IHateMoney v5.0.0 Release Notes
Release Date: 2021-10-19 // over 2 years ago-
๐ฅ Breaking changes
- Include project code into project authentication token. This invalidates all existing API tokens and invitation links from previous versions (#802 #843)
- ๐ Drop support for Python 2 (#483)
- ๐ Drop support for Python 3.5 (#571)
- ๐ Drop support for MySQL (#743)
- Require MariaDB version 10.3.2 or above (#632)
- ๐ Enable session cookie security by default (#845)
- Change token path authentication to /{project}/join/{token} (#843)
๐ The minimum supported version is now Python 3.6, and the project is โ tested with up to Python 3.9
โฌ๏ธ See upgrade instructions โฌ๏ธ to make sure the upgrade goes smoothly.
๐ Security
- Add CSRF validation on destructive actions (#796)
- Ask for private code to delete project or project history (#796)
- Add headers to mitigate Clickjacking, XSS, and other attacks: [X-Frame-Options]{.title-ref}, [X-XSS-Protection]{.title-ref}, [X-Content-Type-Options]{.title-ref}, [Content-Security-Policy]{.title-ref}, [Referrer-Policy]{.title-ref} (#845)
- Add URL validation to external link to prevent XSS (#846)
โ Added
- Allow to import previously exported json data (#518)
- Add new optional field "external link" in bill form (#429)
- Add optional currencies to project and bills (#541, #864)
- Add new statistics showing monthly expenses (#526)
- Add pagination to the list of bills (#480)
- Add sorting, pagination, and searching to the admin dashboard (#538)
- Add Project History page that records all changes (#553)
- Add token-based authentication to the API (#504)
- Add illustrations as a showcase, currently only for French (#544)
- Add a page for downloading mobile application (#688)
- ๐ Add optional support for a simple CAPTCHA (#844)
- ๐ Add translations for Greek, Esperanto, Italian, Japanese, Portuguese and Swedish
- ๐ณ Publish an official docker image
๐ New settings
- Add ENABLE_CAPTCHA setting (#844)
- Use and document SESSION_COOKIE_SECURE setting (#845)
- Use and document BABEL_DEFAULT_TIMEZONE setting (#590)
๐ Changed
- Use the external debts lib to solve settlements (#476)
- ๐ Remove balance column in statistics view (#323)
- Make language choice persistent (#547)
- Localize date strings in the current language (#590)
- Differenciate "flash alerts" notifications (#594)
- Display "flash messages" persistently instead of making them disappear (#856)
- Improve menu bar spacing, put history and settings in a submenu (#739)
- ๐ Change Dockerfile to install python dependencies at build time (#793)
- โก๏ธ Updating project settings doesn\'t require to enter or update project code (#774)
- Bump dependencies: WTForms (#768) jinja2 (#753) itsdangerous (#756) flask (#755 #757 #764)
- ๐ Remove requirements files in favor of setup.cfg pinning (#558)
- Make language choice persistent (#547)
- Flash messages must be dimissed manually (#856)
- Increased the font size of the logo (#828)
๐ Fixed
- Improve input of email addresses when inviting people to join a project (#133)
- Fix order of participants in the statistics page (#608)
- Clarify project edition form: private code is not required (#774)
- Fix Python dependency contraints to be less strict
- ๐ Improve documentation (#781 #819 #821)
- ๐ป Fix datepicker that was displayed twice on some browsers (#221)
- Members weight are now rounded to 2 decimal (#838)
๐ Documentation
- ๐ Reorganize "Contributing" documentation to be more accessible to new contributors
- ๐ Improve documentation regarding database migrations (#569)
- ๐ Added a page about the security model (#858)