Roundup Issue Tracker

Download: Display current version of Roundup on PyPI. Badge displaying number of downloads per month. Graphic displaying size of newest docker image on hub.docker.com. Build Status: Status of primary regression test job on github.

Roundup is an issue-tracking system that boasts a user-friendly interface and easy installation process. It offers a range of interfaces, including command-line, web, REST, XML-RPC, and e-mail, making it a versatile solution for issue tracking. The system is based on the award-winning design by Ka-Ping Yee, which emerged victorious in the Software Carpentry “Track” design competition.

Roundup is highly customizable, allowing users to tailor the system to their specific needs and preferences.

The latest stable version of Roundup is 2.5.0, which includes bug fixes and additional features compared to the previous 2.4.0 release.

Roundup is compatible with Python 3.7+.

Python 2 Support

Python 2 support ends with release 2.4.0 (July 2024). Several Continuous Integration (CI) services are discontinuing their resources for testing with Python 2. Use Python 3 for the deployment of new trackers. Existing trackers should be upgraded to use Python 3.

Release Highlights

Some improvements from the 2.4.0 release are:

  • XSS vulnerability with devel and responsive templates fixed

    Just before release an XSS security issue with trackers based on the devel or responsive templates was discovered. The updating directions include instructions on fixing this issue with the html templates from earlier releases. (CVE-2025-53865)

  • The property/field advanced search expression feature has been enhanced and documented.

    Search expressions are usually built using the expression editor on the search page. They can be built manually by modifying the search URL but the RPN search expression format was undocumented. Errors in expressions could return results that didn’t match the user’s intent. This release documents the RPN expression syntax, adds basic expression error detection, and improves error reporting.

  • The default hash method for password storage is more secure.

    We use PBKDF2 with SHA512 (was SHA1). With this change you can lower the value of password_pbkdf2_default_rounds in your tracker’s config.ini. Check the upgrading documentation for more info. (Note this may cause longer authentication times, the upgrade doc describes how to downgrade the hash method if required.)

  • Roundup’s session token is now prefixed with the magic ``__Secure__`` tag when using HTTPS.

    This adds another layer of protection in addition to the existing Secure property that comes with the session cookie.

  • Data authorization can be done at the database level speeding up display of index pages.

    Roundup verifies the user’s authorization for the data fetched from the database after retrieving data from the database. A new optional filter argument has been added to Permission objects. When the administrator supplies a filter function, it can boost performance with SQL server databases by pushing selection criteria to the database. By offloading some permission checks to the database, less data is retrieved from the database. This leads to quicker display of index pages with reduced CPU and network traffic.

  • The REST endpoint can supply binary data (images, pdf, …) to its clients.

    Requesting binary data from a REST endpoint has been a hassle. Since JSON can’t handle binary data, images (and other binary data) need to be encoded. This makes them significantly larger. The workaround was to use a non-REST endpoint for fetching non-text attachments. This update lets the REST endpoint return raw message or file content data. You can utilize the binary_content endpoint along with an appropriate Accept header (e.g. image/jpeg) in your request.

  • Extract translatable strings from your tracker easily.

    The roundup-gettext tool has been enhanced to extract translatable strings from detectors and extensions. This will simplify the process of translating your trackers.

More info on the 42 changes can be found in the change notes.

Roundup Use Cases

For more information on Roundup see the features list, design overview, and all the other documentation. Roundup has been deployed for:

  • bug tracking and TODO list management (the classic installation)

  • customer help desk support (with a wizard for the phone answerers, linking to networking, system and development issue trackers)

  • issue management for IETF working groups

  • sales lead tracking

  • conference paper submission and double-blind referee management

  • weblogging (well, almost :)

  • thing management using the GTD methodology.

…and so on. It’s been designed with flexibility in mind - it’s not merely another bug tracker.

Try It Out

Roundup ships with a demo tracker to play with - you don’t need to install Roundup. After you’ve unpacked the source, just run “python demo.py” and load up the URL it prints out!

Follow the source gratification mode with these steps (change the -2.4.0 version identifier to match your downloaded file).

  1. python3 -m pip download roundup

  2. tar -xzvf roundup-2.4.0.tar.gz

    • if you don’t have a tar command (e.g windows), use:

      python -c "import tarfile, sys; tarfile.open(sys.argv[1]).extractall();" roundup-2.4.0.tar.gz

  3. cd roundup-2.4.0

  4. python3 demo.py

(The source download can also be used to create a custom Docker image.)

Alternatively, you can install using a virtual environment with pip by:

  1. create a virtual environment with:

    python3 -m venv roundup

  2. activate the environment with (assuming your shell is sh/bash/zsh/ksh like):

    . roundup/bin/activate

  3. install the latest release of Roundup with:

    python3 -m pip install roundup

  4. create a demo tracker with:

    roundup-demo

    using ./demo as the directory and the classic tracker.

  5. load the URL printed by the demo tracker

  6. when you are done, use deactivate to return your shell to using the system python.

Both of these methods produce the same result.

Origin Story

Roundup was originally released as version 0.1.1 in late August, 2001. The first change note written said:

Needed a bug tracking system. Looked around. Tried to install many Perl-based systems, to no avail. Got tired of waiting for Roundup to be released. Had just finished major product project, so needed something different for a while. Roundup here I come…