Releases: uc-cdis/fence
Releases · uc-cdis/fence
Major update to Flask and other dependencies
Release Notes
For: uc-cdis/fence
Notes since tag: 8.0.1
Notes to tag/commit: 0304957
Generated: 2023-05-04
Breaking Changes
- Removed most Prometheus support (#1086)
Improvements
- Remove out of date Flask SQLAlchemy session handling library and refactor
session management to use a recommended pure Flask + SQLAlchemy approach
that is thread-safe (#1086) - The
DELETE /data/<GUID>endpoint now supports resolving and deleting a
GUID without its prefix (#1094) - add backoff to Google Group API calls (#1081)
Dependency Updates
- Update to next major version of Flask, alongside many other updates to
support that (#1086) - Update to latest Werkzeug for security (#1086)
- Remove libmhash2 dependency (#1093)
Deployment Changes
- Allow setting
INDEXD_PASSWORDvia environment variable. (#1092)
Usersync Google failure resiliency
8.0.0
Release Notes
For: uc-cdis/fence
Notes since tag: 7.3.1
Notes to tag/commit: 8.0.0
Generated: 2023-04-21
New Features
- Add the
ENABLE_VISA_UPDATE_CRONsetting (#1087)
Breaking Changes
- The default value for the
GLOBAL_PARSE_VISAS_ON_LOGINsetting is now
Falseinstead ofNone. By default, parsing visas on login is now
disabled and theparse_visasparameter cannot be used (#1087)
Bug Fixes
- Fix access for rotated client credentials (#1090)
- Fix
fence-create google-bucket-createwhen the project does not exist
(#1077)
Improvements
- Add details to client_credentials and user.yaml docs (#1082)
- Use libraries functionality for automatically adding ssh keys (#1078)
Deployment Changes
- Systems that use visas parsing must update their Fence configuration to set
ENABLE_VISA_UPDATE_CRONtoTrueand setGLOBAL_PARSE_VISAS_ON_LOGIN
to eitherTrueorNone(#1087)
7.3.1
Release Notes
For: uc-cdis/fence
Notes since tag: 7.3.0
Notes to tag/commit: 7.3.1
Generated: 2023-03-02
Bug Fixes
- Fix "non-unique client name" migration to delete all the "unique client
name" constraints it finds, instead of assuming there is exactly one
(#1075)
Improvements
- Add project id format check in usersync (#1067)
Dependency Updates
- various updates to cryptography/future/pyjwt (#1073)
fence-create client-rotate
Release Notes
For: uc-cdis/fence
Notes since tag: 7.2.0
Notes to tag/commit: 7.3.0
Generated: 2023-02-03
New Features
- Use the
fence-create client-rotatecommand to receive a new set of
credentials for a client without deleting the old credentials first. This
allows for a rotation without downtime. (#1068)
Deployment Changes
- Requires a Fence DB migration (#1068)
Python 3.9
7.1.0: Merge pull request #1061 from uc-cdis/feat/cookies-secure
7.0.0
Release Notes
For: uc-cdis/fence
Notes since tag: 6.1.1
Notes to tag/commit: 7.0.0
Generated: 2022-12-02
New Features
- Add
--expires-inparameter to thefence-createclient-createand
client-modifycommands to specify the number of days in which in a client
expires (#1057) - Add the
fence-create client-delete-expiredcommand to remove expired OIDC
clients and optionally post warnings in Slack (#1057) - Allow specifying the bucket to upload to (endpoints
/data/uploadand
/data/upload/<GUID>) (#1051)
Breaking Changes
- Default session expiration changed from 30 minutes to 15 minutes to comply
with FedRAMP (#1040)
Bug Fixes
- sort expired tokens so all expired ones get deleted and valid one gets used
(#1058)
Improvements
- ensure deletion of expired tokens from the database (#1050)
- Update users'
_last_authat login (#1027) - Use blue Gen3 logo (#1054)
- Removing Veracode scanning pipeline (#1052, #1053)
- Return a 500 error instead of a 401 error when an S3 bucket is not
configured properly (#1051) - Update the default filename generated by the
GET /data/upload/<GUID>
endpoint (#1042) - Raise errors so usersync does not fail silently (#1042)
- temporarily do not block on security flags until we update to Python 3.9
(#1044) - Switches to using Github Actions for CI (#1043)
- Adds Superlint vs. Wool (#1043)
- Adds Secrets Detection in line for additional coverage (#1043)
- Adds Poetry Vuln Coverage (#1043)
Deployment Changes
- Configure the
ALLOWED_DATA_UPLOAD_BUCKETSsetting to allow users to
upload to buckets other thanDATA_UPLOAD_BUCKET(#1051) - B/c the default session expiration changed from 30 minutes to 15 minutes to
comply with FedRAMP, you MUST ensure that an instance that should comply
with FedRAMP does NOT override this fence configuration (e.g. it should be
15 minutes)SESSION_TIMEOUT: 900(#1040)
6.1.1
Release Notes
For: uc-cdis/fence
Notes since tag: 6.1.0
Notes to tag/commit: d05f94c
Generated: 2022-09-08
Bug Fixes
- Fix intermittent issue with db cache containing info that can't be loaded
into JSON (#1037)
Dependency Updates
- Update poetry install in travis.yml due to
https://python-poetry.org/blog/announcing-poetry-1.2.0a1/#deprecation-of-the-get-poetrypy-script
(#1037)
6.1.0
Release Notes
For: uc-cdis/fence
Notes since tag: 6.0.1
Notes to tag/commit: 6177892
Generated: 2022-08-17
New Features
- Support the OAuth2 "client credentials" grant (#1033)
- Support "client credentials" tokens that are not linked to a user in the
presigned URL endpoint for files in S3 (#1033) - Add non-dbgap whitelist support in usersync. (#1020)
- Use Alembic for DB migrations (#1029)
Improvements
fence-create client-createnow outputs the whole stacktrace in case of
error (#1033)
Deployment Changes
- Requires a Fence DB migration (
Client.redirect_uriis now optional)
(#1033)
Bug Fixes
- Fix
test_user_sync_with_visa_sync_jobflakiness by generating unique
jti,txnfields for every mocked passport (#1030)
Dependency Updates
- cryptography and others (#1032)