ยซ Changelog History


Radicale v3.0.0 Release Notes

Release Date: 2020-05-19 // almost 4 years ago

  • ๐Ÿš€ This release is incompatible with previous releases. โฌ†๏ธ See the upgrade checklist below.

    • Parallel write requests
    • ๐Ÿ‘Œ Support PyPy
    • Protect against XML denial-of-service attacks
    • Check for duplicated UIDs in calendars/address books
    • Only add missing UIDs for uploaded whole calendars/address books
    • Switch from md5 to sha256 for UIDs and tokens
    • Code cleanup:
      • All plugin interfaces were simplified and are incompatible with old plugins
      • Major refactor
      • Never sanitize paths multiple times (check if they are sanitized)
    • Config
      • Multiple configuration files separated by : (resp. ; on Windows)
      • Optional configuration files by prepending file path with ?
      • Check validity of every configuration file and command line arguments separately
      • Report the source of invalid configuration parameters in error messages
      • Code cleanup:
      • Store configuration as parsed values
      • Use Schema that describes configuration and allow plugins to apply their own schemas
      • Mark internal settings with _
    • Internal server
      • Bind to IPv4 and IPv6 address, when both are available for hostname
      • Set default address to localhost:5232
      • Remove settings for SSL ciphers and protocol versions (enforce safe defaults instead)
      • Remove settings for file locking because they are of little use
      • Remove daemonization (should be handled by service managers)
    • ๐ŸŒฒ Logging
      • Replace complex Python logger configuration with simple logging.level setting
      • Write PID and threadName instead of cryptic id's in log messages
      • Use wsgi.errors for logging (as required by the WSGI spec)
      • Code cleanup:
      • Don't pass logger object around (use logging.getLogger() instead)
    • Auth
      • Use md5 as default for htpasswd_encryption setting
      • Move setting realm from section server to auth
    • Rights
      • Use permissions RW for non-leaf collections and rw for address books/calendars
      • New permission i that only allows access with HTTP method GET (CalDAV/CardDAV is susceptible to expensive search requests)
    • ๐ŸŒ Web
      • Add upload dialog for calendars/address books from file
      • Show startup loading message
      • Show warning if JavaScript is disabled
      • Pass HTML Validator
    • Storage
      • Check for missing UIDs in items
      • Check for child collections in address books and calendars
      • Code cleanup:
      • Split BaseCollection in BaseStorage and BaseCollection