Michal Čihař - Blog Archives for English

Weblate 2.14

Weblate 2.14 has been released today slightly ahead of the schedule. There are quite a lot of security improvements based on reports we got from HackerOne program, API extensions and other minor improvements.

Full list of changes:

  • Add glossary entries using AJAX.
  • The logout now uses POST to avoid CSRF.
  • The API key token reset now uses POST to avoid CSRF.
  • Weblate sets Content-Security-Policy by default.
  • The local editor URL is validated to avoid self-XSS.
  • The password is now validated against common flaws by default.
  • Notify users about imporant activity with their account such as password change.
  • The CSV exports now escape potential formulas.
  • Various minor improvements in security.
  • The authentication attempts are now rate limited.
  • Suggestion content is stored in the history.
  • Store important account activity in audit log.
  • Ask for password confirmation when removing account or adding new associations.
  • Show time when suggestion has been made.
  • There is new quality check for trailing semicolon.
  • Ensure that search links can be shared.
  • Included source string information and screenshots in the API.
  • Allow to overwrite translations through API upload.

If you are upgrading from older version, please follow our upgrading instructions.

You can find more information about Weblate on https://weblate.org, the code is hosted on Github. If you are curious how it looks, you can try it out on demo server. You can login there with demo account using demo password or register your own user. Weblate is also being used on https://hosted.weblate.org/ as official translating service for phpMyAdmin, OsmAnd, Turris, FreedomBox, Weblate itself and many other projects.

Should you be looking for hosting of translations for your project, I'm happy to host them for you or help with setting it up on your infrastructure.

Further development of Weblate would not be possible without people providing donations, thanks to everybody who have helped so far! The roadmap for next release is just being prepared, you can influence this by expressing support for individual issues either by comments or by providing bounty for them.

Weekly phpMyAdmin contributions 2017-W19

Last week I finally got to doing something else than bug screening and fixing.

First of all the daily snapshots were improved in order to indicate the snapshot detail on our website, so that it's clear when it has been built and from which Git commit.

I've also looked at long outstanding issue of removing eval() usage from our codebase. The last piece where it has been used for Advisor and there is now my pull request to get rid of that.

Second long annoying thing is that we really don't have theme metadata in some easy to read format. Some of the information is set by PHP code and that's not really something you want to use to just get theme name, author or compatibility (actually the last bit is not really there). I've rewritten this to use JSON and there is pull request to implement the changes.

Probably both pull requests will land into master this week.

Handled issues:

New projects on Hosted Weblate

Hosted Weblate provides also free hosting for free software projects. The hosting requests queue was over one month long, so it's time to process it and include new project.

This time, the newly hosted projects include:

We now also host few new Minetest mods:

If you want to support this effort, please donate to Weblate, especially recurring donations are welcome to make this service alive. You can do them on Liberapay or Bountysource.

Weekly phpMyAdmin contributions 2017-W18

Last week I finally got back to work after mostly two weeks of vacation, so there was quite a lot of things to do. I've merged several pull requests, gone through incoming bugs and generally did some cleanup in our issue trackers.

I've also worked on new daily snapshots of our code, which are now available for download of for use from Docker Hub.

Handled issues:

New daily snapshots for phpMyAdmin

We have stopped providing daily snapshots for phpMyAdmin pretty much at time we've moved to GitHub, which allowed to download any branch as zip file. However since introduction of Composer to manage our dependencies, additional steps were required to get working copy of phpMyAdmin out of the snapshots.

Since today the ready to use snapshots are available again. They will be updated every day and are built in exactly same way as our releases, so all you need to do is download them and start using.

These snapshots can be also used from Docker - the phpMyAdmin image now has brand new tags edge-4.7 and edge-4.8 which are updated with every snapshot and contain latest changes from development branches.

Weekly phpMyAdmin contributions 2017-W17

I got back to work last week after vacation I had. The GSoC selection process is almost done (in two days the accepted students will be announced by Google) and things got again a bit calmer, so the usual amount of bug fixing and pull requests review has been done.

One thing worth mentioning is that we have started to use Twig templates and first templates were just ported to this. It will better enforce logic separation from the templates and also it makes templates easier to read.

Handled issues:

Weekly phpMyAdmin contributions 2017-W15

Last week was a bit shorter for me due to Easter, but still quite some work has been done. My time was mostly was spent on Docker and handling pull requests.

Anyway you won't see my report next week as I'm having few days off.

Handled issues:

Weblate 2.13.1

Weblate 2.13.1 has been released quickly after 2.13. It fixes few minor issues and possible upgrade problem.

Full list of changes:

  • Fixed listing of managed projects in profile.
  • Fixed migration issue where some permissions were missing.
  • Fixed listing of current file format in translation download.
  • Return HTTP 404 when trying to access project where user lacks privileges.

If you are upgrading from older version, please follow our upgrading instructions.

You can find more information about Weblate on https://weblate.org, the code is hosted on Github. If you are curious how it looks, you can try it out on demo server. You can login there with demo account using demo password or register your own user. Weblate is also being used on https://hosted.weblate.org/ as official translating service for phpMyAdmin, OsmAnd, Aptoide, FreedomBox, Weblate itself and many other projects.

Should you be looking for hosting of translations for your project, I'm happy to host them for you or help with setting it up on your infrastructure.

Further development of Weblate would not be possible without people providing donations, thanks to everybody who have helped so far! The roadmap for next release is just being prepared, you can influence this by expressing support for individual issues either by comments or by providing bounty for them.

Weblate 2.13

Weblate 2.13 has been released today pretty much on the schedule. The most important change being more fine grained access control and some smaller UI improvements. There are other new features and bug fixes as well.

Full list of changes:

  • Fixed quality checks on translation templates.
  • Added quality check to trigger on losing translation.
  • Add option to view pending suggestions from user.
  • Add option to automatically build component lists.
  • Default dashboard for unauthenticated users can be configured.
  • Add option to browse 25 random strings for review.
  • History now indicates string change.
  • Better error reporting when adding new translation.
  • Added per language search within project.
  • Group ACLs can now be limited to certain permissions.
  • The per project ALCs are now implemented using Group ACL.
  • Added more fine grained privileges control.
  • Various minor UI improvements.

If you are upgrading from older version, please follow our upgrading instructions.

You can find more information about Weblate on https://weblate.org, the code is hosted on Github. If you are curious how it looks, you can try it out on demo server. You can login there with demo account using demo password or register your own user. Weblate is also being used on https://hosted.weblate.org/ as official translating service for phpMyAdmin, OsmAnd, Aptoide, FreedomBox, Weblate itself and many other projects.

Should you be looking for hosting of translations for your project, I'm happy to host them for you or help with setting it up on your infrastructure.

Further development of Weblate would not be possible without people providing donations, thanks to everybody who have helped so far! The roadmap for next release is just being prepared, you can influence this by expressing support for individual issues either by comments or by providing bounty for them.

Weekly phpMyAdmin contributions 2017-W14

It's hard for me to pinpoint something from last week - it had usual amount of fixes, pull requests on both phpMyAdmin, Docker image and SQL parser.

Overall I feel we've already piled up quite a lot of fixes over 4.7.0, maybe it's time to reconsider the two monthly schedule, to push the fixes more frequent to users. I'm really unsure how to balance the release schedule. With one month cycle, the releases seem to come too frequently, but with two months, there are quite a lot of fixes in the release which probably could have been released earlier...

Handled issues: