This repository has been archived by the owner on Jul 12, 2023. It is now read-only.
v0.17.0
Release notes for main
Changelog since v0.16.1
Changes by Kind
Bulk Code Issue Client
- Throttle batches for bulk code issuance (#1128, @whaught)
- Realm setting to allow/disallow bulk upload (#1105, @whaught)
- Cancel remaining bulk upload when throttled by the server (#1125, @whaught)
Security Improvements
- Do not display passwords in HTML forms (#1163, @sethvargo)
- Do not trust responses from the server to contain HTML (#1164, @sethvargo)
- Do not use show-password on sentinel forms (#1174, @sethvargo)
- Don't serve session cookie over javascript, restrict retry storage to 24h (#1165, @sethvargo)
- Only trust HTTP Referer from same origin domain (#1175, @sethvargo)
- Document that creds are for tests only (#1161, @sethvargo)
- Fully revoke signout tokens and update last_revoke_checked (#1167, @sethvargo)
Postegres 13 Upgrade
- *Potentially breaking- - Upgrade code and tests to use Postgres 13, change default database in Terraform to Postgres 13. This will cause Terraform to try and delete the database - set
database_version
toPOSTGRES_12
before applying! (#1137, @sethvargo) - Environment variable for maintenance mode (#1142, @whaught)
- Maintenance mode block issue and verify requests. Adds a banner to the header. (#1143, @whaught)
- Parameterize database_version in Terraform configuration (#1132, @sethvargo)
Alerts
- Add scaffolding for query param alert (#1187, @sethvargo)
- Added fast error budget burn alert and corresponding documentation. (#1101, @yuriatgoogle)
- Added slow error budget burn (5% consumed in 6 hours) alert. (#1120, @yuriatgoogle)
Internationalization
- Add REGION to .env (#1173, @sethvargo)
- Add internationalization framework (no supported translations yet) (#1107, @sethvargo)
- Add locales to Docker image (#1122, @sethvargo)
Auditing
- **Warning!*- - Enable and configure pgaudit. You *must- run the Terraform configuration changes before deploying this commit with migrations. (#1176, @sethvargo)
- Generate an audit entry when quota is increased (#1124, @sethvargo)
UI Improvements
- Mark e2e and testing events as "test" to filter them out from audit entries. (#1183, @sethvargo)
- Truncate long event entries in UI (#1134, @sethvargo)
Fixes
- Ensure code status is retained for 14 days, but the code itself is zeroed at 48h (#1178, @whaught)
- Set timeouts on rawSQL before gorm (#1156, @sethvargo)
- Stop processing after the controller returns an error in admin statistics pages. (#1184, @sethvargo)
- Lookup realm before passing in ID (#1185, @sethvargo)
Uncategorized
- Cleanup for old users who have no realms and have aged out. This clears their DB information, but not their auth. (#1135, @whaught)
- Default max test/symptom age is 28 days (#1154, @mikehelmick)
- /home paths redirect to /codes (#1102, @sethvargo)
Dependencies
Added
- github.com/agext/levenshtein: v1.2.1
- github.com/apparentlymart/go-dump: 23540a0
- github.com/apparentlymart/go-textseg/v12: v12.0.0
- github.com/apparentlymart/go-textseg: v1.0.0
- github.com/hashicorp/hcl/v2: v2.7.0
- github.com/kylelemons/godebug: d65d576
- github.com/leonelquinteros/gotext: v1.4.0
- github.com/sergi/go-diff: v1.0.0
- github.com/vmihailenco/msgpack: v3.3.3+incompatible
- github.com/zclconf/go-cty: v1.2.0
Changed
- github.com/google/exposure-notifications-server: v0.16.0 → v0.17.0
- github.com/mikehelmick/go-chaff: v0.3.0 → v0.4.1
- golang.org/x/tools: 079ba7b → 1d69943
Removed
Nothing has changed.