Releases for Project

Changes since DRUPAL-5--1-1:

New features

• #203313 by dww, dmitrig01, starbow (.js): New project maintainer UI (on the 'releases' subtab) to select multiple supported branches and a single recommended branch for each API compatibility term. Also fixes bugs and edge cases from #126554.
• #207401 by Gabor and dww: Added support for packaging Drupal 6 translations.
• #207401 by dww: Modified tarball for D6 translations so that there's no language-code subdirectory, to make it easier to install directly into the Drupal root directory.
• #218571 by aclight, hunmonk: add hook_project_page_link_alter(), implement to add security link to all project pages.
• #176776 by dww (based on work started by cwgordon07): Fixed the project release download table to respect the settings added in #203313 to select multiple supported branches and control specific branches where the -dev snapshot should be visible. This makes the UI a little bit more like the Update status UI. Also fixed the bug where
  the cached download table might include edit links for users who can't use them, and are missing for users who should have them (#203438).
• #230763 by dww: Added theme functions to generate the text for thestatus column in the release download table and the alt/title attributes for the icons, instead of 'error', 'warning', and 'ok'.

Bugfixes

• Force the right umask() while the packaging script runs. This has been locally patched on d.o for months now, but it should just be committed.
• #203313 by dww: Fixed schema bug: project_release_project_nodeapi() was still trying to insert records with the "snapshot_table" field into {project_release_projects}, but that column no longer exists.
• #105532 by hunmonk: project release link at node/add is a 404 -- add a simple form at node/add/project-release, project selector which redirects to node/add/project-release/[project-nid]
• #105532 by dww: Fixed minor admin-only XSS from previous commit. This code was never released or deployed, so there's no SA required.
• #231392 by mikehostetler: The project_project table contains a deprecated 'version' field.

Bugs fixed since version 5.x-1.0:

• #170135 by dww and hunmonk: Fixed a bug in project_db_rewrite_sql() that caused it to restrict access to nodes it should have allowed.
• #75745 by dww and hunmonk: Fixed bug in the query that generates the project overview pages when using the project taxonomy. We need to restrict to top-level terms so that if any 2nd-level terms happen to have the same name, there's no collision and non-deterministic behavior.
• #155697 by hunmonk: Fixed bug where attached files were not added to release nodes.
• #170000 by hunmonk: make project overview query postgres compliant.
• #169841 by aclight: Fixed bug where {cache_project_releases} wasn't modified when project_release node is deleted.
• #169863 by aclight: project_release_load() should call _project_release_get_api_vid(). This ensures that the API compatibility taxonomy term is correctly pulled when loading release nodes.
• #170350 by hunmonk: drupal_not_found() for bogus project aliases.
• #162456 by hunmonk: Browse by category should set page title properly.
• #103790 by plumbley, drewish: E_ALL Compliance: Fix notices in project.inc
• #103791 by plumbley, drewish: E_ALL Compliance: Fix PHP Notices in project.module.
• #177271 by drewish, hunmonk: E_ALL Compliance: Fix PHP Notices in project_release.
• #173063 by hunmonk/dww: Users with CVS access to a project can now view unpublished release nodes (as originally intended).
• #36619: Fixed a very minor t() usage problem. Translators might not realize the leading space in that t() string is required, so I moved it out of t() to ensure consistency of the layout.
• #126554 by hunmonk, dww: Fixed edge cases in edit/releases tab on project nodes where the default release functionality was broken.
• #185244 by aclight: Added double quotes around mime filename header to handle filenames with spaces.
• #155996 followup by dww: Fixed project_release_update_1() not to force tables on MySQL to be MyISAM.
• #196247 by hunmonk: Project registers the same menu path multiple times. also fixes bug where incorrect values were getting saved for the sort options, and a bug where the default sorting tabs wouldn't appear until the project settings page was saved.

New features since version 5.x-1.0:

• #168520 by aclight: Set title attribute on Category links on browse by category overview page with term descriptions.
• #109181 by earnie, drewish, dww: Release nodes now provide feedback to owners and administrators when there are packaging errors.
• #206957 by dww: Made "releases" subtab of project edit tab more visible by adding an "Administer releases" link to the front of the project node (under "Add new release") for project maintainers.
• #169252 by aclight: Implemented devel_caches(). {cache_project_release} now gets cleared when using devel module's cache clearing mechanism.

Other changes since version 5.x-1.0:

• #171253 by drewish: Made it easier to re-use project_build_query().
• #173397 by drewish: Converted usage stats to always be stored and processed as GMT timestamps (using gmmktime() not mktime()). Includes the first simpletest tests for project_usage.module.
• #168649 by pwolanin, dww: Fixed improper use of %s in db_query(). This was not a vulnerability, but we fixed it for defensive reasons.
• #155438 by dww: Exposed information about the CVS tag (if any) for a given release, not just info about CVS branches on snapshot releases.
• #64100 by dww: Removed dead code and setting related to automatically publishing/unpublishing project nodes based on releases (circa 4.6.x). Also, finally ripped out all the release scanning code, which has been dead since the VCS-based release system (#94000) from 4.7.x-2.*.
• #36619 by hunmonk: clarify usage of $project->mail setting.
• #207001 by hunmonk: Ripped out useless submit handler for project_settings_form().
• #189843 by dww: Removed some really old, weird, dead code.
• Cleaned up and commented a confusing menu item.
• Removed some stray whitespace from the code.

Changes since version 4.7.x-2.3:

• #170135 by dww and hunmonk: Fixed a bug in project_db_rewrite_sql() that caused it to restrict access to nodes it should have allowed.
• #75745 by dww and hunmonk: Fixed bug in the query that generates the project overview pages when using the project taxonomy. We need to restrict to top-level terms so that if any 2nd-level terms happen to have the same name, there's no collision and non-deterministic behavior.
• #189843 by dww: Removed some really old, weird, dead code.
• #170000 by hunmonk: make project overview query postgres compliant.
• #170350 by hunmonk: drupal_not_found() for bogus project aliases.
• #162456 by hunmonk: Browse by category should set page title properly.
• #168520 by aclight: Set title attribute on Category links on browse by category overview page with term descriptions.
• #196247 by hunmonk: Project registers the same menu path multiple times. also fixes bug where incorrect values were getting saved for the sort options, and a bug where the default sorting tabs wouldn't appear until the project settings page was saved.
• Cleaned up and commented a confusing menu item.
• Removed some stray whitespace from the code.

NOTE: Unless critical bugs are uncovered, this will be the last official release for the 4.7.x-1.* series. All users are strongly encouraged to upgrade to at least 4.7.x-2.*, or better yet, 5.x-1.*, as soon as feasible. Support for this release series is basically over.

Changes since version 4.7.x-1.3:

• #170135 by dww and hunmonk: Fixed a bug in project_db_rewrite_sql() that caused it to restrict access to nodes it should have allowed.
• #75745 by dww and hunmonk: Fixed bug in the query that generates the project overview pages when using the project taxonomy. We need to restrict to top-level terms so that if any 2nd-level terms happen to have the same name, there's no collision and non-deterministic behavior.
• #170000 by hunmonk: make project overview query postgres compliant.
• #170350 by hunmonk: drupal_not_found() for bogus project aliases.
• #168520 by aclight: Set title attribute on Category links on browse by category overview page with term descriptions.
• #103792 by plumbley: E_ALL Compliance: Fix PHP Notices in release.inc
• Cleaned up and commented a confusing menu item.
• Removed some stray whitespace from the code.

This release addresses an access bypass security issue, DRUPAL-SA-2007-020. Sites that try to restrict access to projects based on the 'access projects' or 'access own projects' permissions should upgrade immediately.

Other changes since 5.x-0.1-beta:

• #101292 by webchick and dww: Reorganize 'support' section of project page, make cleaner place to post support requests (phase 1: comment 11)
• #111902: add argument for packaging script to restrict to a single project
• #111323: allow maintainers to see unpublished release nodes (also related to #109181)
• #111658: module browsing pages ignores release publish status and 'enable releases' settings.
• #48580: provide module version info via xmlrpc by nedjo, merlinofchaos, dww, and much help from others.
• Correct typo in serialize
• #115756 by Arthaey (with minor cleanup by dww): project_release.install doesn't work for PostgreSQL (you can't create indexes inside CREATE TABLE statements on pgsql).
• #115625: browse-by-date has no pager when filtering by version. Thanks to merlinofchaos for helping to find the bug in the count_query SQL.
• #128718: faulter headers in merged .po files (we were missing the --use-first argument to msgcat).
• #126346: improper use of $may_cache in hook_menu() -- no links for project.module or project_release.module in admin/by-module pages.
• #105223: optimizing packaging script by removing excessive watchdog() calls (2 for *every* development snapshot release, even if we didn't repackage anything). Now, we only log a message when we do something.
• #141687 by Shiny: removing stray call to undefined function project_release_db_table_exists() under pgsql.
• Adding simple caching to project_release_compatibility_list(). This has the side-effect of fixing a potential E_ALL warning. ;)
• #143144: Add packaging datestamp to .info files.
• #136172: Fix protocol for update_status.module. We now use .xml files with the entire release history for each project, instead of XML-RPC. Adding a project-release-history.php script to generate the .xml files (meant to be run from cron, outside of Drupal), and a patch against project_release.module to add a new menu callback to serve the files. See also #124661, #125742, #128827, #136525, and #142120.
• removing silly, redundant descriptions for each set of checkboxes in the "Enabled sorting options" fieldset @ admin/project/project-settings.
• Adding a useful description for "Enabled sorting options" fieldset. ;)
• #143954: make packaging script more robust regarding file permissions
• #144569 by Andrew Sterling Hanenkamp: Project settings page missing help about the Projects vocabulary due to old settings URL.
• #149963 by dww and aclight: Projects overview page has bad links to taxonomy terms that don't belong to the "Projects" vocabulary, and the links don't include other goodness from taxonomy_link(), for example, mouse-over link titles for term descriptions, etc.
• #146910: Add the right Drupal core compatibility attribute to all .info files during packaging of releases, since D6 core now requires this attribute to run any modules or themes.
• #151490 by aclight: View CVS Messages should not be available if project has no repository set.
• #151342: removing version from .info in CVS in favor of cvs_deploy.module
• #151923: Project-generated vocabulary should be called "Project types".
• #151772 by aclight: field length in project_release form is too short.
• #152918: Project browsing pages don't honor the "active compatibility terms" setting, nor the published bit on release nodes. The totals for each category are wrong on the "Browse by category" summary page, and projects are displayed that have no published release nodes.
• #58630 by aclight: Fixing project breadcrumbs on the "View CVS messages" and "Developers" pages, along with a better version of project_project_set_breadcrumb() to make it easier to get breadcrumbs right in other places in the project* codebase.
• #151923: Fixing help text at admin/project/project-settings to use the current name of the project vocabulary instead of hard-coding it.
• #155281: Register the menu callback for serving up .xml release history files at /release-history/[project-name]/[core-version] so that we have lots of flexibility to use a thin php wrapper etc. instead of full Drupal.
• Updated POT for translation
• #153973: Require admins to publish security update releases.
• Updated POT including all fixes in #155727
• #155996 by hass and drewish: Removed MyISAM settings from MySQL statements.
• #145755 by aclight: Fixed array_merge() error in releases subtab of project edit tab by unnecessary definition of $form['#validate'].
• #151892 by aclight: Use per-project logic to determine handling of certain CVS-related things by introducing a project_use_cvs() function that checks both that cvs.module is enabled, _and_ that the particular project node you pass in is configured to point to a CVS repository. This will need to be refactored for versioncontrol_api in the near future, but this is an important bug fix in the mean time.
• #154280 by aclight and dww: Project edit access not revoked if user has cvs privilages disabled. Also, immediately revoke CVS access in this case instead of waiting for the passwd file to be regenerated.
• #157691 by hass: ancestors() is deprecated in jQuery 1.1.* and later, and parents() works even in jQuery 1.0.*.
• #159321: "Automatically generated path..." on project edit form needs a div.
• #155727 by hass: "Project" should be capitalized in project_node_info() for D5 and beyond.
• #155727: "Go" button should be called "Filter" on the version filter form for the download browsing pages.
• Fixing a place where a t() placeholder was using ! and doing check_plain() manually, instead of just using @.
• Fixing code style for string concatenations.
• #155727 by dww: Fixing improper use of dynamic content inside t().
• #155727 by hass and dww: Fixing some minor t() and XHTML validation bugs.
• #105224 by aclight, bonzinip and dww: The download table is broken if a release has no file attached (bogus date, size, and download link).
• #158446 by aclight: Converted project_release_download_link() into a theme function so that sites can easily modify link attributes, appearance, or anything else they can't change via the admin UI.
• #150485 by aclight and dww: You can now theme the output of download tables.
• #58630 by aclight and dww (slightly modified version of patch 7): Fixing breadcrumbs on release nodes for the 'add' and 'edit' forms.
• #157769 by aclight: Print a "Login or register to create an issue" link for anonymous users when viewing a project node (see #102395).
• #157769 by dww: Fixed critical bug from #151892 where the "Restrict project creation to users with CVS accounts" setting was being ignored due to over-zealous use of project_use_cvs() on a node that doesn't exist yet instead of simply testing module_exists('cvs').
• #161552 by dww: Fixed another bug from #151892 where people with CVS access couldn't add or edit release nodes for projects they didn't own.
• #163464 by hunmonk -- make project select query SQL compliant.
• #163288 by pwolanin and dww: Added caching for project_release_table().
• #163574 by pwolanin and dww: Added better blacklist for project names.
• #163865 by dww: Fixed a PHP5 warning on the project browsing pages.
• #163865 by dww: Additional cleanup of the PHP5 warning for project browsing.
• #163865 by dww: Fixed PHP 5.2 error in package-release-nodes.php.
• #162456 by dww: Fixed title on browse by category pages.
• #159334 by dww: Fixed translation bugs and improved help text about the project vocabulary on the settings page. The text is now displayed at admin/content/taxonomy if you view the "Project type" vocabulary.
• #57667 by dww: Removed the code trying to display help text about using the "Project type" vocabulary when adding or editing project nodes. The code didn't work, so it wasn't displaying anyway, and the UI has been so majorly improved (#64221) that the help isn't needed.
• #127875 by dww: Fixed SQL syntax error when viewing a release download table on a site with no active "Project release API compatibility" terms.
• #162531 by dww: Removed inappropriate implementation of hook_link(). It was buggy, too (there was no link) so there's no visible change.
• #164615: Fixed typo in project_release_project_edit_form()
• #119860 by swood, drewish, dww, CSCharabaruk, et al: Added an implementation of hook_file_download() so that files attached to release nodes can be downloaded on sites with private file handling.
• #163586 by dww: Fixed bug in the SQL queries that generate the project browsing pages were releases without a file were needlessly filtered out.
• #164592: To aid debugging of packaging cron runs, always echo everything to the screen that we log in watchdog(). This makes it easier to spot problems when running the script interactively, and
  doesn't hurt in the cron case, since std(out|err) go to /dev/null.
• #159892 by dww: Ripped out menu callback for serving release .xml files. See project-release-serve-history.php in this directory, instead.
• #164846: Ripped out XML-RPC server code for update_status 5.x-1.* clients. (This code has been moved into a legacy module only for use on d.o).
• #159892 by dww: Enhanced project_release_update_5001() to print queries.
• Adding Chad as a co-maintainer and other minor cleanup
• Re-adding the Name RCS keyword
• Adding link to TODO list: http://groups.drupal.org/node/5489
• #165410 by killes: Removed some dead code in project_page_overview() (added via #99759 in revision 1.259 during the 5.x port, only in HEAD).
• #133052: Added explicit dependency on taxonomy, since project_release requires it (at least for now).
• #167105 by dww: Added hook_uninstall() for project and project_release.
• #168431 by aclight and dww: Projects that don't use CVS had misleading text on the "View all releases" page if there were no published releases. Now, the text makes sense whether or not CVS is being used.
• #114281 and #168760 (SA-2007-020) by dww: Fixed numerous access bugs.

This release addresses an access bypass security issue, DRUPAL-SA-2007-020. Sites that try to restrict access to projects based on the 'access projects' or 'access own projects' permissions should upgrade immediately.

Other changes since 4.7.x-2.2:

• #111323: allow maintainers to see npublished release nodes (also related to #109181) [backport]
• #111658: module browsing pages ignores release publish status and 'enable releases' settings.
• #115756 by Arthaey (with minor cleanup by dww): project_release.install doesn't work for PostgreSQL (you can't create indexes inside CREATE TABLE statements on pgsql).
• #115625: browse-by-date has no pager when filtering by version. Thanks to merlinofchaos for helping to find the bug in the count_query SQL.
• #128718: faulter headers in merged .po files (we were missing the --use-first argument to msgcat).
• #149963 by dww and aclight: Projects overview page has bad links to taxonomy terms that don't belong to the "Projects" vocabulary, and the links don't include other goodness from taxonomy_link(), for example, mouse-over link titles for term descriptions, etc.
• #151490 by aclight: View CVS Messages should not be available if project has no repository set.
• #151923: Project-generated vocabulary should be called "Project types".
• #151772 by aclight: field length in project_release form is too short.
• #152918: Project browsing pages don't honor the "active compatibility terms" setting, nor the published bit on release nodes. The totals for each category are wrong on the "Browse by category" summary page, and projects are displayed that have no published release nodes.
• #58630 by aclight: Fixing project breadcrumbs on the "View CVS messages" and "Developers" pages, along with a better version of project_project_set_breadcrumb() to make it easier to get breadcrumbs right in other places in the project* codebase.
• #151923: Fixing help text at admin/project/project-settings to use the current name of the project vocabulary instead of hard-coding it.
• #155996 by hass and drewish: Removed MyISAM settings from MySQL statements.
• #145755 by aclight: Fixed array_merge() error in releases subtab of project edit tab by unnecessary definition of $form['#validate'].
• #151892 by aclight (backported by dww): Use per-project logic to determine handling of certain CVS-related things by introducing a project_use_cvs() function that checks both that cvs.module is enabled, _and_ that the particular project node you pass in is configured to point to a CVS repository. This will need to be refactored for versioncontrol_api in the near future, but this is an important bug fix in the mean time.
• #154280 by aclight and dww: Project edit access not revoked if user has cvs privilages disabled. Also, immediately revoke CVS access in this case instead of waiting for the passwd file to be regenerated.
• #151892: Fixing syntax error in backport (revision 1.75.2.16.2.26).
• #159321: "Automatically generated path..." on project edit form needs a div. Backporting isn't technically necessary, since the bug doesn't appear in 4.7.x, but the extra div can't hurt.
• #155727: "Go" button should be called "Filter" on the version filter form for the download browsing pages.
• Fixing code style for string concatenations.
• #155727 by dww: Fixing improper use of dynamic content inside t().
• #155727 by hass and dww: Fixing some minor t() and XHTML validation bugs.
• #105224 by aclight, bonzinip and dww: The download table is broken if a release has no file attached (bogus date, size, and download link).
• #58630 by aclight and dww (slightly modified version of patch 7): Fixing breadcrumbs on release nodes for the 'add' and 'edit' forms.
• #157769 by dww: Fixed critical bug from #151892 where the "Restrict project creation to users with CVS accounts" setting was being ignored due to over-zealous use of project_use_cvs() on a node that doesn't exist yet instead of simply testing module_exists('cvs').
• #161552 by dww: Fixed another bug from #151892 where people with CVS access couldn't add or edit release nodes for projects they didn't own.
• #163464 by hunmonk -- make project select query SQL compliant.
• #159334 by dww: Fixed translation bugs and improved help text about the project vocabulary on the settings page. The text is now displayed at admin/content/taxonomy if you view the "Project type" vocabulary.
• #57667 by dww: Removed the code trying to display help text about using the "Project type" vocabulary when adding or editing project nodes. The code didn't work, so it wasn't displaying anyway, and the UI has been so majorly improved (#64221) that the help isn't needed.
• #127875 by dww: Fixed SQL syntax error when viewing a release download table on a site with no active "Project release API compatibility" terms.
• #162531 by dww: Removed inappropriate implementation of hook_link(). It was buggy, too (there was no link) so there's no visible change.
• #164615: Fixed typo in project_release_project_edit_form()
• #119860 by swood, drewish, dww, CSCharabaruk, et al: Added an implementation of hook_file_download() so that files attached to release nodes can be downloaded on sites with private file handling.
• #163586 by dww: Fixed bug in the SQL queries that generate the project browsing pages were releases without a file were needlessly filtered out.
• Adding link to TODO list: http://groups.drupal.org/node/5489
• #168431 by aclight and dww: Projects that don't use CVS had misleading text on the "View all releases" page if there were no published releases. Now, the text makes sense whether or not CVS is being used.
• #114281 and #168760 (SA-2007-020) by dww: Fixed numerous access bugs.

This release addresses an access bypass security issue, DRUPAL-SA-2007-020. Sites that try to restrict access to projects based on the 'access projects' or 'access own projects' permissions should upgrade immediately.

Other changes since 4.7.x-1.2:

• #115625: browse-by-date has no pager when filtering by version. Thanks to merlinofchaos for helping to find the bug in the count_query SQL.
• #149963 by dww and aclight: Projects overview page has bad links to taxonomy terms that don't belong to the "Projects" vocabulary, and the links don't include other goodness from taxonomy_link(), for example, mouse-over link titles for term descriptions, etc.
• #151490 by aclight: View CVS Messages should not be available if project has no repository set.
• #58630 by aclight: Fixing project breadcrumbs on the "View CVS messages" and "Developers" pages, along with a better version of project_project_set_breadcrumb() to make it easier to get breadcrumbs right in other places in the project* codebase.
• #155996 by hass and drewish: Removed MyISAM settings from MySQL statements. Backported by dww for DRUPAL-4-7.
• #159321: "Automatically generated path..." on project edit form needs a div. Backporting isn't technically necessary, since the bug doesn't appear in 4.7.x, but the extra div can't hurt.
• #155727 by dww: Fixing improper use of dynamic content inside t().
• #163464 by hunmonk -- make project select query SQL compliant.
• #159334 by dww: Fixed translation bugs and improved help text about the project vocabulary on the settings page. The text is now displayed at admin/content/taxonomy if you view the "Project type" vocabulary.
• #57667 by dww: Removed the code trying to display help text about using the "Project type" vocabulary when adding or editing project nodes. The code didn't work, so it wasn't displaying anyway, and the UI has been so majorly improved (#64221) that the help isn't needed.
• Adding link to TODO list: http://groups.drupal.org/node/5489
• #114281 and #168760 (SA-2007-020) by dww: Fixed numerous access bugs.

This release fixes a security vulnerability, all users of project-4.7.x-1.x (or 4.7.0 from before the new release system) are urged to upgrade. For more details, see DRUPAL-SA-2007-004.

Besides the security fix, the only other changes in this release are bug fixes since project-4.7.x-1.1:

• #100901: there was 1 more call to project_project_set_location() which i missed when backporting this fix to DRUPAL-4-7. :( This causes undefined function errors when you try to add a release in 4.7.x-1.*.
• #11879: removing dead hook_content() code
• removing weird stale code that's initializing things from $_GET in hook_form() which was added in revision 1.15, 2003.
• hook_form() doesn't need $node passed by reference. Removing some stray whitespace and a line of commented-out dead code.
• #104837: remove unneeded t() and double check_plain() + check_url()
• removing cruft that's no longer relevant or desired: we don't want checkboxes to be inline'ed on project node forms.
• #105228: fix CSS to handle new behavior of FAPI #prefix/#suffix (#100787)
• use l() to generate links instead of our own custom code
• minor code clean up on recent changes to project taxonomy UI
• #108678: node_access modules can't provide less restrictive update and delete rights to individual projects due to project_access() bug.
• #78245: homepage property is stored but never displayed on project nodes.

This release fixes a security vulnerability, all users of project (4.7.x-2.x) are urged to upgrade. For more details, see DRUPAL-SA-2007-004.

Besides the security fix, the other changes since project-4.7.x-2.1:

New features

• #106246: provide admin setting to change "base URL" for download links

Bug fixes

• #107215 : Published status not respected for release nodes. If you had "access projects" permissions, you could view any unpublished releases.
• #97780: Fixing obscure bug for the "Last updated:" display. It was only displaying if the node had been edited since it was created, since we were still testing against "changed", not "file_date."
• #104837: remove unneeded t() and double check_plain() + check_url()
• Removing cruft that's no longer relevant or desired: we don't want checkboxes to be inline'ed on project node forms.
• #105228: fix CSS to handle new behavior of FAPI #prefix/#suffix (#100787)
• #86806: version filter on project browsing pages no longer resets when you change tabs or use the pager.
• #86806: Version filter resets when you change pages -- fix for anonymous users: disable the selector and add "Login or register to modify the filter" with links (comment 12, patch by dww, backport to DRUPAL-4-7--2).
• use l() to generate links instead of our own custom code
• minor code clean up on recent changes to project taxonomy UI
• #107865: only allow users with 'adminster projects' (not 'administer nodes') permission to delete release nodes.
• #108827: Release form does not display correctly on opera and other browsers that can't handle inline-table (which is CSS3).
• #108678: node_access modules can't provide less restrictive update and delete rights to individual projects due to project_access() bug.
• #78245: homepage property is stored but never displayed on project nodes
• #11879: removing dead hook_content() code
• removing weird stale code that wass initializing things from $_GET in hook_form() which was added in revision 1.15, 2003.
• hook_form() doesn't need $node passed by reference. Removing some stray whitespace and a line of commented-out dead code.

Fixes to the package-release-nodes.php packaging script

• #97583: fixing a minor bug: some watchdog() messages were using the old hard-coded 'release_package' and 'release_error' $type, instead of the global settings.
• #109180: providing links to release nodes in watchdog() [backport]
• #108493: file metadata updates not always saved into the DB:
  • 2 new command-line args for this script: 'check' and 'repair'
  • use clearstatcache() so PHP doesn't return stale stat info.
  • reorganize the code a little so we don't treat failure to rm the tmp directory for a given contrib as a fatal error.
  • only create the task-specific tmp dir if we're creating packages, not checking or repairing metadata.

This release fixes a security vulnerability, all users of project 5.x-0.x-dev from before 2007-01-23 are urged to upgrade. For more details, see DRUPAL-SA-2007-004.

NOTE: The upgrade path from 4.7.x-1.* version of the Project module is still very confusing, undocumented, and error prone. Sites that use the project module are strongly recommended to not upgrade to Drupal core 5.x until the official 5.x-1.0 release of this module is available.

Besides the security fix, other changes in this release include:

• #99759: Preliminary support for Drupal core 5.x.
• #105192: finish separation of project.css and project_issue.css. Cleans up and reorganizes a bunch of css, fixes div classes, etc.
• #106633: Use jQuery/JS to hide 2nd level project taxonomy term selects in project node editing.
• All bug fixes and new features from the 4.7.x-2.* series.

The development snapshot of the version for the 5.x API of Drupal Core.
Please do not run it on a production site.

This release fixes a security vulnerability, all users of project 4.7.x-2.0 are urged to upgrade. For more details, see DRUPAL-SA-2006-031.

This release includes new database updates. After you upgrade, you should run update.php for your site:

• project_release_update_1(): Adds the {project_release_default_versions} table for branch-aware default versions and populates it the best it can. See #89538 for details.
• project_release_update_2(): Adds a new column to the {project_release_projects} table that determines if the development snapshot table should be shown on project nodes. See #101887 and #89539 for details.

Other changes since project 4.7.x-2.0:

Bugs fixed:

• #97173: Download link targets other project's tarball. We were missing an unset() from #93471 and that's causing the wrong download links to be used since we're always using the same project identifier.
• #96986: Minor bug in breadcrumb on releases (patch by Gurpartap, modified by dww to be slightly more clear, and to fix the $breadcumb[] element for the release itself, since we were using $node not $release).
• #97403 @webchick: make release node titles work correctly in php5.
• #78704 (patch by garywiz with slight code-style changes by dww): Project view permissions incorrectly override all other access controls.
• #97426: fixing php5 warning on admin/settings/project_release
• #100901: use drupal_set_breadcrumb(), not menu_set_location(). This also provides other breadcrumb cleanup and code simplification.
• #83140: Browse modules pages need informative page titles (in particular, when browsing by categories, since you used to have no way to know what category you were looking at).
• #97780: "Last updated:" was showing the date the release node was updated, not the date that the tarball was last updated. This is confusing and wrong, especially for development snapshots.

New features:

• #97128: don't make body required for project administrators
• #94000: adding $Name$ tags for automated version identification
• #97359: hide release nodes that don't have a file (except in issue queue)
• #100929: allow users with CVS access to edit project nodes
• #96971: make better use of tabs and subtabs on project nodes. Patch from comment #3
  by dww, to split up the project edit tab into subtabs for project, issues and releases. this paves the way for the admin UI in #89538.
• #89538: need branch-aware notion of "default" or "latest" releases. This adds a {project_release_default_versions} table that records the major version for each nid+tid pair. Provides a new admin UI on the
  "releases" subtab on the project edit tab to select the major for each compatibility term (tid), and modifies the SQL in the project browsing pages to use it. Includes project_release_update_1() to populate based on existing values from the 'version' field in {project_projects}.
• #89539: provide a table of downloads on the project node, not just a
  "default release" link.
• #101887: add setting to hide development snapshot table on project nodes. This includes project_release_update_2().
• #101601: table of downloads when filtering by [all] versions in project browsing pages. includes a bunch of improvements to project_release_table(), changing the arguments it takes, adding doxygen comments, etc.

Changes to the package-release-nodes.php script (used by the project_release.module):

• setting the path for php in package-release-nodes.php to /usr/bin/php
• #97043: incorrect md5 values for releases
• #97106: fix race condition in packaging script for branch vs. tag
• #97336: if there's already a package, only try to re-package it (and
  therefore re-publish the node) if the release node is published.
• #97405: don't repackage releases if nothing changed
• #97583: fixing watchdog() messages from packaging script. Added an ORDER BY on project names, so we can see progress in the watchdog better, too
• #97286: automatically insert human-readable version into .info files
• replacing theme_placeholder(foo) with theme('placeholder', foo).
• adding version info to the watchdog message when a translation is missing the [name].po file, so it's easier to track down the problem.
• #98277: add project identification to .info files. this will pave the way for #94154 (module page could say if new releases are available).

This release fixes a security vulnerability, all users of project (4.7.x-1.0 or 4.7.0 from before the new release system) are urged to upgrade. For more details, see DRUPAL-SA-2006-031.

Besides the security fix, the only other changes in this release are bug fixes since project-4.7.x-1.0:

• #94000: adding $Name$ tags for automated version identification
• #78704 (patch by garywiz with slight code-style changes by dww): Project view permissions incorrectly override all other access controls.
• #100901: use drupal_set_breadcrumb(), not menu_set_location(). This also provides other breadcrumb cleanup and code simplification.
• #83140: Browse modules pages need informative page titles (in particular, when browsing by categories, since you used to have no way to know what category you were looking at).

This is where bugs in the new release system will be fixed, and new features and future work will be resolved.

The initial stable release compatible with Drupal core 4.7.x. This is the code from before the new release system.

The initial release of the 4.7.x-2.x series which implements the new release system.
Note: if you are currently running the 4.7.x-1.x series, you should not update to the 4.7.x-2.x series until i've had a chance to write up documenation on the conversion process. If you have releases currently on your system, you will almost certainly need to modify some of the code in the conversion script included in this release to properly convert the releases on your site.