= Release 0.8.0 (15-Apr-2015) =
** UnauthenticatedTub is gone
As announced in the previous release, UnauthenticatedTub has been removed. All Tubs are fully authenticated now.
** Security Improvements
Foolscap now generates better TLS certificates, with 2048-bit RSA keys and SHA256 digests. Previous versions used OpenSSL's defaults, which typically meant 1024-bit MD5.
To benefit from the new certificates, you must regenerate your Tubs, which means creating new FURLs (with new TubIDs). Previously-created Tubs will continue to work normally: only new Tubs will be different.
** Packaging/Dependency Changes
setup.py now requires setuptools
Foolscap now requires pyOpenSSL unconditionally, because all Tubs are authenticated.
We now recommend "pip install ." to install Foolscap and all its dependencies, instead of "python setup.py install". See #231 for details.
= Release 0.7.0 (23-Sep-2014) =
** Security Fixes
The "flappserver" feature was found to have a vulnerability in the service-lookup code which, when combined with an attacker who has the ability to write files to a location where the flappserver process could read them, would allow that attacker to obtain control of the flappserver process.
Users who run flappservers should upgrade to 0.7.0, where this was fixed as part of #226.
Each flappserver runs from a "base directory", and uses multiple files within the basedir to track the services that have been configured. The format of these files has changed. The flappserver tool in 0.7.0 remains capable of reading the old format (safely), but will upgrade the basedir to the new format when you use "flappserver add" to add a new service. Brand new servers, created with "flappserver create", will use the new format.
The flappserver tool in 0.6.5 (or earlier) cannot handle this new format, and will believe that no services have been configured. Therefore downgrading to an older version of Foolscap will require manual reconstruction of the configured services.
** Major Changes
UnauthenticatedTub has been deprecated, and will be removed in the next release (0.8.0). This seldom-used feature provides Foolscap's RPC semantics without any of the security, and was included to enable the use of Foolscap without depending upon the (challenging-to-install) PyOpenSSL library. However, in practice, the lack of a solid dependency on PyOpenSSL has made installation more difficult for applications that do want the security, and UnauthenticatedTub is a footgun waiting to go off. Foolscap's code and packaging will be simpler without it. (#67)
** Minor Changes
The "git-foolscap" tools, which make it possible to publish and clone Git repositories over a Foolscap (flappserver) connection, have been moved from their hiding place in doc/examples/ into their own project, hosted at https://github.com/warner/git-foolscap . They will also be published on PyPI, to enable "pip install git-foolscap".
The documentation was converted from Lore to ReStructuredText (.rst). Thanks to Koblaid for the patient work. (#148)
The connection-hint parser in 0.7.0 has been changed to handle all TCP forms of Twisted's "Client Endpoint Descriptor" syntax, including the short "tcp:127.0.0.1:9999" variant. A future version should handle arbitrary endpoint descriptors (including Tor and i2p, see #203), but this small step should improve forward compatibility. (#216, #217)
= Release 0.6.5 (12-Aug-2014) =
** Compatibility Fixes
This release is compatible with Twisted-14.0.0.
Foolscap no longer claims compatability with python-2.4.x or 2.5.x . These old versions might still work, but there are no longer automated tests to ensure this. Future versions will almost certainly not work with anything older than python-2.6.x . Foolscap remains incompatible with py3, sorry.
** Forward Compatibility
When parsing FURLs, the connection hints can now use TCP sockets described with the Twisted Endpoints syntax (e.g. "tcp:host=127.0.0.1:port=9999"), in addition to the earlier host:port "127.0.0.1:9999" form. Foolscap-0.6.5 ignores any hint that is not in one of these two forms. This should make it easier to introduce new hint types in the future.
** Minor Changes
The "ChangeLog" file is no longer updated.
Violation reports now include the method name. (#201)
The "flappserver" tool explicitly rejects unicode input, rather than producing hard-to-diagnose errors later. (#209)
Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:
sudo dnf upgrade --refresh --advisory=FEDORA-2015-11629Please log in to add feedback.
This update has been submitted for testing by cicku.
Taskotron: depcheck test PASSED on x86_64. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/105912/steps/runtask/logs/stdio (results are informative only)
Taskotron: depcheck test PASSED on i386. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/105917/steps/runtask/logs/stdio (results are informative only)
This update is currently being pushed to the Fedora 22 testing updates repository.
This update has been pushed to testing
This update has been submitted for stable by cicku.
Taskotron: upgradepath test PASSED on noarch. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/109219/steps/runtask/logs/stdio (results are informative only)
This update is currently being pushed to the Fedora 22 stable updates repository.
This update is currently being pushed to the Fedora 22 stable updates repository.
This update has been pushed to stable