Release 5.7.1

v5.7.1

8 Nov 2021

This is a bugfix release.

Server upgrade instructions

This release contains database migrations. To apply them, run:

$ sudo -u apache /usr/bin/alembic -c /etc/bodhi/alembic.ini upgrade head

Summary of the migrations:

• Add End of life (eol) field to the releases (4241).

Backwards incompatible changes

• Query on both relevant Greenwave decision contexts for critical-path updates. Update.get_test_gating_info() now returns a list of decision dictionaries, not a single decision dictionary. The API endpoint /updates/{id}/get-test-results similarly now returns a single-key dictionary whose value is a list of decisions, not a single decision dictionary. (#4259).

Features

• Added support for release names ending with "N" such as EPEL next (#4222).
• Set a delta parameter of 30 days when quering datagrepper for bodhi-related user activity (#4255).
• Added support for setting flags in generated advisories to require logging out and logging back in for the update to take effect (#4213).
• Replace Greenwave decision change message consumer with ResultsDB and WaiverDB message consumers (#4230).

Bug fixes

• Fix an issue that caused the builds in a side-tag update to not be
  tagged correctly when the build list of the update was modified (#4161).
• Bodhi will now delete the side-tag in Koji when an update is pushed to stable. Builds that were tagged in the side-tag but were not pushed as part of the update will be untagged. This is required to make sure to not leave stale side-tags in the Koji database (#4228).
• Updates for archived releases cannot be edited anymore (#4236).
• Correctly mark automatic updates as critpath when appropriate (#4177).
• Fixed an issue with validators that prevents inconsistent refusal of bodhi override with maximum duration (#4182).
• Fixed an issue where the search result box was cutted off out of screen borders (#4206).
• Fixed a javascript bug which prevented the "waive tests" button to be displayed in UI (#4208).
• Fixed an issue with validators that prevented a side-tag update owner to edit their update after adding a build for which they don't have commit access (#4209).
• Avoid gating status ping-pong on update creation, assume status 'waiting' for 2 hours or until first failed test (#4221).
• For new packages submitted to repositories, the changelog was not generated and attached to the automatic Update. This prevented the bugs mentioned in the changelog to be closed by Bodhi (#4232).
• Staging Bodhi now uses staging Bugzilla URL for bug links (#4238).
• Fixed an issue where editing Updates always caused to set the request to Testing (#4263).

Development improvements

• Add End of life (eol) field to the releases (:

Release 5.7.0

v5.7.0

This is a feature release.

Features

• Query different Greenwave contexts for critical path updates, allowing for
  stricter policies to apply (:pr:4180).
• Use Pagure's hascommit new endpoint API to check user's rights to
  create/edit updates. This allow collaborators to push updates for releases
  for which they have commit access. (:pr:4181).

Bug fixes

• Fixed an error about handling bugs in automatic updates (:pr:4170).
• Side-tag wheren't emptied when updates for current releases were pushed to
  stable (:pr:4173).
• Bodhi will avoid sending both 'update can now be pushed' and 'update has been
  pushed' notifications at the same time on updates pushed automatically
  (:issue:3846).
• Clear request status when release goes EOL (:issue:4039).
• Allow bodhi to not operate automatically on bugs linked to in changelog for
  specific releases (:issue:4094).
• Use the release git branch name to query PDC for critpath components
  (:issue:4177).
• Avoid using datetime.utcnow() for updateinfo <updated_date> and <issued_date>
  elements, use "date_submitted" instead. (:issue:4189).
• Updates which already had a comment that they can be pushed to stable were
  not automatically pushed to stable when the stable_days threshold was
  reached (:issue:4042).

Contributors

The following developers contributed to this release of Bodhi:

• Adam Saleh
• Adam Williamson
• Clement Verna
• Daniel Alley
• Mattia Verga
• Andrea Misuraca

Release 5.6.1

v5.6.1

This is a bugfix release.

Bug fixes

Fix two reflected XSS vulnerabilities - CVE: CVE-2020-15855

Contributors

The following developers contributed to this release of Bodhi:

• Patrick Uiterwijk

Release 5.6

v5.6

This is a feature release.

Dependency changes

• Drop support for bleach 1.0 api (:pr:3875).
• Markdown >= 3.0 is now required (:pr:4134).

Server upgrade instructions

This release contains database migrations. To apply them, run::

$ sudo -u apache /usr/bin/alembic -c /etc/bodhi/alembic.ini upgrade head

Features

• Added a from_side_tag bool search parameter for Updates and allow searching
  for that and for gating status from WebUI (:pr:4119).
• Allow overriding critpath.stable_after_days_without_negative_karma based on
  release status (:pr:4135).
• Users which owns a side-tag can now create updates from that side-tag even if
  it contains builds for which they haven't commit access (:issue:4014).

Bug fixes

• Fix encoding of package and user names in search results (:pr:4104).
• Fix autotime display on update page (:pr:4110).
• Set update.stable_days to 0 for Releases not composed by Bodhi itself
  (:pr:4111).
• Ignore builds in Unpushed updates when checking for duplicate builds
  (:issue:1809).
• Make automatic updates obsolete older updates stuck in testing due to failing
  gating tests (:issue:3916).
• Fix 404 pages for bot users with nonstandard characters in usernames
  (:issue:3993).
• Fixed documentation build with Sphinx3 (:issue:4020).
• Serve the documentation directly from the WSGI application using WhiteNoise.
  (:issue:4066).
• Updates from side-tag for non-rawhide releases were not pushed to testing
  (:issue:4087).
• Side-tag updates builds were not editable in the WebUI (:issue:4122).
• Fixed "re-trigger tests" button not showed on update page (:issue:4144).
• Fixed a crash in automatic_updates handler due to get_changelog() returning
  an unhandled exception (:issue:4146).
• Fixed a crash in automatic_updates handler due to trying access update.alias
  after the session was closed (:issue:4147).
• Some comments orphaned from their update where causing internal server
  errors. We now enforce a not null check so that a comment cannot be created
  without associating it to an update. The orphaned comments are removed from
  the database by the migration script. (:issue:4155).
• Dockerfile for pip CI tests has been fixed (:issue:4158).

Development improvements

• Rename Release.get_testing_side_tag() to get_pending_testing_side_tag()
  to avoid confusion (:pr:4109).
• Added F33 to tests pipeline (:pr:4132).

Contributors

The following developers contributed to this release of Bodhi:

• Adam Saleh
• Clement Verna
• Justin Caratzas
• Jonathan Wakely
• Karma Dolkar
• Mattia Verga
• Pierre-Yves Chibon
• Rayan Das
• Sebastian Wojciechowski

Release 5.5.0

v5.5

This is a bugfix release.

Features

• Added metrics endpoint for scraping by Prometheus.
• Allowed querying releases and updates using graphql endpoint.

Bug fixes

• Disable manual creation of updates for releases not composed by Bodhi and add
  some bits in the docs on how to handle automatic updates not being created
  (:issue:4058).
• Fix TestCase validation upon feedback submission (:issue:4088).
• Do not let update through when bodhi fails to talk to greenwave.
  (:issue:4089).
• Fix package name encoding in URLs (:issue:4095).
• bodhi can't be installed from pypi (:issue:3919).

Contributors

The following developers contributed to this release of Bodhi:

• Adam Saleh
• Clement Verna
• Karma Dolkar
• Mattia Verga
• Pierre-Yves Chibon

Release 5.4.0

v5.4.0

This is a minor release.

Server upgrade instructions

This release contains database migrations. To apply them, run::

$ sudo -u apache /usr/bin/alembic -c /etc/bodhi/alembic.ini upgrade head

Summary of the migrations:

• Migrate relationship between TestCase and Package to TestCase and Build. The migration script will take care of migrate existing data to the new relation.
• The user_id column in comments table has been set to be not nullable.
• The notes column in buildroot_overrides table has been converted to UnicodeText (from Unicode).

Bug fixes

• Associate TestCase to Build instead of Package, allowing to remove old
  testcases from updates (:issue:1794).
• Replace koji krb_login with gssapi_login. (:issue:4029).
• Making sure that builds of side tag update for normal releases are marked as
  signed. (:issue:4032).
• Handle Cornice 5.0 JSON error handling. (:issue:4033).
• Cap buildroot overrides notes to a maximum of 2k characters and convert the
  database field to UnicodeText (:issue:4044).

Development improvements

• The user_id field in the comments table has been made not nullable. Some
  database joins have been tweaked to get better performance (:pr:4046).
• Always use koji.multiCall for untag/unpush for better handle updates with a
  lot of builds (:pr:4052).

Contributors

The following developers contributed to this release of Bodhi:

• Clement Verna
• Karma Dolkar
• Mattia Verga
• Miro Hrončok
• Sebastian Wojciechowski

v5.3.0

This is a minor release.

Dependency changes

• Splitted handle_update task into two celery tasks for bugs and testcases.
  These two new tasks will make use of Celery's autoretry_for and
  retry_backoff features to circumvent external services connection problems.
  retry_backoff needs Celery >= 4.2 (:pr:3989).

Features

• Associate bugs mentioned in rpm changelog to automatically created Rawhide
  updates; the bugs mentioned with the format fix(es)|close(s) (fedora|epel|rh|rhbz)#BUG_ID will be associated to the update and
  automatically closed (:issue:3925).

Bug fixes

• Use jquery-typeahead for bodhi searchbar and always show the input field
  (:issue:1455).
• Reset update.date_testing when editing builds (:issue:3493).
• Removed pending_testing tag when self.request is still in
  UpdateRequest.testing (:issue:3944).
• Fix the broken privacy policy link for update's comment box. (:issue:3971).
• Do not bound the database session created using TransactionalSessionMaker
  class to the object created.
  Since threads are sharing the memory binding to the session object, it makes
  it possible for threads to
  override a previous session leading to unexpected behaviours.
  (:issue:3979).
• Editing builds in an update should not remove override tags (:issue:3988).
• Make Test Cases look clickable. (:issue:4003).
• If an update include no builds, use alias as title (:issue:4012).

Development improvements

• Revise display for update's settings

  Showed a 'stable by karma: disabled' and a 'stable by time: disabled' in
  the UI when appropriate. Also added a 'Autotime: ' to the CLI output.
  (:issue:3957).

• Avoid using a database session in the tag_update_builds_task.
  (:issue:3981).

• Avoid using a database session in the handle side tag task. (:issue:3983).

• Ignore celery task's results we don't use. (:issue:3995).

Documentation improvements

• Reference the state that happens when an update is revoked (:issue:2902).
• Document the full set of bug trackers that can be reference in Bodhi's
  markdown.
  Also added a section to Bodhi's Sphinx docs about Bodhi markdown,
  and listed the bug trackers there as well. (:issue:3209).
• Add information to Bodhi docs that Bodhi has frozen release state
  (:issue:3505).

Contributors

The following developers contributed to this release of Bodhi:

• Clement Verna
• Karma Dolkar
• Mattia Verga
• Richard O. Gregory
• Tomas Kopecek

Release 5.2.2

v5.2.2

This is a bugfix release.

Bug fixes

• Only pass scalar argument to celery (part 2). Avoid the celery enqueuer
  emitting SQL queries to resolve attributes, and therefore opening new
  transactions. (:issue:8b30a825).

Contributors

The following developers contributed to this release of Bodhi:

• Clement Verna

Release 5.2.1

v5.2.1

This is a bugfix release.

Bug fixes

• Get the update object in the celery worker from the database.
  (:issue:3966).

Contributors

The following developers contributed to this release of Bodhi:

• Clement Verna

Release 5.2.0

This is a feature and bugfix release.

Features

• Added __current__, __pending__ and __archived__ macro filters to
  quickly filter Updates by Release status (:pr:3892).
• Added search filtering capabilities to the Overrides page (:pr:3903).
• Output the update install command into the bugs comments. Also change the
  stable_bug_msg and testing_bug_msg settings format to use placeholders in
  place of %s: if you have customized these settings you will need to adjust
  them to the new format. Here it is the list of the available placeholders:
  {update_title}, {update_beauty_title}, {update_alias}, {repo}, {install_instructions}, {update_url} (:issue:740).
• Tag builds for updates asynchronously using Celery tasks. (:issue:3061).
• Add a Liveness and Readyness endpoints for OpenShift probes. (:issue:3854).
• Allow revoking the push to stable action (:issue:3921).

Bug fixes

• Place 404 Not Found in the middle of the website (:pr:3835).
• RPM changelog was not automatically added in the notes for Rawhide updates as
  expected (:pr:3931).
• Add back the ability to add abitairy text as a build. (:issue:3707,
  :issue:3765).
• Allow to comment on update that were pushed to stable. (:issue:3748).
• Make comments submission to use common code with other forms and avoid
  clearing the spinner until the page refreshes (:issue:3837).
• Try to avoid timeout error when requesting latest_candidates with
  hide_existing=true (:issue:3841).
• Allow task id to be null in the bodhi.update.status.testing message schema.
  (:issue:3852).
• Sent UpdateReadyForTestingV1 only for rpm (:issue:3855).
• Prevent whitespaces string to be set as display name of an update
  (:issue:3877).
• Fixed pagination issue when using multiple values for the same filter
  (:issue:3885).
• Make sure we send the fedora-messaging messages before trigerring a celery
  task. (:issue:3904).
• Prevent updates from sidetags being stuck in Testing (:issue:3912).
• Do not allow to push back to testing a stable update (:issue:3936).

Development improvements

• Use existing db session when creating a package: Package.get_or_create()
  now requires a session object in input (:pr:3860).
• Use koji's multicall in tag_update_builds task (:pr:3958).

Other changes

• Use Celery Beat instead of cron jobs. The corresponding CLIs have been
  adjusted
  to trigger the task. They will still block until the task is done, but it may
  not be running on the host that the CLI was called on. The affected CLIs are:
  bodhi-clean-old-composes, bodhi-expire-overrides,
  bodhi-approve-testing, and bodhi-check-policies (:issue:2867).

Contributors

The following developers contributed to this release of Bodhi:

• Adam Saleh
• Aurélien Bompard
• Adam Williamson
• Clement Verna
• Eli Young
• Karma Dolkar
• Mattia Verga
• Michal Konečný
• Nils Philippsen
• Pierre-Yves Chibon
• Elliott Sales de Andrade
• Richard O. Gregory
• Rick Elrod
• Ryan Lerch
• Stephen Coady
• subhamkrai
• Sebastian Wojciechowski