Release v0.32.0

Changes for v0.32.0

• Combined the pgxn_consumer PID number and file location into one output.
• Configured handlers for INT, TERM, and QUIT signals to log flagging for shutdown in the next loop.
• Fixed invalid license example in the META spec.
• Added a logger to the Consumer and the Mastodon and Twitter handlers, so that they now log debug and info messages about what's being sent.
• Moved PID file cleanup from the DEMOLISH method to the run method, and the signal handlers, where it should always execute at least once. This will hopefully fix the issue where the consumer mysteriously ceases running and doesn't remove its PID file, so never restarts.
• Replaced use of the deprecated given/when syntax with plain old if/elsif/else.
• Moved doc/howto.md to lib/PGXN/Manager/Locale/en, added bin/format_l10n_docs to convert it to HTML, and added from_file to PGXN::Manager::Locale to find and returns its contents. This allows it to be removed from the Locale %Lexicon, which was a ridiculous waste of memory, and also prevents it from being processed by Locale::Maketext, which requires tildes to escape brackets and trailing backslashes (#76).
• Added the release status to Twitter and Mastodon toots for testing and unstable releases (#72).

Release v0.31.1

Changes for v0.31.1

• Restored the writing of the PID file, accidentally removed in v0.31.0. Added tests to ensure continues to be passed properly.

Release v0.31.0

Changes for v0.31.0

• Added the application names (pgxn_manager and pgxn_consumer) to the Postgres connections.
• Updated pgxn_consumer to delete the PID file on exit.
• Updated tag stats to lowercase the tag name, both for consistency across updates for this case-insensitive value, as well as for test consistency.
• Fixed test failures on Postgres 16 by replacing PL/Perl-based mocks with pure SQL.

Release v0.30.1

Changes for v0.30.1

• Added the --log-file option to pgxn_consumer.

Release v0.30.0

Changes for v0.30.0

• Upgraded jQuery to v3.6.0 and the jquery.validate plugin to 1.19.3.
• Switched to serve jQuery and jquery.validate locally rather than from CDNs. This eliminates a vector for data collection by the CDNs.
• Fixed an error when a the forgotten password form is submitted with an invalid label value.
• Replaced the Twitter posting hack with an extensible, event-oriented system based on PostgreSQL LISTEN/NOTIFY queues, and a new client, pgxn_consumer to process events and post them to Twitter and Mastodon. Requires a configuration change to enable event handlers.
• Fixed character encoding in emails.

Release v0.22.0

Changes for v0.22.0

• Re-implemented the basic auth middleware to prevent passwords from appearing in stack traces.
• Enabled fixup mode for the database connection, so the service can auto-recover from database downtimes.
• Switched from command-line binaries to pure Perl modules for extracting archives. Not sure why it preferred binaries up to now, but preferring Pure Perl eliminates a lot of IO::Select warnings that were really messing with things.
• Changed some internal error propagation to use blessed arrays rather than plain arrays, to prevent confusing any doe that might try to call isa() on them (as was happening when preferring command-line tools for extraction).

Release v0.21.0

Changes for v0.21.0

• Updated the password hashing to a much slower and therefor more secure algorithm (blowfish with 9 iterations).
• Refactored the password algorithm selection into a function so that it can more easily be changed in the future.
• Changed the minimum password length from 4 to 8 characters.
• Added clear_password() SQL function as a tool for admins to set a user password to a random string and create a reset token.
• Added the reset_password command to pgxn_maint for admins to use to clear one or more user passwords and send emails to those users with links to create new passwords.

Release v0.20.2

Changes for v0.20.2

• Switched to a more appropriate README icon in the distribution view, and changed the background color for a bit more contrast.
• Simplified Request->uri_for and fixed the URI included in account request emails.
• Removed unused method from PGXN::Manager::Distribution.
• Fixed an issue processing uploaded files with no directory prefix. Thanks to Damien Clochard for the test case.

Release v0.20.1

Changes for v0.20.1

• Removed the Capfile and eg directory from the source (and distribution). Examples for managing PGXN can now be found in the pgxn/pgxn-ops repository on GitHub.
• Replaced all icons with SVG icons from the icons8/flat-color-icons project.
• Updated the favicons for best support on modern browsers, including SVG and ICO variants, as well as special cases for iOS and Android devices.
• Added titles to new account moderation buttons.
• Improved the layout of the new account request userinfo popover so that it is in front of everything else and does not overlap with the side nav.

Release v0.20.0

Changes for v0.20.0

• Explicitly loading Email::Address in PGXN::Manager::Controller to avoid an issue where it's not loaded at all.
• Return a 404 instead of an error on an invalid semantic version when requesting a distribution and version (issue #66).
• Require SemVer v0.10.0 and pg-semver 0.3.10. These releases properly support the semver 2.0.0 spec (aside from version parts larger than 32 bits).
• Updated all URLs with HTTPS variants to use HTTPS.
• Regenerated the HOWTO HTML using MultiMarkdown, so as to get heading IDs for direct linking and with a language class for the code examples.
• Distribution versions are now allowed to be less than than previous release versions if they update existing major or minor versions. So if you have versions 2.0.0, 2.2.1, and 2.4.2, you can release 2.0.1, 2.2.2, 2.4.3, 2.5.0, or 3.0.0, but not 2.0.0-r1, 2.2.0, or 2.3.0. This should allow for the release of updates to older versions without otherwise creating new major or minor versions that were not previously released. Thanks to Geoff Montee for the report! (#52).
• Extension versions are no longer checked to ensure they're greater than or equal to previous versions. It's simply not feasible to check for appropriate extension versions while allowing the release of lower distribution versions as described in the last point without introducing an extremely convoluted set of rules we're likely to get wrong, and likely annoy at times even if they're right. Better to check for sensible distribution versions and let authors be responsible for proper extension version hygiene.
• Fixed the email sent to the PGXN admins on error to redact HTTP_AUTHORIZATION header from the environment dump.
• Fix the quoting for the reason for a new user request in the email sent to admins.
• Fixed the request object to read X_ variables from the Plack environment with a leading HTTP_. In other words, read HTTP_X_FORWARDED_FOR not X_FORWARDED_FOR. This seems to be how X_ variables are loaded by Plack.
• Worked around a situation where Plack gives an uploaded file a meaningless temporary name that Archive::Extract cannot detect the archive type for. Requires the Archive::Extract 0.88. Thanks to Sandro Santilli ror the report and Philippe Beaudoin for providing a file with which replicate the issue (#61).
• Eliminated the /pub app and moved the /auth app to /. The entire site is now served by the / app, so that it can be fully encrypted. Basic auth is enabled for those parts of the site that require authentication, but the rest is publicly available, including the home page, about, howto, etc. The /pub and /auth apps now simply redirect to the / app, in case they're still used, although the reverse proxy configuration should be updated to do the same, to avoid calling the /pub and /auth apps at all, only /.
• Updated the format of version check errors to show the distribution releases the conflicts are found in.
• Added the /login path and made it the URL for the "Log In" link on unauthenticated pages. It requires auth and simply redirects to /distributions for now.
• Dropped support for running PGXN Manager on PostgresSQL 11 or lower.
• Removed the Pod tests from the release.
• Fixed a server error when the account registration form is submitted with no nickname.