Radicale v3.0.0 Release Notes
Release Date: 2020-05-19 // almost 4 years ago-
๐ This release is incompatible with previous releases. โฌ๏ธ See the upgrade checklist below.
- Parallel write requests
- ๐ Support PyPy
- Protect against XML denial-of-service attacks
- Check for duplicated UIDs in calendars/address books
- Only add missing UIDs for uploaded whole calendars/address books
- Switch from md5 to sha256 for UIDs and tokens
- Code cleanup:
- All plugin interfaces were simplified and are incompatible with old plugins
- Major refactor
- Never sanitize paths multiple times (check if they are sanitized)
- Config
- Multiple configuration files separated by
:
(resp.;
on Windows) - Optional configuration files by prepending file path with
?
- Check validity of every configuration file and command line arguments separately
- Report the source of invalid configuration parameters in error messages
- Code cleanup:
- Store configuration as parsed values
- Use Schema that describes configuration and allow plugins to apply their own schemas
- Mark internal settings with
_
- Multiple configuration files separated by
- Internal server
- Bind to IPv4 and IPv6 address, when both are available for hostname
- Set default address to
localhost:5232
- Remove settings for SSL ciphers and protocol versions (enforce safe defaults instead)
- Remove settings for file locking because they are of little use
- Remove daemonization (should be handled by service managers)
- ๐ฒ Logging
- Replace complex Python logger configuration with simple
logging.level
setting - Write PID and
threadName
instead of cryptic id's in log messages - Use
wsgi.errors
for logging (as required by the WSGI spec) - Code cleanup:
- Don't pass logger object around (use
logging.getLogger()
instead)
- Replace complex Python logger configuration with simple
- Auth
- Use
md5
as default forhtpasswd_encryption
setting - Move setting
realm
from sectionserver
toauth
- Use
- Rights
- Use permissions
RW
for non-leaf collections andrw
for address books/calendars - New permission
i
that only allows access with HTTP method GET (CalDAV/CardDAV is susceptible to expensive search requests)
- Use permissions
- ๐ Web
- Add upload dialog for calendars/address books from file
- Show startup loading message
- Show warning if JavaScript is disabled
- Pass HTML Validator
- Storage
- Check for missing UIDs in items
- Check for child collections in address books and calendars
- Code cleanup:
- Split BaseCollection in BaseStorage and BaseCollection