configuration
	(bug #1858).
	* Extended "other field update" on field value transition: every
	other used select box field can now be updated automatically. But
	Savane always respect user choices: automatic update will be
	disregarded if the user fill out a specific value.
	It required the introduction of the "Unknown" field value, shown
	only at item initially submission, to differenciate what the user
	fill and what is did not touched.
	A drawback remains: on update, it is not possible to override an
	automatic update of a field to let this field untouched.
	(task #1039).
	* Show Status (aka Resolution) in all default query form, show
	priorities in Advanced query form (task #1042).
	* Set Status (aka Resolution) as "project" scope, allowing project
	admins to add new values.
	* Add "Need Info" default field value for Status.
	* Add several default field value for Platform Version (common OSes).
	* Percent complete is no longer required on task trackers by
	default.
	* Forms have now a unique id allowing to avoid duplicates post
	in a very efficient way. It must be noted that form must be posted
	within two days after their creation -after the exact moment when
	the page with the form was opened (task #1049, task #1321-CERN).
	The approach is: create form + insert unique id into db ->
	(approve form + remove unique id) from if unique id exists into db.
	This approach means that we'll not keep as many unique id as
	form submitted but as many as forms started an cancelled. We can
	expect the second to be smaller than the first.
	* Rename newprojectmail.php into triggercreation.php.
	* Set Default Active Feature for a given group, at approval,
	according to Group Type "can use" setup (task #1045).
	* Trackers Private items exclude list allows to set a list of
	address which should never receive private item email notifications.
  	It should be specifically useful to avoid public mailing-list to
	relay private items content (task #561).
	* Project approval is done via the task tracker (task #147).
	* Canned responses no longer override user submitted comment
	* It is now possible to use multiple canned responses for one
	comment on all trackers (task #1053).
	* Fix a typo that was creating garbage before http header when
	searching by item id with a project query form (bug #1864).
	* Enhance site-news approval process (bug #1865).
	* Item reassignation no longer contains HTML, for the sake of
	clean email notifications (bug #214).
	* Site admins are no longer allowed to changer their own user
	rights  on a project they are member of. It creates issues (flags
 	erroneously set). They should use admin interface instead or
	end superuser session.
	* Dependencies search are now in "with at least one of the words"
	(OR).
	* It is now possible to "Digest Item", to get a list of item
	ready to be printed in a more complete way than in a table (that
	would be the usual way, using "Browse Items").
	This is still very basic; depending on user input, improvements
	will be done later (task #110).
	* Project can now be in "Maintenance" status, which means that only
	site admins can modify/configure them (task #1061).
	* Mails notifications now include References and In-Reply-To
	headers so mail clients and archives can show messages in threads.
	* It is now possible for projects admin to copy the configuration
	of trackers of others projects they are member (not even admin) of
	(task #137).
	* Make sure mails message are no larger than 78 characters.
	(usual terminal case = 80 characters)
	* Remove calls to number_format() when printing the installation
	statistics (users and groups registered) as it is plainly, by the
	book, a US-centric way of printing information. It is possible to
	mimic other languages number formatting but it does not respect
	l10n already handled by gettext. So we drop it.
	* Fix labels for textarea field usage configuration (bug #1862).
	* Add Site Statistics.


     [BACKEND]

	* sv_users and sv_groups no longer create by default two unix group
        for each groups. The one with the "web" prefix is no longer created
        by default. The option --webgroup allow to recover the previous
        behavior.
	* sv_users now ignore all unix accounts that were not created by the
   	backend. In other words, it ignores all accounts that do not belongs
	primarily to the group svusers.
	* sv_cleaner now takes care of old form_id (two days old).
	* sv_cleaner now takes care of old sessions (one year old).
	* sv_cleaner now takes care of Deleted project: it deletes them
	irremediably, making sv_register_discard deprecated.
	* sv_register_still_pending removed: no longer useful since project
	registration is now managed by the task tracker.
	* sv_dead_projects is now focused on Savane items. It is not doable
	to deal with any kind of installation (as services other than
	savane could be on different servers). It is no longer supposed
	to run as cronjob.


Note:

*-CERN items were posted on the savcern project at CERN LCG Savannah
	<http://savannah.cern.ch/>


------------------------------------------------------------------------------

2004-09-29, Changes from 1.0.4 to 1.0.4.2:


     [FRONTEND]

	* Bugfix: make sure old removed field are no longer used. This
	fix a bug forbidding the lost password process to be completed
	correctly.

------------------------------------------------------------------------------

2004-09-24, Changes from 1.0.3.1 to 1.0.4:

     [SITE SPECIFIC CONTENT]

	* Valid HTML link is now part of the site specific content
	* people/editprofile removed h2 section, useless, design-breaker.

     [CONFIGURATION]

	 * SV_LOCAL_INC_PREFIX is replaced by SAVANE_CONF. This is the
	   value you should put in Apache conf. Exporting SAVANE_CONF
           in a terminal will also make backend script taking it into
	   account.


     [FRONTEND]

	* Cosmetics (bug #661, bug #684, task #123)
	* Remove useless functions: html_a_group(), html_blankimage(),
	  html_get_timezone_popup
	* Fix html_image() so it can really guess images width and
	  height, if not passed as argument.
	* Fix to the Submit a task link on project homepage (closes:
	  #663).
	* Fix attached file url in email notification (bug
	  #662).
	* Show "Originator Email" field only if an item was posted
	  anonymously (bug #666).
	* Fix extra "," added in the To: field when sending a request
	  for inclusing (bug #660).
	* Feedback the exact size of an attachment in case of failure,
	  mentionning the use of addslashes() (bug #678).
	* Do a first check with filesize() before strlen() when
	  attaching file, working better with big files (bug
	  #678).
	* Fix sql for category specific notification (bug #668)
	* Fix notification not sent on new submissions if
	  'send on updates' not checked (bug #673)
	* Fix notifications after posting followup comments
	  (bug #679).
	* Bugs related to notifications no longer reproducible, probably
	  due to others Yves Perrin's bugfixes on the same code part
	  (bug #273, bug #354, bug #399).
	* During the installation process, give some advices when starting
	  the frontend (tell to register a project, etc), autodefine the
	  unix group name of the registered project (according to the
	  configuration), deactivate tests on the group name (that would lead
	  to a refusal of "admin" for instance).
	* Implement a Posting Restriction model, following the
	  permission model. Projects admins can forbid posting item to
	  users depending on their authentication level (member,
	  logged in, anonymous). It works exactly like others
	  permissions (configuration at the same places, possibility to
	  rely on group type setting...) -- as a matter of fact, in does
	  not really work like the current implementation running at CERN,
	  but the spirit is the same and it offers the same
	  possibilities, and even more. It applies to the usual trackers
	  (task, support...) and news tracker (bug #664, bug
	  #665).
	* Links to unavailable action are now printed, but in a specific
	  manner. utils_link() has been added for that purpose (closes:
	  bug #685).
	* Inform user when he's using a theme non-compliant to latest
	  Savane CSS Guidelines. If the theme is the default theme, even
	  tell user to submit a support request for the installation he's
	  using.
	* Switch to XHTML, use CSS more extensively. Some pages may be
	  non-compliant, feel free to submit bug reports. Some <tables>
	  should still be replaced by <div> and most forms are not XHTML
	  standard valid.
  	  Apart from the "cleaning" side  of the task, it gives themes more
          freedom (bug #683).
	* New theme added, called "right", that specifically print the main
	  menu on the right of the page
	* Savane CSS Guidelines 1.10 comes with a base.css.in, special CSS
	  file that have no purpose apart being imported by others themes,
	  providing the basic needed classes required for minimal layout
	  lisibility.
	* Now superuser are considered as normal users as long as they do not
	  click on the menu link "Become superuser". This is like "su"
	  principle on unix systems: no need to be root everytime, it can lead
	  to mistakes and misunderstandings; you just become root when you
	  need to (task #347).
	* After login, always get back we're you were. Do the same in case
	  of su logout.
	* Feedback now pop-up in fixed-position boxes. As result, their
	  visibility should be greatly improved.
	* Session management: users can see remaining open sessions and trash
	  them if obsolete (task #112).
	* Incorporate CERN field values transitions: projects admins can
	  determine whether it is possible to change a specific field from
	  a value to another. For instance, you can force technician to
	  pass a specific "status" stage wheee the item got reassigned to
	  someone else (bug #677).
	* Add the possibility to set multiple transition "from value any to
	  this value" (task #749).
	* Allow site admin to allow project admin to define their filelist
	  directory, specifically the field groups.dir_download (
	  bug #669, bug #670, bug #671).
	* Update French i18n.
        * Change wording in "My" area, using more frequently "I", since the
	  area is called "My" -- we'll have to study the impact of this change
	  on users.
	* Now locale textdomain is "savane", no longer "savannah".
	* "Secure" groups set active feature page. It avoids project admin
	  to play will post variables to eventually activate tools the local
	  admin did not activate. This change was made necessary by the
	  addition of the possibility for project to configure dir_download,
	  if the local admin allowed it.
	* Allow users to get a daily/weekly/monthly reminder of item assigned
	  to them of priority > 5. Allow admin to send a daily/weekly/monthly
	  reminder of item assigned to project members of priority > 5
	  (task #209, task #750).
	* Headers automatically added in sent mails changed a little bit.
	  Now, they are X-Savane-Server, X-Savane-Project, X-Savane-Tracker,
	  X-Savane-Item-ID.
	* Add a test on items commenters and do not try to send notification
          if the post was anonymous (bug #696).
	* Users can configure the subject line of messages sent by trackers
          (task #751).
        * Cc notification list now not accept ; as separator (
          support #111).
	* Make sure news summaries can be viewed in any cases (bug #703).
	* On news item site administration, highlight items posted by the
	  administration group, also provide groups name in any
          news item lists (bug #222).
	* On news item site administration, allows to edit content of
          posted items (bug #223).
	* Projects can now configure a notification list for approved news
	  items (bug #234).
	* Distinguish status with a different set of colors (
	  bug #535).
	* Limit item history size by printing at maximum the 15 latest
	  changes (bug #688)
	* Clean date related functions, avoiding some bugs due to unix
	  timestamp and date translations (bug #694).
	  Note: this bug caused "planned close date" and "planned starting
	  date"	to be stored with a timestamp -1 day.
	* Add direct pointer to the currently shown item in the headers
	  where item #nnnn is printed. Sometimes, you may want to refresh
	  the page, for whatever reason, without doing reload.
	* In select boxes, when using trackers, field value are sorted by
	  label, if the rank is not enough. This is interesting if you have
          several values with the same rank (bug #526).
	* Ignore incomplete registration when testing if a sys group name
	  already exists in the database, during project registration. Risks
	  of a name clash seems near 0, while not doing that require
	  maintainance, since some people interrupt registration and try to
	  redoit later with the same name. And even if a name clash happens,
	  admins should notice it during approval (bug #332).
	* Give some tips after login failure.
	* Filelist allow subdirectories listing.
	* Cookies always include the full sysdomain; this make possible
	  concurrent sessions on different servers that got the same main
	  domain. However, it makes impossible to share cookie between
	  www.domain and domain.
	* Number of latest group approved by per group type now depends on
	  how many groups type you have. If you have more than 25 group types,
	  no more than 2 groups per type will be showned on the front page.
	  If you have less than 3 group types, 25 groups will be shown per
	  group type.
	* Print 9 latest news on front page instead of 7.

     [BACKEND]

	* Remove logo size (height, width) configuration options
          (close: bug #680)
	* Remove useless configuration settings: sys_nglists_domain,
	  sys_default_dir, sys_shell_host, sys_users_host,
	  sys_docs_host, sys_dns1_host, sys_dns2_host, sys_lists_host,
	  sys_server, sys_themeroot.
	* Configuration tool: ignore by default questions related to
          webalizer and mrtg integration. These are nowadays useless,
          since apache is no longer supposed to be able to this kind of
          data, for security reasons, on most installations.
 	* Add cron mailman parameter in conffile.
	* Install default crontab and logrotate file during install
	  process.
	* Add Mail.pm, similar to sendmail.php. Now sv_mailman rely on it.
	* sv_mailman now understand --cron option.
	* Add sv_reminder, a script that send reminders to users about
	  open items (task #209, task #750).
	* sv_cleaner now deletes user account unconfirmed after two
	  days (bug #318).


     [DATABASE]

	* Add Operating Sytem initvalues, activate the field Platform Version
	  by default for support trackers.
	* Clean user table: remove unused fields


------------------------------------------------------------------------------

2004-08-24, Changes from 1.0.3 to 1.0.3.1:


     [BACKEND]

	* Use single quotes in the configuration file only for the installation
	  full name (like Gna!, for example) (bug #633).


------------------------------------------------------------------------------

2004-08-23, Changes from 1.0.2 to 1.0.3:

     [SITE SPECIFIC CONTENT]

	* admin/user_email.txt no longer exists.
	* my/request_for_inclusion.txt has been added.
	* register/projectname.txt slightly modified about the lenght of
	  unix group name (details in the frontend section below).


     [FRONTEND]

 	* Cosmetics improvements (task #404).
        * Can handle mysql persistant link, if available.
	* Clarify message sent when an user request membership, remove
	  an extra slash from the link given (bug #441).
	* Fix broken link on membership page (bug #422).
	* Hide CVS link if unused (bug #631).
	* Give appropriate information about lenght of unix group name
	  (bug #376).
	* Add anchors/links in the trackers page, to ease browsing inside
          the items (task #304).
      	* Add a special submit, only for project members, allowing them to
	  update a report and get back to it directly. It can be useful to
          do some tasks that cannot be done at once (task #256).
	* Add a link to the top of each page (task #554).
	* Item can now be private, which means they are shown only to
	  tracker technicians/admins and submitters. This require some
	  trivial modifications of the database that can be done by running
	  the command:
		mysql databasename < update/1.0.3/private-items.sql
          or by executing the SQL commands within the file
	  update/1.0.3/private-items.sql by any other mean
          (task #111).
	* Show priorities of dependencies (task #553).
	* Return to the item page (instead of the items list) after removing
	  a cc/dependancy/attached file. It will ease heavy changes made on
	  one item (bug #462).
	* Reporting trackers section now renamed statistics, heavily cleaned.
	* Fix error in attached file size mentioned in mail notifications
	  (bug #468).
	* Fix a bug that made field usage "show on add" option the same
	  for non logged in users and logged in users (bug #286).
	* Feature boxes dates are now i18n compliant (bug #493).


     [BACKEND]

 	* CVS.pm:  make CVSROOT/history group writable by default.
	* Users and groups are now created with id starting at 5000
	  (bug #431).
	* Use single quotes by default in the configuration file, escape
	  single quotes. It allows admins to use non purely ascii characters
	  within their installation name, like @, without running into
	  troubles (bug #283).


     [DATABASE]

	* Rename some initvalues: Later is now Postpone, Works For Me is now
	  Unreproducible (wording more common) ; For patch we talk about
	  applying, for task and support about doing, instead of fixing
	  (task #566).



------------------------------------------------------------------------------

2004-03-29, Changes from 1.0.1 to 1.0.2:

     [FRONTEND]
	* Cosmetics improvements (bugs #303, bugs #290).
	* Fix spelling issues (bugs #307)
	* Code cleanups (task #257).
	* Fix side effect at the end of user/project list (bugs #296).
	* Fix PHP Warnings when commenting a support request (closes:
	  bugs #280).
	* Update i18n.
	* Remove the X-Copy to header from the mail sents but send mails
	  with one call to mail(), in order to send one mail, with one
	  msg-id.
	* Dependancies list mention if an item is closed (task #263).
	* Fix Disabling CVS under Active Features method so it prevents
  	  CVS links from main page (bugs #299).
	* Allow dashes by default for group names (bugs #292).
	* Fix history info for global notification (bugs
	  #315).
	* Fix global notification settings cancelling notification,
	  thanks to Sylvain Beucler (bugs #314).
	* No longer automatically [ and ] to items pointers, as
	  altering content proves to be more frequently annoying than
	  helpful.
	* Follows RFC822 and quote real names in From: and To: mail
	  headers whenever appropriate (bugs #313).
	* Show with icons whether dependant items are closed (closes:
	  task #264).
	* Fix a bug that caused bookmarks to no longer being named
	  properly (bugs #285).
	* $feedback is now converted to html entities (bugs #320).
	* Security fix to avoid remote code execution by the webserver.

------------------------------------------------------------------------------

2004-03-07, Changes from 1.0.0 to 1.0.1:

     [FRONTEND]
	* New icons, removed old icons.
	* Trivial cosmetics.
	* German translation added.
	* French translation updated.
	* Hide items in "my items" rework (bugs #211).
	* Enhanced session verification by story the session hash and the
	  user id.

     [BACKEND]
	* Members shell sv_membersh is now completely configurable, less
	  site specific.
	* A mail is now automatically sent at list creation, providing
	  admin list password (bugs #249).
	* Add sv_mailman_checkqueue, a little script to monitor the number
	  of messages pending in the mailman queue.
	* Fix a bug in user management which cause user account to be deleted
	  when they were no longer member of any group.

------------------------------------------------------------------------------

2004-02-04, Savane 1.0.0:

	* Initial release

------------------------------------------------------------------------------


