Hi Alexander, I'm writing you privately because I don't want the main thread to go off-topic
Thanks for your roadmap to 1.7.0.. seems very very juicy! About the "COUCHDB-2752: Validate Host header" in your list. As documented here (https://issues.apache.org/jira/browse/COUCHDB-2752), to me it seems that flag can perfectly be used in the proposed way here: http://couchdb.markmail.org/message/q2623pzw7lt73lcg?q=CouchDB+secure+even+withouth+a+proxy Do you confirm? --Giovanni 2015-11-12 16:05 GMT+01:00 Alexander Shorin <kxe...@gmail.com>: > Dear CouchDB team, > > While we're all working on 2.0 is in progress, I fear that we'll end > this year without a single release. Technically, there is only one > month left till 2016 excluding holidays, but let's be honest - that's > not enough for 2.0. So I propose the plan for 1.7 release to not end > this year with empty list. > > There are a couple of important changes that we have for it and users > are waiting for. Primary is the Erlang 18 compatibility, but not only. > > What we already have on 1.x.x branch: > > - COUCHDB-1011: replicate by document ids from futon > - COUCHDB-1275: decode database names in recent used list > - COUCHDB-2225 Enforce that shared libraries can be built by the system > - COUCHDB-2430: Disable Nagle's algorithm > - COUCHDB-2583: fix connection dropping by the resources which doesn't > require any payload > - COUCHDB-2761: Support glibc >= 2.20 > - COUCHDB-2783: Bind both to IPv4 and IPv6 > - Futon: Fixed potential XSS issue in jquery.ui > - jquery.couch: Fixed document copying > - sslv3 support is deprecated > - Support for user configurable SSL ciphers > - Multiple minor documentation fixes > - Support Erlang 18 > > What we can backport without worry: > > - COUCHDB-1356: Return username on POST to /_session > - COUCHDB-1447: X-Couch-* headers missed if custom headers were returned > - COUCHDB-1964: eunit test suite > - COUCHDB-2310: /db/_bulk_get > - COUCHDB-2375: Respond with HTTP 400 Bad Request on invalid revision > number > - COUCHDB-2534: db security should respect authed users > - COUCHDB-2732: Use thread local storage for couch_ejson_compare NIF > - COUCHDB-2752: Validate Host header > - COUCHDB-2873: Update snappy to 1.1.3 > - Multiple improvements that we have for replicator > > What I would like to add: > > - COUCHDB-2722: Keys from rewrited query params should be blank when > not specified in the URI > - COUCHDB-2874: Rewrites via query server > - COUCHDB-2877: Return nicer error for bad Authorization header > - Deprecation of /_log > - Deprecation of OAuth auth > - Enable CORS by default: > https://fetch.spec.whatwg.org/#basic-safe-cors-protocol-setup > - Remove Fauxton - AFAIK, it supports 1.x no more and current version > in 1.x.x branch is heavily outdated. > - Mark this release as LTS with short (really) cycle of bug fixes ship > > Questionalbe: > - Add systemd notification support. > > May be we can also include else experimental features, like JWT and/or > Delegated auth. Personally, I would like to see them, but it's all up > to you Klaus and Jan (; > > But even without these experimental features, we have quite long list > of changes to ship. > > The plan is simple: for November get all from backport and add lists > into 1.x.x branch and ship 1.7 in first half of December. Quite good > Christmas Eve present for everyone. Personal deadlines 30th November > and 20th December respectively. > > Since "everyone is busy on 2.0" I'll take care of this. > > P.S. If someone has else important bugfixes on mind to include, please > drop a notice. For 2.0 we have ETOOMANY useful changes, but I would > like to stop only on really important ones. Like replicator ones as I > mentioned. > > -- > ,,,^..^,,, >