Skip to content
This repository has been archived by the owner on Feb 8, 2023. It is now read-only.

Latest commit

 

History

History
53 lines (43 loc) · 3.46 KB

v201804-1.md

File metadata and controls

53 lines (43 loc) · 3.46 KB
Raw

PTFE Release v201804-1

CHANGELOG

APPLICATION LEVEL FEATURES:

  • GitLab is now supported as a source for Terraform modules.
  • When SAML SSO is enabled, the user session must have an active session to make API commands. The API token timeout may be set site-wide when SSO is enabled.
  • Remove the AuthContextClassRef element from the SAML SSO request so the identity provider's default AuthenticationMethod setting is used.
  • The username of a user can be specified for SAML SSO.
  • Add the ability to connect to SMTP without authentication.
  • We now enforce that ENV variable names conform to typical bash rules (beginning with a letter or underscore, and containing only alphanumerics and underscores) and that Terraform variable names only contain alphanumerics, underscores, and hyphens.
  • Allow ecdsa (EC) and ed25519 (OPENSSH) private keys.
  • Add an API and UI to allow organizations and users to mange their 2FA settings.
  • Revoking a VCS connection or deleting a VCS client now requires confirmation.
  • When a workspace becomes unlinked from its VCS repository, an email is sent to the organization owners.
  • Add ability to cancel in-progress plans and applies.
  • Workspaces can be created without a VCS connection in the UI.
  • A workspace's VCS connection can be edited through the UI and API.
  • Configuration error messages are exposed in the UI and API.
  • Rename workspace "Integrations" page to "Version Control" in UI.
  • Rename organization "OAuth Configuration" page to "Version Control" in UI.
  • Add Azure blob storage support.

APPLICATION LEVEL BUG FIXES:

  • Data cleanup is more reliable via HTTP retries and better exception handling.
  • Fixes issue with registry modules that require deep cloning of git submodules.
  • Fixed an internal server error that prevented some workspaces from being created with specific repsitories.
  • Fixed inline error messages for form fields with multi word labels.
  • Improved error messages in the API and UI when adding an OAuth client.
  • Fixed UI layout widths for widescreen.
  • The email address entered when a user forgot their password is no longer case sensitive.
  • We now redirect back to the OAuth page with error message when there is a failure to connect the client.
  • The UI now clarifies that Bitbucket Server VCS connections require a private SSH key.
  • Fixed missing "Override & Continue" button for Sentinel soft-mandatory policy check failures.
  • Very long lines in statefile diffs are now wrapped in the UI.
  • Flash notices in the UI now auto hide after 3 seconds, instead of 10.
  • Users are redirected to the v2 page they were trying to access after login.
  • Show an error message in the UI instead of a 500 error when an exception occurs while connecting an org oauth client to a VCS provider.
  • Fix a data race that cause some runs to get stuck when using the "Run this plan now" feature.

APPLICATION API BREAKING CHANGES:

  • The Registry Modules creation API has changed. Instead of supplying ingress-trigger-attributes, supply a vcs-repo object. Additionally, instead of supplying a linkable-repo-id, supply a vcs-repo.identifier
  • The linkable-repos resource has been renamed to authorized-repos, so please use that phrase in API requests.
  • Requests which contain invalid include parameters will now return 400 as required by the JSON API spec.

APPLICATION LEVEL SECURITY FIXES:

  • Upgrade loofah gem to 2.2.1 to address CVE-2018-8048.
  • Upgrade rails-html-sanitizer to 1.0.3 to address CVE-2018-374.