This is a feature release.

Deprecations

Authentication with OpenID is deprecated (#1180).
bodhi-untag-branched is deprecated (#1197).
The Update's title field is deprecated (#1542).
Integration with pkgdb is deprecated (#1970).
Support for Python 2 is deprecated (#1871 and #2856).
The /masher/ view is deprecated (#2024).
bodhi-monitor-composes is deprecated (#2171).
The stacks feature is deprecated (#2241).
bodhi-manage-releases is deprecated (#2420).
Anonymous comments are deprecated (#2700).
The ci_url attribute on Builds is deprecated (#2782).
The active_releases query parameter on the Updates query URL is deprecated (#2815).
Support for fedmsg is deprecated (#2838).
Support for Bodhi 1's URL scheme is deprecated (#2869 and #2903).
The /admin/ API is deprecated (#2899).
The fedmsg UI integration is deprecated (#2913).
CVE support is deprecated (#2915).

Dependency changes

This release contains database migrations. To apply them, run:

$ sudo -u apache /usr/bin/alembic -c /etc/bodhi/alembic.ini upgrade head

A new bodhi-shell CLI is included with the server package that initialized a Python shell
with some handy aliases that are useful for debugging Bodhi (#1792).
Updates that obsolete security updates will now be set as security updates themselves
(#1798)
The CLI no longer crashes when creating multiple buildroot overrides in one command
(#2031).
The CLI can now display information about waivers (#2267).
Releases can now be marked as not being composed by Bodhi, which will be useful if we want to use
Bodhi to tag builds into releases without composing those releases, e.g., Fedora Rawhide
(#2317).
BuildrootOverrides are now prevented for builds that fail the test gating status (#2537).
The web interface now displays instructions for installing updates (#2799).
The CLI now has flags that allow users to override the OpenID API URL to use. This is useful
for deployments that aren't for Fedora and also for developers, who can use it to authenticate
against a different OpenID server than Fedora's production instance (Fedora's staging instance is
nice to use for this) (#2820).
The web UI search box uses a slightly longer delay before issuing the search request
(51c2fa8).
Messages can now be published by fedora_messaging, a replacement for fedmsg
(e30c5f2).
Associating updates with private Bugzilla tickets is now handled gracefully (7ac316a).

The bodhi-approve-testing CLI script is now more resilient against failures (#1016).
The update edit page will return a HTTP 403 instead of a HTTP 400 if a user tries to edit an
update they don't have permissions to edit (#1737).
The bodhi CLI now has a --wait flag when creating BuildrootOverrides that will cause
bodhi to wait on Koji to finish adding the override to the buildroot before exiting
(#1807).
The waive button is now displayed on locked updates (#2271).
Editing an update with the CLI no longer sets the type back to the default of bugfix
(#2528).
bodhi-approve-testing now sets up a log handler (#2698).
Some missing commands were added to the bodhi man page (1e6c259).
A formatting issue was fixed in the command line client (996b4ec).

bodhi-ci now has an integration test suite that launches a live Bodhi server, some of its
network dependencies, and tests it with some web and CLI requests (2430433).
bodhi-ci's status report now displays the run time for finished tasks (26af5ef).
bodhi-ci now prints a continuous status report, which is helpful in knowing what it is
currently doing (f3ca62a).
We now do type checking enforcement on bodhi-ci (2c07005).

The following developers contributed to Bodhi 3.13.0: