Release notes 1.23.1

docs/source/release_notes/release_notes.rst

@@ -5,6 +5,7 @@ Release Notes
 .. toctree::
     :maxdepth: 1
 
+    release_notes_1.23.1
     release_notes_1.23
     release_notes_1.22.1
     release_notes_1.22

docs/source/release_notes/release_notes_1.23.1.rst

@@ -0,0 +1,98 @@
+Koji 1.23.1 Release notes
+=========================
+
+All changes can be found at `pagure <https://pagure.io/koji/roadmap/1.23.1/>`_.
+Most important changes are listed here.
+
+Migrating from Koji 1.23
+------------------------
+
+No special actions are needed.
+
+PR#2579: Install into /usr/lib rather than /usr/lib64/
+
+Security Fixes
+--------------
+
+**web: XSS vulnerability**
+
+| PR: https://pagure.io/koji/pull-request/2652
+
+CVE-2020-15856 - Web interface can be abused by XSS attack. Attackers can supply
+subversive http links containing malicious javascript code. Such links were not
+controlled properly, so attackers can potentially force users to submit actions
+which were not intended. Some actions which can be done via web UI can be
+destructive, so updating to this version is highly recommended.
+
+System Changes
+--------------
+**Revert "timezones for py 2.7"**
+
+| PR: https://pagure.io/koji/pull-request/2569
+
+We've returned some behaviour which prevented time operations on py 2.7
+
+Library Changes
+---------------
+**lib: better argument checking for eventFromOpts**
+
+| PR: https://pagure.io/koji/pull-request/2517
+
+``eventFromOpts`` can now properly parse ``after`` and ``before`` arguments.
+
+Hub Changes
+-----------
+**hub: use CTE for build_references**
+
+| PR: https://pagure.io/koji/pull-request/2567
+
+This should improve kojira's performance in some cases.
+
+Builder Changes
+---------------
+**mergerepo uses workdir as tmpdir**
+
+| PR: https://pagure.io/koji/pull-request/2547
+
+Until now mergerepo used /tmp instead of workdir. It could lead to space
+exhaustion if there is not enough space there. Workdir gets cleaned more often.
+
+Web Changes
+-----------
+**disable links to deleted tags**
+
+| PR: https://pagure.io/koji/pull-request/2558
+
+**Only redirect back to HTTP_REFERER if it points to kojiweb**
+
+| PR: https://pagure.io/koji/pull-request/2504
+
+Utilities Changes
+-----------------
+**kojira: don't expire ignored tags with targets**
+
+| PR: https://pagure.io/koji/pull-request/2548
+
+Ignored tags' repos were expired even in case when they've had targets. It is
+fixed now and ignored tags are really ignored.
+
+**kojira: cache external repo timestamps by arch_url**
+
+| PR: https://pagure.io/koji/pull-request/2533
+
+Fix of bug which could have missed some split repositories updates.
+
+Documentation Changes
+---------------------
+
+**assign multicall to "m" in code example**
+
+| PR: https://pagure.io/koji/pull-request/2593
+
+**api docs**
+
+| PR: https://pagure.io/koji/pull-request/2509
+
+**python support matrix**
+
+| PR: https://pagure.io/koji/pull-request/2528

koji.spec

@@ -78,7 +78,7 @@
 %define release %{baserelease}
 %endif
 Name: koji
-Version: 1.23.0
+Version: 1.23.1
 Release: %{release}%{?dist}
 License: LGPLv2 and GPLv2+
 # the included arch lib from yum's rpmUtils is GPLv2+
@@ -586,6 +586,25 @@ rm -rf $RPM_BUILD_ROOT
 %systemd_postun kojira.service
 
 %changelog
+* Mon Jan  4 2021 Tomas Kopecek <tkopecek at redhat.com> - 1.23.1-1
+- PR#2603: hub: fix py2-like 'stop' usage in getFullInheritance
+- PR#2593: docs: assign multicall to "m" in code example
+- PR#2586: cli: some options are not supplied in all _list_tasks calls
+- PR#2579: Install into /usr/lib rather than /usr/lib64/
+- PR#2569: Revert "timezones for py 2.7"
+- PR#2547: builder: mergerepo uses workdir as tmpdir
+- PR#2558: web: disable links to deleted tags
+- PR#2548: kojira: don't expire ignored tags with targets
+- PR#2567: hub: use CTE for build_references
+- PR#2533: kojira: cache external repo timestamps by arch_url
+- PR#2515: to_list is not needed in py3 code
+- PR#2517: lib: better argument checking for eventFromOpts
+- PR#2504: Only redirect back to HTTP_REFERER if it points to kojiweb
+- PR#2526: sidetag: remove double "usage"
+- PR#2577: fix not found build id error for list-builds
+- PR#2509: doc: api docs
+- PR#2528: doc: python support matrix
+
 * Tue Jul 28 2020 Mike McLean <mikem at redhat.com> - 1.22.0-1
 - PR#2404: release bump and changelog
 - PR#2393: release notes - 1.22

koji/_version.py

@@ -1,2 +1,2 @@
-__version_info__ = (1, 23, 0)
+__version_info__ = (1, 23, 1)
 __version__ = '.'.join([str(x) for x in __version_info__])