6. Release History¶
6.1. Release 1.5.2 (2019-11-26)¶
Remove ‘context’ from permission request search.
6.2. Release 1.5.1 (2019-11-21)¶
Improved session protection, it is now optional (default on), and provides more comprehensive logging.
Also logout at Azure AD when logging out of DAS.
Use concurrency defaults more suited to running in Kubernetes.
6.3. Release 1.5.0 (2019-11-14)¶
Switch from syslog to FluentD for audit logging.
Use given_name + family_name as a fallback when name is not available from the Azure AD.
6.4. Release 1.4.7 (2019-11-08)¶
Only log stack traces for internal server errors.
Document audit logging.
Add concurrency configuration statements that control the number of worker processes started, and the size of the database connection pools.
Switch from Azure AD B2B to B2C.
6.5. Release 1.4.6 (2019-10-18)¶
Fix for permission requests not visible when logging in with Azure AD.
6.6. Release 1.4.5 (2019-09-30)¶
Support for logins via Azure AD.
6.7. Release 1.4.4 (2019-09-25)¶
Prevent redirection to http://app. In some cases the user was redirected to this internal URL, e.g. in multi-proxy environments or with IE11.
Increase size limit of details/reason from 1 kB to 1 MB.
6.8. Release 1.4.3 (2019-06-05)¶
Permission request ‘reason’ (string) can be renamed to ‘details’ in old databases. Provide a migration for data in an already installed DAS database.
Provide an entrypoint for permission requests using old style (DSB <= 3.4.6-1) reason strings.
6.9. Release 1.4.2 (2019-06-04)¶
Fix for unavailable DUO login script. Improved build process to include latest version of DUO library, similar to QueryBuilder.
6.10. Release 1.4.1 (2019-05-30)¶
Add searching of permission requests to API.
Fix migration script with removal of decision_token table.
6.11. Release 1.4.0 (2019-04-29)¶
Renamed permission request ‘reason’ (string) to ‘details’ (dictionary). The ‘details’ dictionary can contain e.g. the ‘reason’ key.
Removed decision_tokens. These were needed for deployments without UI, using only email. Emails are now used as notification mechanism.
UI updated to resemble QueryBuilder. Allows user to sort and search permission requests, and approve or deny multiple requests in one go.
Run programs within container as non-root user. Note that this requires setting the user in stack.yml: ‘user: mgrid’. Also note that the port number used inside the container has changed from 443 to 8443.
6.12. Release 1.3.0 (2019-01-24)¶
Added API call for multiple contexts in allowed operations.
6.13. Release 1.2.2 (2019-01-21)¶
Fix conflict on insert of authorisation.
Fix database connection errors on timeout.
Safer use of user-filled variables in templates.
6.14. Release 1.2.1 (2019-01-14)¶
Fix DUO redirection.
6.15. Release 1.2.0 (2019-01-11)¶
MGRID branding update. Added CONTACT_EMAIL setting.
Fix misplaced version footer.
Created same look and feel as QueryBuilder.
Separate settings for logo in UI and emails: LOGO_UI and LOGO_EMAIL.
Added documentation for all settings.
6.16. Release 1.1.6 (2018-12-29)¶
When an approver logs in and has approval rights by membership of a group, the group email address was used in the approval email. Now it uses the personal name and email address.
Move to gunicorn for production WSGI container.
Disallow simultaneous session logins for the same user.
Make session cookies harder to copy.
6.17. Release 1.1.5 (2018-11-20)¶
Create local user if member of group. Previously, the user who was member of a group with approval rights, also needed to be present as an approver with a personal email address.
6.18. Release 1.1.4 (2018-11-08)¶
Allow the approver to be a group email address. At login a users group membership is determined. Then for all groups the email address is retrieved. When approval is concerned, the user’s email addresses associated with his account, and with his groups are considered.
More robust handling of permission responses. If the logged in user is not approver of the permission request, a user-friendly error message is shown.
6.19. Release 1.1.3 (2018-10-22)¶
Redirect / to an appropriate URL.
Remove constraint on context parameter of permission request to allow contexts such as SQL strings.
Add API documentation.
Fix user creation task.
If a request has been previously been set to accepted, and later to denied, it is now no longer presented in accepted requests in the UI.
Fix decision tokens for approvers created after a permission request.
Fix permission denied error on flask_session directory.
6.20. Release 1.1.2 (2018-03-29)¶
Autogenerate data model on start on empty database.
Add version number to footer in application GUI.
At login the form ‘next’ parameter is not always filled.
Email markup compatible with Outlook.
The permission response email for an approver lacked certain links.
Less stringent validation of ‘reason’ in permission request.
Switch from Alpine to Ubuntu container to eliminate musl-libc. Musl-libc has been observed to lose directory entries when accessing network filesystems while in docker.
Use IMG_LOGO setting also for UI.
6.21. Release 1.1.1 (2018-01-15)¶
Provide context in UI
Allow multiple permission_requests as for the same dataset, when context differs.
6.22. Release 1.1.0 (2017-11-28)¶
Add allowed_operations and info resource.
Add reason, approved_message and denied_message to permission_request.
Add approve_token expiration.
Add AD and DUO authentication.
Add UI for dataset authorisations.
Obfuscate code on production.
Fix for deny after approve.
JSON response for HTTP codes 404 and 500.
Return previously provisioned approver on duplicate approver calls.
Allow creation of already existing user, dataset, etc.
Provide feedback on wrong login.
6.23. Release 1.0.0 (2017-05-18)¶