Workflow

Ihatemoney

Latest version: v6.1.5

Safety actively analyzes 682387 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 3 of 4

5.0.1

Not secure
- Include images in the package archives (872)

5.0.0

Not secure
Breaking changes

- Include project code into project authentication token. This
invalidates all existing API tokens and invitation links from
previous versions (802 843)
- Drop support for Python 2 (483)
- Drop support for Python 3.5 (571)
- Drop support for MySQL (743)
- Require MariaDB version 10.3.2 or above (632)
- Enable session cookie security by default (845)
- Change token path authentication to /{project}/join/{token} (843)

The minimum supported version is now Python 3.6, and the project is
tested with up to Python 3.9

See [upgrade instructions](https://ihatemoney.readthedocs.io/en/latest/upgrade.html)
to make sure the upgrade goes smoothly.

Security

- Add CSRF validation on destructive actions (796)
- Ask for private code to delete project or project history (796)
- Add headers to mitigate Clickjacking, XSS, and other attacks:
[X-Frame-Options]{.title-ref}, [X-XSS-Protection]{.title-ref},
[X-Content-Type-Options]{.title-ref},
[Content-Security-Policy]{.title-ref}, [Referrer-Policy]{.title-ref}
(845)
- Add URL validation to external link to prevent XSS (846)

Added

- Allow to import previously exported json data (518)
- Add new optional field "external link" in bill form (429)
- Add optional currencies to project and bills (541, 864)
- Add new statistics showing monthly expenses (526)
- Add pagination to the list of bills (480)
- Add sorting, pagination, and searching to the admin dashboard (538)
- Add Project History page that records all changes (553)
- Add token-based authentication to the API (504)
- Add illustrations as a showcase, currently only for French (544)
- Add a page for downloading mobile application (688)
- Add optional support for a simple CAPTCHA (844)
- Add translations for Greek, Esperanto, Italian, Japanese, Portuguese
and Swedish
- Publish an [official docker
image](https://hub.docker.com/r/ihatemoney/ihatemoney)

New settings

- Add
[ENABLE_CAPTCHA](https://ihatemoney.readthedocs.io/en/latest/configuration.html#enable-captcha)
setting (844)
- Use and document
[SESSION_COOKIE_SECURE](https://ihatemoney.readthedocs.io/en/latest/configuration.html#session-cookie-secure)
setting (845)
- Use and document
[BABEL_DEFAULT_TIMEZONE](https://ihatemoney.readthedocs.io/en/latest/configuration.html#babel-default-timezone)
setting (590)

Changed

- Use the external debts lib to solve settlements (476)
- Remove balance column in statistics view (323)
- Make language choice persistent (547)
- Localize date strings in the current language (590)
- Differenciate "flash alerts" notifications (594)
- Display "flash messages" persistently instead of making them
disappear (856)
- Improve menu bar spacing, put history and settings in a submenu
(739)
- Change Dockerfile to install python dependencies at build time
(793)
- Updating project settings doesn\'t require to enter or update
project code (774)
- Bump dependencies: WTForms (768) jinja2 (753) itsdangerous (756)
flask (755 757 764)
- Remove requirements files in favor of setup.cfg pinning (558)
- Make language choice persistent (547)
- Flash messages must be dimissed manually (856)
- Increased the font size of the logo (828)

Fixed

- Improve input of email addresses when inviting people to join a
project (133)
- Fix order of participants in the statistics page (608)
- Clarify project edition form: private code is not required (774)
- Fix Python dependency contraints to be less strict
- Improve documentation (781 819 821)
- Fix datepicker that was displayed twice on some browsers (221)
- Members weight are now rounded to 2 decimal (838)

Documentation

- Reorganize "Contributing" documentation to be more accessible to
new contributors
- Improve documentation regarding database migrations (569)
- Added a page about [the security
model](https://ihatemoney.readthedocs.io/en/latest/security.html)
(858)

4.1.5

Not secure
This release fixes a [serious security
issue](https://github.com/spiral-project/ihatemoney/security/advisories/GHSA-67j9-c52g-w2q9).

All users are encouraged to upgrade.

Fixed

- Fix unauthorized access and modification of project data
(CVE-2020-15120) (663)

Changed

- Change mobile icon link (598)
- Improve French translation of email templates (593)

Added

- Add translations for Portuguese (Brazil), Tamil, Hindi

4.1.4

Not secure
This is a bugfix-only release. It is almost certainly the last release
to support Python 2: you should upgrade to Python 3!

Fixed

- Fix failed installation because dependencies were not being pinned
(540, 545, 558)
- backend: Trim usernames to remove leading or trailing spaces. This
avoids a situation where different names can be visually identical
(367)
- backend: Fix API to forbid project creation when the
[ALLOW_PUBLIC_PROJECT_CREATION]{.title-ref} setting is set to false
(496)
- backend: Fix crash when a localized email template is missing (592)
- backend: Fix language code parsing (589)
- backend: Improve error handling when sending emails (595)
- UI: Fix datepicker that was being displayed twice on some browsers
(221)
- UI: Fix "Submit and add a new one" button that had no effect when
adding a bill (498)
- UI: Prevent bill cancellation when cancelling autocomplete (506)
- UI: Fix responsive width of homepage on small screns (549)
- UI: Fix color of the "Add a member" button (499)
- UI: Fix missing HTML tag (583)
- UI: Fix a small typo in the french project-reminder email (486)
- UI: Fix typo on message displayed when adding a member (575)
- UI: Fix incorrect tool-tip message about the private code (623)
- UI : Fix bug on tool-tip message (635)

Added

- Add translations for German, Spanish (latin-america), Norwegian
(bokmål), Indonesian, Polish, Russian, Chinese, Turkish, Ukrainian
- Update translations for all languages

4.1.3

Not secure
Fixed

- Fix packaging. Previous (4.1) release wasn\'t pip-installable on all
systems.
- Fix readme and requirements.txt to upload to PyPI.

Changed

- Display password reminder message on a new page rather than on a
flash message (455, 469)

4.1

Not secure
Added

- Add a `compress_assets` target in the makefile to compress PNG
(459)
- Document how to use systemd (435)
- Add support for python 3.7
- Add links to documentation, mobile app and git repository in the
footer (445)
- Use weblate to handle translations
- Add dutch translation
- Add project switcher on login page if already logged (445)

Changed

- Documentation has been cleaned and reorganised.
- Display a placeholder when no entries are present in the bill list.
(457)
- Disable the "add bill" action until members are present (457)
- Improve invitations UX (451)
- In the bills list, display the "added on" column as a tooltip
(443)
- Updated bootstrap to latest stable (440)
- Improved "project already exists" message (442)
- Improve usability specially for small screen (441)
- Replace export forms by links (450)
- Rework homepage design (445)
- Docker now downloads IHM from PyPI or the reference git repo (446)
- Arrange navbar items by functions (445)

Page 3 of 4

Links

Releases

Has known vulnerabilities

Previous Next

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.