7.1.0

Released on 2023-03-11.
This is a feature release.

Dependency changes

• Bodhi now uses pymediawiki instead of the unmaintained simplemediawiki to fetch test cases (#4852).

Features

• bodhi-messages is updated to include additional properties in the message schemas. The additional properties are: app_name, agent_name, and __str__ (#4950).

Bug fixes

• Retrieving sidetags list for a user not known to Koji caused an exception in bodhi-server (#4994).
• Added support for bleach >= 6.0.0 (#5003).
• bodhi-client: do not run koji wait-repo when expiring a buildroot override (#4830).
• bodhi-client: fix --version option (#4981).
• Update notes are now capped to a default of 10k characters, the value can be customized in config (#4982).
• Fixed webUI template where karma and comment icons where misaligned at highly commented discussions (#4986).
• Fixed the template of the update details page, where the testcases tab was always empty (#5000).
• The link to the test gating tab in the update page was fixed (#5032).
• The composer is now safer about not triggering stable composes for frozen releases (#5080).
• Rawhide updates which are obsoleted before being pushed will now not be pushed to stable to avoid confusion (#5113).
• Frozen releases didn't show up in filters (#5115).

Contributors

The following developers contributed to this release of Bodhi:

• Kevin Fenzi
• Mattia Verga
• Ryan Lerch

7.0.1

Released on 2023-01-14.
This is a bugfix release.

Bug fixes

• Fixed template in overrides list page which prevents the display of filters dropdown (#4844).
• Fixed a possible XSS attack vector in update_form.js (#4845).

Contributors

The following developers contributed to this release of Bodhi:

• Mattia Verga

Release 7.0.0

Released on 2022-11-26.
This is a major release that fully enables frozen release state in bodhi-server and adds Kerberos authentication to bodhi-client.

Server upgrade instructions

This release contains database migrations. To apply them, run

$ sudo -u apache /usr/bin/alembic -c /etc/bodhi/alembic.ini upgrade head

Features

• Bodhi client now autenticates using Kerberos by default and falls back to browser-based OIDC mechanism. (#4602).
• Critical path information can now be read from JSON files (in the form output by the releng critpath.py script), using config options critpath.type = json and critpath.jsonpath (#4755).
• Frozen releases updates will now be forced into testing before being pushed to stable #4831).
• The new update form UI will now display a warning when a release is approaching EOL (#4834).
• Bodhi-push now defaults to push only testing composes for frozen releases (#4478).

Bug fixes

• Editing a stuck Rawhide side-tag update (usually when gating tests fail) will no more cause builds to be tagged with the release candidate-tag to prevent the automatic update consumer from creating an automatic update and breaking the side-tag update (#4745).
• Bodhi client will not show the secret in terminal when logging in via browser (#4814).
• The check_signed_builds sometimes failed to unstuck updates due to the use of a wrong tag (#4819).
• Updateinfo.xml metadata generation has been changed in order to try to fix errors reported by yum on EPEL (#2487).
• Releases in frozen state will now be listed in the release page and a warning box will be showed for updates of those releases (#4103).
• The date_approved property of the Update model is now set when the update is ready to be pushed to stable (#4171).
• Scenario is now included in request data when waiving test results (#4270).
• The update page now shows a single combined gating status, instead of listing the result of each separate greenwave query (#4320).
• Bodhi-client now raises a generic SysExit exception instead of click.exceptions.Abort when a user aborts authentication, so external scripts can avoid importing Click in their code (#4623).

Development improvements

• Bodhi client now supports configuring OIDC storage path. (#4603).
• For gating, Bodhi now queries all Greenwave 'decision contexts' together, reducing the number of queries needed. (#4821).
• References to never used side_tag_active and side_tag_expired update statuses and the Update.side_tag_locked property have been removed (#4823).
• The date_pushed database column of the Update model has been dropped and replaced by a property, no change should be noticeable to users (#4837).

Contributors

The following developers contributed to this release of Bodhi:

• Aurélien Bompard
• Adam Williamson
• Maxwell G
• Mattia Verga
• Matej Focko
• Tomas Tomecek

Release 6.0.1

Released on 2022-06-23. This is a bugfix release.

Dependency changes

• Remove the dependency on WhiteNoise since the documentation has moved to Github (#4555).
• Updated bundled chartJS component to 3.8.0 (#4561).

Features

• Allow disabling autokarma, autotime and close-bugs when editing an update by CLI (#4564).

Bug fixes

• Fix a small template issue about the karma thumbs display (#4562).
• Autokarma, autotime and close-bugs automatisms may have been accidentally overridden when editing updates by CLI (#4563).
• In very peculiar circumstances, side-tag Rawhide updates may remain stuck if a user posts a negative karma or tries to set a request before Bodhi automatically pushes the update to stable (#4566).
• Don't crash when Ipsilon has no userinfo (#4569).

Contributors

The following developers contributed to this release of Bodhi:

• Aurélien Bompard
• Mattia Verga

Release 6.0.0

This is a major release that adds authentication with OpenID Connect.

Backwards incompatible changes

• Support authentication with OpenID Connect, in addition to OpenID. The old OpenID authentication can be accessed by using /login?method=openid as the login URL. The bodhi client is switched to OIDC entirely, plain OpenID support has been dropped. Depending on the OIDC provider’s capabilities, users may have to run the bodhi client on a host that has a browser. This will not be the case in Fedora as OOB support has been recently added to Ipsilon. (#1180).

Dependency changes

• Dependencies are now managed by Poetry (#4376).
• Enable Dependabot (#4454).

Features

• Add update property to koji-build-group.build.complete messages (#4381).
• Extend save_override() to set the expiration date of an override directly. (#4431).

Bug fixes

• Handle invalid characters in RSS export (PR#4513).
• Fixed a style issue in the web UI where images posted in comments exceed box width (#4327).
• Fix the copyright year in the footer going stale by programatially setting the year. (#4401).
• Bodhi will now obsolete updates being pushed to stable when a newer build is pushed to stable (#4446).
• Exclude the composes property when serializing the Release object to avoid recursion (#4447).
• Adding or removing builds from a side-tag update by CLI causes the from_tag property to be removed (#4452).
• Updates comments with negative karma are now highlighted in red in the webUI (#4500).
• The "karma thumb" now will show any mixed combination of positive/negative votes, rather than the overall count (#4501).
• Fixed a tagging problem when updating the builds list in a side-tag update (#4551).

Contributors

The following developers contributed to this release of Bodhi:

• Adam Saleh
• Aurélien Bompard
• Adam Williamson
• Lenka Segura
• Mattia Verga
• Miro Hrončok
• Ryan Lerch
• Tomáš Hrčka

Release 5.7.5

v5.7.5

This is a feature release.

Features

• Prepare the Bodhi client to be compatible with an OIDC-enabled server. (#4391).

Contributors

The following developers contributed to this release of Bodhi:

• Aurélien Bompard

Release 5.7.4

v5.7.4

25 Jan 2022

This is a bugfix release that should help with several more problems after 5.7.3 release.

Features

• Automatic updates consumer can now identify new packages and mark updates with the appropriate type (#4324).
• Detect stuck updates with builds that were never been sent to pending-signing and unstuck them (#4307).

Bug fixes

• Bodhi will now retry to get a build changelog if Koji returns empty rpm headers. See also https://pagure.io/koji/issue/3178 (#4316).
• Fixed an issue about some bug title never fetched from Bugzilla (#4317).

Contributors

The following developers contributed to this release of Bodhi:

• Adam Saleh
• Aurélien Bompard
• Adam Williamson
• Lenka Segura
• Mattia Verga

Release 5.7.3

v5.7.3

8 Dec 2021

This is a bugfix release that should help with several more problems
after 5.7.2 release.

Bug fixes

• Fixed an issue where Bodhi was throwing 5xx "NoSuchColumnError testcases.id" errors because of a misconfigured table (#4302).

Release 5.7.2

v5.7.2

26 Nov 2021

This is a bugfix release that should help with several problems after 5.7.1 release.

Bug fixes

• Fixed an issue where JSON serialization of a TestCase object hangs
  the server (#4278).
• Fixed a possible call to Koji listTagged() passing an empty tag name
  (#4280).
• Bodhi will now try to resubmit a build to signing if it detects that
  is stuck in pending signing for some time (#4300).

Contributors

The following developers contributed to this release of Bodhi:

• Adam Saleh
• Mattia Verga

Release 5.7.1

v5.7.1

8 Nov 2021

This is a bugfix release.

Server upgrade instructions

This release contains database migrations. To apply them, run:

$ sudo -u apache /usr/bin/alembic -c /etc/bodhi/alembic.ini upgrade head

Summary of the migrations:

• Add End of life (eol) field to the releases (4241).

Backwards incompatible changes

• Query on both relevant Greenwave decision contexts for critical-path updates. Update.get_test_gating_info() now returns a list of decision dictionaries, not a single decision dictionary. The API endpoint /updates/{id}/get-test-results similarly now returns a single-key dictionary whose value is a list of decisions, not a single decision dictionary. (#4259).

Features

• Added support for release names ending with "N" such as EPEL next (#4222).
• Set a delta parameter of 30 days when quering datagrepper for bodhi-related user activity (#4255).
• Added support for setting flags in generated advisories to require logging out and logging back in for the update to take effect (#4213).
• Replace Greenwave decision change message consumer with ResultsDB and WaiverDB message consumers (#4230).

Bug fixes

• Fix an issue that caused the builds in a side-tag update to not be
  tagged correctly when the build list of the update was modified (#4161).
• Bodhi will now delete the side-tag in Koji when an update is pushed to stable. Builds that were tagged in the side-tag but were not pushed as part of the update will be untagged. This is required to make sure to not leave stale side-tags in the Koji database (#4228).
• Updates for archived releases cannot be edited anymore (#4236).
• Correctly mark automatic updates as critpath when appropriate (#4177).
• Fixed an issue with validators that prevents inconsistent refusal of bodhi override with maximum duration (#4182).
• Fixed an issue where the search result box was cutted off out of screen borders (#4206).
• Fixed a javascript bug which prevented the "waive tests" button to be displayed in UI (#4208).
• Fixed an issue with validators that prevented a side-tag update owner to edit their update after adding a build for which they don't have commit access (#4209).
• Avoid gating status ping-pong on update creation, assume status 'waiting' for 2 hours or until first failed test (#4221).
• For new packages submitted to repositories, the changelog was not generated and attached to the automatic Update. This prevented the bugs mentioned in the changelog to be closed by Bodhi (#4232).
• Staging Bodhi now uses staging Bugzilla URL for bug links (#4238).
• Fixed an issue where editing Updates always caused to set the request to Testing (#4263).

Development improvements

• Add End of life (eol) field to the releases (: