This repository has been archived by the owner on Jul 12, 2023. It is now read-only.
v0.26.0
Changes since v0.25.0
Upgrade notes
- If you have not done so already, you need to configure and enable authenticated SMS on the e2e-runner realm.
Enhancements
- Enable Authenticated SMS by default. To disable this functionality, set
ENABLE_AUTHENTICATED_SMStofalse. The ability to disable this feature may be removed in a future release. (#1983, @mikehelmick) - Add Arabic translations for case worker UI. (#1969, @mikehelmick)
- Add translations for email verify pages. (#1999, @sethvargo)
- Add translations for signout and realm selection pages. (#1997, @sethvargo)
- Add translations for the login and password reset pages (#1978, @sethvargo)
- Add translations to change/select password pages. (#1996, @sethvargo)
- Add a warning on realm settings page that when user report is enabled, authenticated SMS should be enabled too. (#1991, @mikehelmick)
- Add guidance for user report SMS template (#1971, @mikehelmick)
- Add middleware to make OS present in request context (#1973, @mikehelmick)
- Don't let greyed out fields be changed in signing keys. Alert when creating a user that already exists. Fix ENX upgrade SMS template text when user-report is enabled. (#1989, @mikehelmick)
- Drop UPDATE privileges on audits table. This makes audit entries immutable (but still deletable). (#1966, @sethvargo)
- In the mobile apps screen, provides a user hint that AppStore redirect should be disabled if there is a custom app and iOS ENX in the same region. (#1977, @mikehelmick)
- Lower data-layer TTLs on background jobs (#1962, @sethvargo)
- Mention links should be clicked on mobile devices and internationalize 404 pages. (#2002, @sethvargo)
- Minify js and css assets on build. (#1992, @sethvargo)
- Move CSRF implementation into session. (#1963, @sethvargo)
- Remove XSS header. This is deprecated by most modern browsers and can cause client-side security issues. (#1961, @sethvargo)
- Return gzipped responses if the client supports gzipped responses. (#1998, @sethvargo)
- Set cache headers on static assets, do not apply middlewares. (#1990, @sethvargo)
- Switch to loading javascript using
deferto minimize load times. (#1988, @sethvargo) - Switch to using
dir="rtl"for right-to-left languages. (#1979, @sethvargo) - Use min versions of intl-tel-input script. (#2000, @sethvargo)
- When invalid codes are attempted to be used, the OS is captured in the realm stats [unknown, ios, android] (#1975, @mikehelmick)
Infrastructure
- Change load balancer https redirect rules to only match known host names, otherwise redirect to UI server. (#1982, @mikehelmick)
- Generates specific host name matches for all ENX redirect subdomains. For anything not matching on the http port, the user set sent to an information page at g.co/ens (#1984, @mikehelmick)
Statistics
- New chart on the realm admin stats page showing the invalid codes entered by operating system. (#1976, @mikehelmick)
Operations
- Centralize X-Forwarded-For processing to get real client IPs (#1964, @sethvargo)
- Cleanup job will run every 15 minutes (#1965, @mikehelmick)
- Do not mark PhoneNumberHMAC as required (#1960, @sethvargo)
- Upgrade to gcloud 335.0.0 in deployment scripts. (#1994, @sethvargo)
Misc
- Check password validity on page load to reduce code duplication. (#1980, @sethvargo)
- Experimental: Adds an optional Web UI that can be launched as an embedded Webview for requesting user initiated verification codes (#2011, @mikehelmick)
Dependencies
Added
Changed
- cloud.google.com/go/firestore: v1.4.0 → v1.5.0
- cloud.google.com/go: v0.79.0 → v0.81.0
- github.com/Azure/azure-sdk-for-go: v52.4.0+incompatible → v53.1.0+incompatible
- github.com/aws/aws-sdk-go: v1.37.30 → v1.38.17
- github.com/chromedp/cdproto: bf465a4 → 0942afb
- github.com/chromedp/chromedp: v0.6.5 → v0.6.10
- github.com/envoyproxy/go-control-plane: fd9021f → 668b12f
- github.com/fatih/color: v1.10.0 → v1.9.0
- github.com/fsnotify/fsnotify: v1.4.9 → v1.4.7
- github.com/golang/groupcache: 8c9f03a → 41bb18b
- github.com/golang/protobuf: v1.4.3 → v1.5.2
- github.com/google/exposure-notifications-server: ecf9dee → v0.26.0
- github.com/hashicorp/vault/api: 38d91b7 → v1.1.0
- github.com/hashicorp/vault/sdk: 8477cfe → v0.2.0
- github.com/jackc/pgconn: v1.8.0 → v1.8.1
- github.com/jackc/pgtype: v1.6.2 → v1.7.0
- github.com/jackc/pgx/v4: v4.10.1 → v4.11.0
- github.com/mattn/go-colorable: v0.1.8 → v0.1.7
- github.com/microcosm-cc/bluemonday: v1.0.4 → v1.0.6
- github.com/mitchellh/go-wordwrap: v1.0.1 → v1.0.0
- github.com/onsi/ginkgo: v1.14.2 → v1.12.0
- github.com/onsi/gomega: v1.10.4 → v1.9.0
- github.com/prometheus/client_golang: v1.9.0 → v1.10.0
- github.com/prometheus/common: v0.19.0 → v0.20.0
- github.com/prometheus/statsd_exporter: v0.20.0 → v0.20.1
- github.com/sethvargo/go-envconfig: v0.3.2 → v0.3.4
- github.com/stretchr/testify: v1.7.0 → v1.6.1
- github.com/ugorji/go/codec: v1.2.4 → v1.2.5
- github.com/ugorji/go: v1.2.4 → v1.2.5
- golang.org/x/crypto: e6e6c4f → 0c34fe9
- golang.org/x/net: e18ecbb → afb366f
- golang.org/x/oauth2: cd4f82c → 2e8d934
- golang.org/x/sys: c6e025a → 5e06dd2
- golang.org/x/text: v0.3.5 → v0.3.6
- golang.org/x/tools: v0.1.0 → 2ac05c8
- google.golang.org/api: v0.41.0 → v0.44.0
- google.golang.org/genproto: 8812039 → e86de6b
- google.golang.org/grpc: v1.36.0 → v1.37.0
- google.golang.org/protobuf: v1.25.0 → v1.26.0
- gopkg.in/yaml.v3: eeeca48 → 9f266ea
- honnef.co/go/tools: v0.1.1 → v0.1.3
Removed
- github.com/agext/levenshtein: v1.2.3
- github.com/apparentlymart/go-dump: 23540a0
- github.com/apparentlymart/go-textseg/v13: v13.0.0
- github.com/apparentlymart/go-textseg: v1.0.0
- github.com/chris-ramon/douceur: v0.2.0
- github.com/gorilla/csrf: v1.7.0
- github.com/hashicorp/hcl/v2: v2.9.1
- github.com/kylelemons/godebug: d65d576
- github.com/nxadm/tail: v1.4.4
- github.com/sergi/go-diff: v1.0.0
- github.com/vmihailenco/msgpack/v4: v4.3.12
- github.com/vmihailenco/msgpack: v3.3.3+incompatible
- github.com/vmihailenco/tagparser: v0.1.1
- github.com/zclconf/go-cty-debug: b22d67c
- github.com/zclconf/go-cty: v1.8.0