- Add “proxy” auth policy mode (#3638).
- Implement new form designs for logged out forms under a feature flag (#3640).
- Add hypothesis user add command (#3634) and move admin command under the users subcommand as well (#3632).
- Replace “firstRun” config option with “openSidebar” and “openLoginForm” (#3643).
- Change URL paths for reset password, forgot password and register (#3651).
- Update Hypothesis client to v0.38.0. See https://github.com/hypothesis/client/releases/tag/v0.38.0
- Refactor h.api.search interface, it is now a Search class which can be customized on a per-query basis, the return value also changed to be a new SearchResult (#3622, #3623).
- Update Hypothesis client to v0.36.0. See https://github.com/hypothesis/client/releases/tag/v0.36.0
- Add ability to rename users from admin control panel (#3584)
- Improve the copy on reply notification emails (#3602)
- Fix case sensitivity in user search queries (#3611)
- Move the URLs for account settings from /profile to /accounts (#3604)
- The Hypothesis browser extension has now been moved to its own repository (#3620)
- Update Hypothesis client to v0.35.0. See https://github.com/hypothesis/client/releases/tag/v0.35.0
- Add a missing unique constraint on the user_group join table, and a migration to fix existing databases (#3591).
- Update Hypothesis client to v0.33.0. See https://github.com/hypothesis/client/releases/tag/v0.33.0
- Treat HTTP/HTTPS URLs that are the same except for their protocol as equivalent (#3558).
- Improve performance of real-time updates service (#3574).
- Use consistent terminology for ‘Log in’, ‘Log out’ and ‘Sign up’ actions (#3578).
- Fix missing escaping of user input in server-rendered forms (#3585).
- Prevent browsers disclosing group URLs to websites linked to from groups pages (#3579).
- Fix a problem where data migrations would update annotations’ last-update timestamp (#3586).
- Remove assets that relate to the Hypothesis client. These are now part of the hypothesis/client repository (#3577, #3571)
- Update Hypothesis client to v0.32.0. See https://github.com/hypothesis/client/releases/tag/v0.32.0
- Show annotations and page notes in separate tabs in the sidebar (feature flagged: selection_tabs) (#3504)
- The ‘Share’ action for replies is now a direct link to the parent annotation and its associated conversation in context (#3539).
- Reply notification emails now contain direct links to see the original annotation and its associated conversation in context (#3536).
- Fix adder not responding to selection changes after making a selection which does not contain any text (#3522, #3526).
- Fix incorrect ‘You do not have permission to see this annotation’ message in the client when direct-linking to an annotation in a PDF (#3529).
- Fix annotation cards containing long URLs overflowing their container (#3546).
- Users now get their own clean welcome page when they finish installing the browser extension (#3505).
- The search API can now accept multiple uri parameters and will return annotations made on any of the passed URIs (#3517).
- The annotation client now uses the multiple-uri-parameter feature to ensure that all annotations are loaded on PDFs (#3524).
- Fix an issue where highlights weren’t shown correctly in PDFs (#3531).
- Our brief experiment with using PDF fingerprint URNs as target source properties has ended (#3524).
- Add ‘#annotated’ hashtag to default tweet message to make following annotation activity on social media easier (#3482).
- Unify the ‘About this Version’, ‘Feedback’ and ‘Help’ menu items in the client (#3485).
- Automatically expand the conversation when direct-linking to annotations (#3489).
- Fix group names wrapping onto multiple lines in sidebar (#3469).
- Fix the permalink pages for annotation replies. These now show the complete conversation thread which the reply appeared in, highlighting the reply matching the URL (#3474, #3483).
- Fix annotations without quotes resulting in entire pages or large sections of pages being highlighted (#3475).
- Fix annotations made on PDFs in browsers other than Safari not appearing when the same PDF was viewed in Safari and vice-versa (#3494).
- Record message processing times in realtime update service (#3484, #3486).
- Revert code that loads annotations from database in /api/search which caused the request times for certain URIs to skyrocket (9af5b65).
- Add option to disable the badge on the extension’s toolbar button (#3342).
- Avoid revealing information about the file structure of the user’s system to the Hypothesis service by not saving “file://” URLs with annotations made on PDFs (#3441).
- Fix cursor style for annotation cards (#3463).
- Fix styling of quotes in annotation bodies (#3464).
- Fix annotation adder not being shown if the page already has a selection when Hypothesis is activated (#3453).
- It is now possible to authenticate to the WebSocket using an API token (#3419).
- Improve anchoring of annotations on PDFs by using the PDF fingerprint, when available, instead of the URL (#3404).
- Load annotations from database in streamer server (#3378)
- Remove the “links” field from the search index (#3413).
- Add CLI command for moving existing annotations to a new URL (#3416).
- Show adder in response to selection changes made via touch or keyboard input (#3347)
- Change timestamps in annotation cards to link to the standalone annotation page rather than the original document (#3395)
- Improve presentation of reply threads (#3376)
- Fix client on web pages which define a global variable called “global” (#3385)
- Support relative URLs for the “serviceUrl” parameter in the client specifying the Hypothesis service to connect to (#3381)
- Fix spacing around ‘Share’ icon in annotation cards (#3399)
- Fix display of numbered and bullet-point lists in annotation cards (#3396)
- URL encode Twitter/Facebook/Google share links correctly (#3394)
- Documentation pages now have URLs without a ‘.html’ extension (#3373)
- Remove “direct_linking” feature flag (#3382)
- Remove code that writes to the legacy storage system (#3357)
- Visual improvements to the adder (#3346, #3370)
- Alleviate the issue where not all replies are loaded by increasing the limit to 200 per request (#3374)
- Improved performance and reduced memory usage of the sidebar when using Hypothesis on heavily annotated pages (#3287, #3360).
- We have had to temporarily revert the change which allows authenticating to the WebSocket with API tokens, as this had unintended side-effects preventing cookie authentication to same (3ed6ff3).
- Fix a problem with updating page notes when the ‘postgres’ feature flag was switched on (#3355).
- It is now possible to authenticate to the WebSocket using an API token (#3345).
- The search limit parameter is now clamped within a range of acceptable values (#3341).
- The setting for the WebSocket URL has changed from H_WEBSOCKET_URL to WEBSOCKET_URL (#3329).
- Added a code of conduct to the project repository (e3fad12).
- Numerous important changes to support the upcoming migration of annotation data to PostgreSQL (#3323, #3349, #3350, 4c25cd8).
- New visual design for annotation cards (#3274).
- Annotation cards now display more precise timestamps for annotations which were last changed more than 24 hours ago. (#3247)
- Added hypothesis devserver command which runs all the services needed for a development instance of Hypothesis and multiplexes their output into the terminal (#3307).
- Added hypothesis migrate command to simplify the execution of database migrations (#3319).
- Removed several unused hypothesis subcommands (#3303).
- Added –dev flag to hypothesis command which replaces the need to specify a config file path as an argument to subcommands (#3303).
- Show adder when Hypothesis loads if there is already a text selection on the page (#3257).
- Make annotation adder position itself more intelligently in relation to the selected text and viewport boundaries (#3257).
- Add “indexer” worker queue to handle synchronisation of the search index with the database under the ‘postgres’ feature flag (#3242).
- Fix a syntax error thrown when injecting the Hypothesis sidebar (#3289).
- Link to the Chrome extension on the help page (#3265).
- Major work on storage as we continue to work towards a migration of all annotation data to PostgreSQL (#3262, #3250, #3242).
- Preliminary builds of a Firefox WebExtensions add-on (#3263).
- Remove any empty annotations with no tags or text when creating new annotations (#3214).
- Add a ‘Copy to Clipboard’ button in the annotation share dialog (#3197).
- Add ‘About this version’ panel accessible via Help -> About this version (#3216).
- When activing Hypothesis on a page whose canonical URL has changed since it was first annotated, surface all annotations for that page, not just those made since the page had its current canonical URL (#3241). This fixes an issue where annotations disappeared from WordPress blogs.
- Fix sidebar not scrolling to show Share or Login dialogs when activating them via links in the top bar (#3215).
- Do not treat characters inside math expressions as possible markdown formatting commands (#3208).
- Fix failure to anchor annotations made at the start of PDF pages (#3234).
- Fixed KaTeX font URLs failing to load when rendering math (#3209).
- Handle request failures more gracefully for various network requests made by the sidebar (#3210, #3211).
- Switched real-time message processing from NSQ to RabbitMQ (#3217).
- Fix a bug that prevented the “Post” button from correctly updating its enabled/disabled state when typing an annotation body (#3213).
- Background tasks are now processed by Celery workers rather than our own homebrew worker implementation (#3189).
- Improved display for local files in the “recently annotated documents” list on group pages (#3200).
- Fix the display of documents with multiple possible titles in group pages (#3200).
- More changes to support the migration of annotation data to PostgreSQL (#3203, #3206).
- Annotations are now available in (beta-quality) Web Annotation compatible JSON-LD format via the API (#3181).
- Don’t report expected/unavoidable errors when injecting the sidebar to Sentry (#3186).
- Fix broken links in the admin panel (#3187).
- Fix an infinite loop occasionally triggered by the truncation of long annotations (#3188).
- Numerous major changes to annotation storage as part of the work to migrate annotation data to PostgreSQL (#3153, #3184, #3190, #3199).
- Add a skeleton functional test suite for the web application (#3198).
- Fix a regression in sorting annotations when the sort order is set to ‘Location’ (#3179).
- Clicking on an annotation quote now scrolls the page to that annotation when the quote is collapsed (#3180).
- Add a live reload facility for development of the Hypothesis front-end (#3038).
- Fix a bug that prevented “direct links” to annotations on PDFs from working correctly (#3139).
- Annotation “incontext” links are now generated with the URL of the annotated page appended (#3172).
- Improved iconography for annotation cards (#3116).
- Add “call to action” copy explaining to logged-out users what they’re looking at when viewing a direct-linked annotation (#3124).
- Annotation selections in the sidebar are now preserved across login/logout/account change – this applies to “direct links” in particular (#3133).
- Admin information pages for users now show group memberships (#3138).
- Fixed a typo in the Chrome extension content security policy that caused extension console warnings (#3140).
- Fix a bug that caused worker processes to crash when encountering unexpected exceptions while handling NSQ messages (#3156).
- Sentry error reports from the client code are now configured using a distinct DSN (#3132).
- Elasticsearch client timeouts and gunicorn worker timeouts are now configurable using environment variables (1a6ae98, e0ef808).
- Remove usage of h.accounts.User.status bitfield (#3120).
- Show message when a direct-linked annotation is selected but the annotation is not available (#3093).
- Properly hook up Chrome production extension with production bouncer (#3077).
- The ‘adder’ that appears when selecting text has a new, clearer design, and the toolbar ‘note’ button allows the creation of annotations when a selection has been made (#3078).
- The client can now respond to a URL fragment of the form #annotations:<id> in order to focus and scroll to a specified annotation on page load (#3085).
- The ‘link’ button on annotation cards can now display links to annotations in context on the page where they were made (feature flagged: direct_linking) (#3105).
- Fixed an issue where the client displayed an inconsistent login state when switching accounts with Hypothesis active in multiple tabs (#2924).
- Fixed an issue where private group annotations were not loaded correctly after switching user accounts (#3083).
- The Chrome extension now correctly indicates when it was not injected into a page because another Hypothesis client is already present (#3097).
- Fix cursor position after using editor toolbar buttons to create a new list or quote, if the selection was previously empty and the cursor was positioned at the start of the line (#3114).
- The undocumented window.hypothesisInstall() function has been removed (#3098).
- Substantial improvements to the feature flagging system, reducing the amount of network chatter between the application and the database (#3110, #3115).
- Fixed error when rendering invalid LaTeX markup. As a side effect, the fallback to MathJax rendering for markup that is not supported by KaTeX has been removed for the time being (#3042).
- Render annotation’s text property as empty string instead of null (#3072).
- Split out DocumentMeta type normalisation to only use it in the Postgres migration (#3090).
- Render annotation links in API response (#3081) including an incontext link behind the direct-linking feature flag (#3087).
- Properly hook up Chrome staging extension with staging bouncer (#3077).
- Add a utility script to aid the transition away from CoffeeScript (#3075).
- Remove h.claim package (#3089).
- Clean up old and unused feature flags (#3088).
- Replies are now correctly displayed after creation (#3057).
- Fix a bug that caused annotations to be rendered incorrectly, both in the API (where they had a permission field instead of a permissions field) and in the UI (where they had edit controls they shouldn’t have had) (#3059).
- Fix a bug that caused page notes to be hidden on all pages (#3063).
- Fix compatibility with IE 10, 11.0 and early versions of Microsoft Edge (#3064).
- Restore two-step confirmation for user deletion in admin panel (#3066).
- Early support for serving Content-Security-Policy headers from the application (#3024).
- The annotation text input is focused automatically when new annotations are created (#3041).
- Introduce a presentation layer for the API (#3011, #3047, #3050, #3054).
- Handle deleted annotations in Postgres migration script (#3040).
- Updated the Ubuntu development install instuctions (#3046).
- Upload sourcemaps to Sentry (#3055).
- Enable admins to activate users (#3015).
- Preserve selection when applying block formatting (67409c8).
- Fix a link to our mailing list archive (#3019).
- Fix typo in NIPSA admin template (50abf12).
- Fix tags autocomplete dropdown CSS (#3009).
- Pyramid upgraded to 1.6 (#3034).
- The undocumented API endpoint /api/annotations has been removed (#3036).
- Fix the definition of the bouncer URL match pattern in the Chrome extension manifest (6ce2dad).
- Ensure the streamer routes messages correctly when NSQ_NAMESPACE is set (#3008).
- Fix a blocker bug preventing database transactions from being committed correctly (7ef09c3).
- Major improvements to the behaviour of the websocket server (AKA the “streamer”) under high concurrency (#2996).
- This release contains an all-new build system for the frontend assets, which include the assets for the web service and the browser extension (#2958).
- A second large piece of the work to move annotation storage into PostgreSQL has been merged (#2986).
- Users can now generate long-lived API tokens from their profile page (#2948).
- Correctly detect when the Chrome extension is being installed by an administrative policy and suppress the “welcome page” tab (#2964).
- Fix a crash that prevented signups if the username blacklist was missing (#2954).
- Groups lists are now scrollable – long lists of groups don’t flow off the end of the page and become unreachable (#2973).
- Fix a bug that prevented users from replying to annotations on stream search pages (#2978).
- The icons in the sidebar now load on GitHub and other sites that restrict loading of inline fonts using Content Security Policy. (#2266)
- Attempting to create an annotation in a group of which the logged-in user is not a member will now result in an explanatory error message rather than a 404 (#2981).
- Client upgraded to use Angular 1.5 (#2967).
- An important first tranche of work that will move annotation storage to PostgreSQL has been merged (#2955).
- Source maps are now generated for production builds of the client and front-end assets for easier debugging and better error reporting.
- The download size of the client application has been reduced by 44% from 516KB (minified and gzipped) to 290KB.
- Ensure a useful error is shown when users with unactivated accounts attempt to sign in (#2952).
- Fix an error that would prevent Hypothesis from loading in IE10/11 (#2953).
- Fix an issue where a Hypothesis client that couldn’t connect to the web service would busy-loop (#2916).
- Fix a bug where the “sidebar tutorial” wouldn’t correctly dismiss (#2925).
- Ensure that requests to the badge API correctly send a cookie (#2929).
- Numerous small fixes to the Hypothesis client and Chrome extension (#2933, #2941, #2947).
- The API component of the web application now only accepts API tokens for authentication (#2923).
- Improvements to the handling of unexpected errors in the Chrome extension (#2942).
- Improve messaging for users who click on an activation link more than once, or who visit an activation link when already logged in (#2904).
- Allow administrators to delete user accounts from the admin panel (#2907).
- Fix a character encoding bug that prevented CSV export of groups from the admin panel (#2989).
- Display the correct number of annotations for all users in the admin panel (#2900).
- Suppress an unsightly flash of banner on the stream pages (#2908).
- Fix a bug that prevented editing of group annotations on stream pages (#2911).
- Numerous changes to the build process for the Chrome extension. Command-line flags have changed (#2091, #2913).
- Make it possible to build a client/extension that doesn’t use a websocket endpoint (#2906).
- Move the websocket service into a standalone Pyramid application. This allows the main web application to use a simpler worker type, thus preventing database connection pool exhaustion in high load environments (#2913).
- Move mail delivery to a worker process. This ensures that failures to deliver mail are a) retried, and b) do not trigger transaction rollbacks in web requests (#2903).
- Searching for “group:<groupid>” in the stream pages will now function correctly (#2882).
- Detect when the Chrome extension is being installed by an administrative policy and suppress the “welcome page” tab (#2891).
- Don’t display the “create an account” banner on the stream or standalone annotation pages (#2879).
- Fix a problem where canceling edits to an annotation would revert the annotation to its first known state rather than the state before the edit was started (#2884).
- Fix a problem where multiple clicks on the save button would create multiple near-identical annotations (#2887).
- Add support for Sentry client-side error reporting in the Chrome extension and site code (#2850).
- Strip WebTrends “WT.*” query parameters as part of URI normalization (#2862).
- Removed the incomplete Firefox extension code which had fallen a long way behind Chrome, with the intention of replacing it with one based on WebExtensions in the near future (#2877).
- Fix a bug that prevented the Docker container from correctly starting up (614e6b9).
- Fix a bug that prevented Hypothesis from working on GitHub (#2847).
- Fix a couple of crashing bugs in the Chrome extension (#2849, #2851).
- Fix a bug that caused the wrong group name to display on annotations in the stream (#2854).
- Fix a bug where threads were being shown uncollapsed instead of collapsed initially, and the collapse/uncollapse buttons didn’t work (#2855).
- Strip the proxy prefixes from URLs we know to be proxied (through our “via” service) when normalising (#2861).
- Add a clear “call to action” banner in the sidebar for signed-out users (#2843).
- Avoid truncating annotation cards that exceed the collapsed height by only a small amount (feature flagged: truncate_annotations) (#2859).
- Fix a bug where annotation deletions were not correctly processed by the “real-time” streamer (7daa709)
- Add a tutorial for new users to the sidebar (feature flagged: sidebar_tutorial). (#2824)
- Fix a bug where embedded videos were not always shown (#2828, #2807).
- Fix numerous usability issues and a potential denial-of-service attack associated with password resets (#2803).
- Fix a bug which prevented Hypothesis from being correctly re-activated on a Chrome tab after it navigated (#2838).
- Embedded videos can now be shown fullscreen (#2814, #2816).
- PDF documents can now be detected regardless of file extension (#2834).
- We now clear any “selection” of annotations when a new annotation is created, so the editor is always visible (#2817).
- Various improvements to the appearance of truncated annotations (feature flagged: truncate_annotations) (#2802).
- Links containing underscores within annotations are no longer mangled (#2801).
- Fix a crash when invalid data is sent to the login endpoint (#2793).
- New homepage design (feature flagged: new_homepage) (#2770).
- Change YouTube and Vimeo links into video embeds (feature flagged: embed_media) (#2805).
- Fix broken standalone annotation pages for replies (#2786).
- Fix a bug where realtime updates weren’t delivered to standalone annotation pages for replies if the thread root on that page was also a reply (#2787).
- A number of other small fixes and clean-ups.
- Fix a blocker bug preventing annotations from being created (3d014fc).
- Fix a crash that meant that reply notification emails would not be sent if the annotation replied to had no text (#2771).
- Fix a bug where realtime annotation updates weren’t being sent to logged-out clients (#2776).
- A report on groups is now available in the admin dashboard, which can be downloaded in CSV format (#2764, #2772).
- Banner added to the homepage (#2758).
- The community guidelines are now linked from the signup form (#2760).
- The site now serves a robots.txt file (#2778).
- Fix a problem where messages that were supposed to be sent over the WebSocket on reconnect weren’t (#2746).
- Fix a bug where an old sort control was shown in the sidebar (#2751).
- Fix a bug where creating an annotation before login could result in invalid data being sent to the server (#2754).
- The Hypothesis home page is now served by this application (#2740).
- Annotation data is now validated using JSON Schema (#2745).
- Fix a series of bugs relating to the incorrect handling of replies on the stream pages (#2737).
- Enable highlights by default, everywhere (#2739).
- Fix a bug where unsaved drafts persisted on logout (#2708).
- Fix a bug where annotation permissions/post intent was not preserved when changing between groups (#2717).
- Don’t attempt to update the timestamps of unsaved annotations far too frequently (#2725).
- Fix a bug where a websocket reconnection wouldn’t retransmit its search filter state (#2719).
- Ensure that the permissions (shared/public) of new annotations is correctly preserved when switching between groups (#2713).
- Annotations can now be made and shared in private groups (#2729).
- First steps towards Python 3 compatibility (#2706).
- Old and unused feature flag data is now purged from the database on application startup (#2733).
- Fix a couple of small display issues (#2704, #2710).
- Fix an issue where badge URLs were not correctly encoded before being sent to the server (#2709).
- Fix a problem where occasionally the set of public annotations would be loaded into the initial view rather than the set of annotations for the focused group (feature flagged: groups) (#2684).
- Fix a bug where creating an annotation when signed out (and subsequently signing in and saving it) could result in invalid permissions fields (#2687).
- Fix a problem in Safari where the search box didn’t expand when you clicked on it (#2699).
- Fix improper case-sensitivity for tag searches (e.g. searches for “Tag123” now correctly return annotations tagged with “tag123”) (#2690).
- Ignore the “gclid” query parameter (a Google AdWords click-tracking param) when normalising URLs (72f0509).
- Draft annotations are now preserved when switching from group to group in the sidebar (#2689).
- Improvements to Sentry logging (the current URL, headers, and userid are now recorded with exceptions) (#2697).
- Show the werkzeug debugger on exceptions in development (#2698).
- Fix a problem where an incorrect search query was sent to our server due to semicolons in the page URL (6513184).
- Fix a problem where activating the Chrome extension would obliterate a version of Hypothesis embedded on the page (#2657).
- Fix a visual issue causing the “Clear selection” and “Clear search” buttons to be briefly visible when they shouldn’t have been (#2668).
- Fix a crash triggered when the set of connected WebSocket clients changed while handling a message (#2647).
- Fix a bug where cancelling leaving a group nonetheless resulted in group focus changing (#2669).
- Improved appearance and behaviour of the sort control for annotations (feature flagged: groups) (#2643).
- Replies now inherit the publication scope of their parents. That is: replies to group annotations will go to the same group (#2650).
- Support HTTP conditional responses (ETag/If-None-Match and Last-Modified/If-Modified-Since) under appropriate conditions (#2664).
- Groups landing pages now show a list of recently annotated pages (feature flagged: groups) (#2667).
- Upgrade to Angular 1.4.7 (#2629).
- Account settings and profile forms are now rendered by the server (#2636).
- The Chrome extension can now be built in a way that allows distinguishing between development versions of the extension and production ones (#2639).
- No longer perform the URI expansion step when searching for annotations on URLs which have been marked “canonical”. This hopefully reduces the number of false-positive annotations we load on pages with appropriate metadata (#2652).
- Replace group public IDs (hashids) with randomly generated IDs (#2662).
- Fix a problem where the realtime updates feature would silently stop processing messages on exceptions (#2617).
- Groups in the groups dropdown are always focused, even if their identifier starts with a number (feature flagged: groups) (#2627).
- Improved appearance and behaviour of the controls to clear a selection or a search (#2615).
- Improved appearance and behaviour of the sidebar “top bar” (partially feature flagged: groups) (#2616).
- RSS feed contains authorship information (usernames) (#2621).
- Search query filters revert to default AND behaviour (#2620).
- Joining a group from a signed out state is now easier (#2625).
- Clean up annotated document filenames before display (so “my%20doc.pdf” becomes “my doc.pdf”) (#2597).
- Annotators are now able to select the privacy of their annotations before they are able to save them (#2601).
- The component that fetches feature flag data for the frontend will no longer busy-poll the ajax endpoint if it receives an error (#2612).
- Add the ability to leave a group (feature flagged: groups) (#2588).
- Notify the frontend in real time, using the websocket, when groups are joined/left (feature flagged: groups) (#2591).
- Truncate long annotation quotes and bodies (feature flagged: truncate_annotations) (#2451).
- The Chrome extension is now built using browserify (#2609).
- Accounts forms (login/register/forgot password) are now rendered by the server (#2582).
- Fix a bug where the URL of the annotated page didn’t appear on annotation cards in Safari/IE (#2574).
- Fix the ability to “select” one or more annotations in the sidebar by clicking on a highlight in the page (#2576).
- Introduce a new, clearer “save” button for annotation editing (#2550).
- Add the ability to focus the current view on annotations from a specific group (feature flagged: groups) (#2566).
- Show the filenames of locally annotated files on annotation cards (#2570).
- Improve the appearance of the user flow when joining a group (#2577).
- Deprecate the use of SQLite in development environments (#2579).
- Fix a bug where cancelling a change to an annotation did not reset changes to the annotation text (#2562).
- Fix the broken email notification system (#2558).
- Fix a crash caused by submitting an annotation with null document “link” fields (#2520).
- Removed support for old-style Annotator front-end auth (11135fd).
- URLs in annotation text are now automatically converted to links (#2552).
- Support retrieving comments (“page notes”) through search when using new normalized URI search (feature flagged: groups) (#2549).
- Fix standalone annotation pages failing to display their annotation (92010c1).
- Fix unanchored annotation warnings displaying in the wrong places (feature flagged: show_unanchored_annotations) (#2542).
- Fix a bug where newly created annotations would sometimes disappear from the sidebar for a few moments (#2542).
- Fix display of page titles on some annotation cards (#2533).
- Fix a couple of crashes when annotations were created without expected fields (#2545, #2546).
- Improved group selection menu (feature flagged: groups) (#2514).
- Fix annotation in IE10.
- New and improved Dockerfile built on Alpine Linux, resulting in a substantially smaller built image (down to 250MB from ~750MB).
- Remove the need to patch the global window object (upgrade to dom-anchor-* v2.0.0).
- Added a stream RSS feed at /stream.rss.
- Fixed a regression that prevented infinite scroll from working on the stream.
- Improve scrolling performance by using a fluidly sized body and scrolling the whole document rather than a fixed body.
- Rewrite infinite scroll pagination to use regular HTTP requests instead of WebSocket.
- Clicking on annotation cards and the navigational bucket indicators should work once more in the PDF.js viewer.
- Fixed an issue with timezone localization that caused unnecessary errors to be thrown and caught. Auditing this resulted in a removal of some significant bloat from unnecessary code.
- When sorting annotations by document location the TextPositionSelector information is now used instead of highlight position information. This causes less shuffling and re-rendering on load and when lazy-rendered pages in the PDF.js viewer appear and disappear at the cost of seeing annotations that have changed position or that target content within fixed position containers sometimes appear to be out of order.
- Removed an unnecessary call, originating in the infinite scrolling code, from the sidebar widget.
- Only update the stream websocket filter when there is at least one URI to search. See https://github.com/hypothesis/h/pull/2419
- Don’t give admins permissions globally, but require instead that resources specifically grant privileges to admins. See https://github.com/hypothesis/h/pull/2424
- Ensure that API requests always have a valid token if the user is logged in. See https://github.com/hypothesis/h/pull/2415
- Enable users to create and share groups. See https://github.com/hypothesis/h/pull/2402 and https://github.com/hypothesis/h/pull/2412
- New, experimental URI normalization, accessible by turning on the ‘search_normalized’ feature. See https://github.com/hypothesis/h/pull/2413
- Add a staff user designation and support feature toggles for staff only. See https://github.com/hypothesis/h/pull/2416
- Support feature toggles for admins only. See https://github.com/hypothesis/h/pull/2435
- Improve the scrolling experience when clicking on bucket tabs and annotation cards. The view now scrolls so that the annotation is one fifth of the way down the screen, allowing room for navigation bars but leaving the annotation near the top of the screen.
- Support for the PDF.js viewer shipping in Firefox 40.
- Add a NIPSA service worker definition.
- Support for relative URLs return from document metadata plugins.
- Fix a possible infinite digest cycle in the features client.
- All not found responses now have a 404 status code.
- Support for flagging users as “Not In Public Site Areas” or “NIPSA”. See https://github.com/hypothesis/h/pull/2300
- Support for admin users.
- Support for turning features on only for admins.
- A new administration page for admins.
- Support for the h.autologin feature has been removed.
- Session cookies are now marked as HttpOnly to prevent session stealing by cross-site scripting attacks.
- Share a link to a page with annotations using the Via proxy service. See https://github.com/hypothesis/h/pull/2215
- Make the privacy setting more obvious on new annotations. See https://github.com/hypothesis/h/pull/2322
- Use better security practices when making HTTPS requests. See https://github.com/hypothesis/h/issues/2343
- Make it possible for administrators to enable and disable features without redeploying. See https://github.com/hypothesis/h/issues/2354
- Preliminary support for admin users. See https://github.com/hypothesis/h/pull/2358
- Improve performance, reliability, and responsiveness on complex or dynamic pages, avoiding non-responsive script errors and anchoring failures. See https://github.com/hypothesis/h/pull/2362
- Prevent annotating when not signed in to avoid confusing users with data loss. See https://github.com/hypothesis/h/pull/2361
- Make it possible to embed a guest frame once again, that participates in annotation with an existing sidebar. See https://github.com/hypothesis/h/pull/2340
- Fix formatting issues with the Atom feed. See https://github.com/hypothesis/h/pull/2341 and https://github.com/hypothesis/h/pull/2338
- Fix an issue where badly formatted annotations could break the Atom feed. See https://github.com/hypothesis/h/pull/2345
- Speed up searches by avoiding an extra request on the backend. See https://github.com/hypothesis/h/pull/2346
- Speed up searches by avoiding extra requests on the frontend. See https://github.com/hypothesis/h/pull/2348
- Address several causes of stuck transactions that make migrations difficult and could, in some cases, make the server return errors for many requests. See https://github.com/hypothesis/h/pull/2381
- Fix an issue where failed document equivalence searches resulted in annotations on http://example.com/ being returned. See https://github.com/hypothesis/h/pull/2334
- Avoid some problems caused by annotating the application itself, such as by annotating the stream page.
- User experience and usability improvements. See https://github.com/hypothesis/h/pull/2330 https://github.com/hypothesis/h/pull/2352 and https://github.com/hypothesis/h/pull/2349
- Fix the token command-line tool to generate proper tokens even when the server is running on a port other than the default. See https://github.com/hypothesis/h/pull/2357
- Expand the search API documentation to better describe the available fields for filtering. See https://github.com/hypothesis/h/pull/2344
- Silence SQLAlchemy warnings (#2258)
- Show errors when math parsing fails (#2241)
- Let users change their email address (#2131)
- Fix inappropriate WebSocket error reporting in logs (#2256)
- Support for Python 2.7.9
- Improve extension build documentation (#2265)
- Remove dependency on horus (#2274, #2281, #2284, #2291, #2313, #2312, #2317, #2318)
- Keep CSS for annotator component separate from the site (#2279)
- Prevent environment variables from interfering with tests (#2283)
- Clearly indicate support for using email addresses for login (#2288)
- Improve search code (#2282)
- Improve reporting of form errors (#2290)
- Support anonymous CORS in the API (#2303)
- Remove unnecessary toast messages when editing a user profile (#2310)
- Improve Docker build caching (#2311)
- Upgrade gnsq dependency
- Simplify database session handling (#2320)
- Add NIPSA flag to user table (migration needed!)
- Upgrade to Annotator v1.2.x tip (6536160)
- Hide the widget panel until ready for input (#2207)
- Fix UI z-index to actual maximum (#1909)
- Change annotation card action from ‘share’ to ‘link’
- Add a client-side error when saving an annotation fails
- Snap the sidebar closed as well as open (#2162)
- Put NSQ usage behind feature flag. The API no longer requires NSQ.
- For development, disable WebSocket streaming, email notifications, and NSQ.
- Lots of linting.
- Added support for URL parameters to the Atom feed at
/stream.atom. For example:
- Users can now change their email addresses using the Account form (#2131)
- Add Markdown Editor (#1479)
- Add Math support for annotations (#1558)
- Simpler CSS grid system (#1577)
- Improved Chrome extensions handling of PDF.js viewer (#1563)
- Post-install Welcome page for user onboarding (#1579)
- Switched to Jinja2 for server-side templates (#1628)
- Initial Firefox Addon (#1434)
- Add ./bin/hypothesis reindex command (#1715)
- Rework Back End Authentication and Authorization (#1791)
- Import Annotator (#1856)
- Depend on upstream Annotator (#1866)
- Enable Sentry logging in production environments (#1906)
- Open Graph protocol metadata added to Annotation view (#1921)
- Refactor auth and separate API from main app (#1951)
- Use key derivation to provide secret keys (#1981)
- Add claim account system (#1941)
- Browserify ALL THE THINGS (#1972)
- Add ./bin/hypothesis token command to generate OAuth tokens (#2032)
- Refactor UX (#2031)
- Auto-complete tags (#2042)
- Add Atom feed support for /stream (#2072)
- Improve packaging, bundling and module boilerplate (#2092)
- Google Analytics support (#2139)
- Mobile support (#2137)
- Protect against double embedding/injecting (#2166)
- Add a blocklist of sites h doesn’t work on (#2157)
- Overhaul URI analysis (#2184)
Patch release to upgrade angular.js in light of security vulnerabilities. See http://avlidienbrunn.se/angular.txt
- The token API returns OAuth errors rather than choking (#1406)
- Support for clients before v0.2 has been dropped
- Account deactivation and password change support (#632, #1275)
- Heatmap tabs no longer show reply count.
- HTML emails for reply notifications
- Update dom-text libraries to support PDF.js v1.0.277
- Better tokenization of URIs for search (#1308, #1407)
- Markdown previews (#1418)
- Improved form validation (#1275, #1388, #1394)
- Source citation information on cards in the stream (#1390, #1423, #1425)
- Searching for a bare username works again (#1391)
- Add iconography for privacy settings
- Replace various SVGs with CSS (#1399)
- Drop jQueryUI
- Make clean properly removes only what it should now
- Improve the copy on reply notification emails
- Restyle tags (#1430, #1435)
- Various other usability and style enhancements (#1354, #1410, #1414)
- Searching for tags with spaces does not work
- Standalone annotation page shows stream updates
- Sphinx documentation is broken
- Fix user search (#1391)
- Fix page search
- In some circumstances, Firefox can freeze on initial load.
- Revert to using MANIFEST.in so built assets get shipped in the source release.
- Improve usability of the toolbar (#1268, #1316)
- Make the stream cards interactive (#1281, #1290)
- Make the annotation card on a standalone annotation page interactive (#427)
- Fix race conditions with realtime updates (#1306, #1307)
- Exponential backoff on socket failures (#1291)
- Fix infinite scroll regression on stream
- Add a front end test framework (#240, #1309)
- Revalidate forms when autofilled (#374)
- Introduce environment variable overrides for important settings
- Allow bundling assets of a debug build in the extension (#1230)
- Make it possible to override all templates (#1337)
- Simplify the search entry, getting rid of visualsearch.js (#1326)
- Fix infinite scroll in stream (#1373)
- Fix several reports of broken styles on certain sites (#1372)
- Factor out the identity, session, and authentication system into its own package, making it entirely optional (#1357)
- Remove PDF.js from the Chrome extension until it can be made opt-in (#1384)
- Rework the reply notification emails – still disabled by default (#1378)
- Include missing package data
- Include package data in source distributions
- Fix versioneer issue with Python release packages
- Searchable stream (#719)
- Sidebar search (#606)
- Realtime updates (#356)
- Private annotations and highlights (#530)
- Page level comments (#115)
- Support for tags on annotations (#514)
- Support for annotating PDF.js viewers (#74)
- Chrome and Firefox extensions (#43)
- Addition of unit tests for some modules (#240)
- Support for sharing a sidebar between frames (#778)
- Improved URI search (#1243)
- Improved authentication form errors (#1279)
- Pluggable authentication via pyramid_multiauth (#1167)
- Flash messages (#233)
- Static asset build script (#161)
- Finish registration form flow (#159)
- Separate detail and bucket views (#162)
- Slide-over detail view (#150)
- Use AngularJS (#198)
- Confirm discarding of drafts (#188)
- Markdown support (#91)
- Resizable sidebar (#26)
- Refactoring of horus and SCSS
- Reply counts on threads
- Visual improvements
- Up/down tabs are hidden when count is zero
- Long excerpts are truncated and show with less/more links
- New persona dropdown (tinyman)
- Password reset fixed
- Initial sphinx documentation added
- Replace account system
- Threaded replies
- Sidebar iframe
- Release management
- Miscellaneous gardening
- Set up scaffolding, accounts, annotator