Translations: English
Search on Docs:
ActionItem Search:

Noosfero, version 0.43.1

Daniela Soares Feitosa (1):
      Fixed html escape on suborganization plugin

Lucas Melo (2):
      chat.js: escape html tags in messages
      CustomFormsPlugin: order fields by creation time

Rodrigo Souto (3):
      Fixing performance issue with full blog view
      Fixing blog archives block performance issue
      Updating AUTHORS

Hello guys!

This is our bugfix release called Paumaris. It's a small version but has important performance optimizations. Check it out!

Performance optimizations

Blog Archives Block

This block is that one that shows the post counts by year/month of the user's block. Instead of just retrieving the counts, this block was loading all the blog posts on memory to then filter the counts on Ruby side. In some production environments where users have 2o thousands posts or so this block was slowing the request time pretty drastically and consuming a lot of memory. On this version it's just rerieving what it needs and it's blazing fast!

Search Tag

On the Search Tag view, when displaying blogs, the "last posts" field was doing the mistake we found on the Blog Archives Block in order to list just the last 3 posts. We also optimized this page.


Chat XSS Vulnerability

The chat was sending messages without filtering it's html. This was a big security vulnerability that permitted XSS attacks through the chat. We fixed this prbolem on this version.

Custom Forms fields order

The fields order on Custom Forms weren't being persisted after the form creation. This was causing some forms to became strange for the users with questions that should be in the end appearing on top. Now the fields positions are considered and the form always display them in the order they were positioned on its configuration.

Some more mistaken escaped html

We found some html that was still being escaped unnintentionally on the SubGroups plugin. They are fixed in this version.

About the tests

On the Blog Archives Block performance optimization we needed to use some PostgreSQL specific queries. This new code made some tests fail when running on an sqlite database. Since we are migrating to use only PostgreSQL on all of our environments (development, test and production) we'll not monkey patch or anything to solve this issue. That's true that at the same time our test suite is not fully passing with a PostgreSQL database but we are working on it.

That's all for this version. See you on the next one! o/

# Title Priority Tags Assigned To Who Cares Status
%CALC{$SUBSTITUTE(ActionItem2593,.*ActionItem,#,,r)}% Custom Foms fields order 10 colivre LucasMelo Done
%CALC{$SUBSTITUTE(ActionItem2682,.*ActionItem,#,,r)}% Chat displays unfiltered html from user input 10   LucasMelo Done
%CALC{$SUBSTITUTE(ActionItem2699,.*ActionItem,#,,r)}% Escaped html on suborganization plugin 0 colivre DanielaFeitosa Done
%CALC{$SUBSTITUTE(ActionItem2706,.*ActionItem,#,,r)}% Avoid load every post on Blog Archives Block 10   RodrigoSouto Done
%CALC{$SUBSTITUTE(ActionItem2714,.*ActionItem,#,,r)}% Blog view on Search#tag loading all posts in memory 10   RodrigoSouto Done
Total: R2:C0..R-1:C0: 1

MilestoneForm edit

Version 0.43.1
Codename Paumaris
Release 17 Jul 2013
Status Done
Topic attachments
I Attachment Action Size Date Who Comment
noosfero-0.43.1.tar.gzgz noosfero-0.43.1.tar.gz manage 18 MB 17 Jul 2013 - 07:50 RodrigoSouto abd27e20c8d8d404735669ba3d892dcaaae70b47
noosfero-apache_0.43.1_all.debdeb noosfero-apache_0.43.1_all.deb manage 6 K 17 Jul 2013 - 07:35 RodrigoSouto 848b22dd45d5c3f737f44d35731dad3a9cc56d20
noosfero_0.43.1_all.debdeb noosfero_0.43.1_all.deb manage 17 MB 17 Jul 2013 - 07:45 RodrigoSouto ae6763545c07853f1dca4c1f5a6677741527d0c1
This topic: Development > MilestoneItems > NoosferoVersion00x43x01
Topic revision: 22 May 2015, UnknownUser
Copyright © 2007-2019 by the Noosfero contributors
Colivre - Cooperativa de Tecnologias Livres