summaryrefslogtreecommitdiff
path: root/CHANGES.md
blob: 9dbaff285dc48f60ad3c66a5b8473930ee9b523a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
Version 0.9.3 - bugfixes
------------------------

* on invalid key upload respond with error and 422 response code
* fix alternate email address dialogue
* publish public key in webfinger
* update translations from transifex
* hand out config.json without auth
* sanity checks on user params
* cleanup temp invites from server tests so they do not clutter admin ui

Version 0.9.2 - bugfixes and invite code tweaks
-----------------------------------------------

Features:

* destroy invites used to create test accounts
* sort invite codes by last update

Bugfix release for 0.9:

* pin to the newest psych gem
* remove better_errors gem
* fix login error message with non en locales

version 0.9.1 - bugfixes
------------------------

Plain bugfix release for 0.9:

* prevent token conflicts
* custom: fix stylesheet customization
* fix: set token in forms correctly

version 0.9 - twitter feed, rails 4 and deprecations
----------------------------------------------------

This release features a great contribution from the Rails Girls Summer of Code:
The landing page of the webapp can now include a twitter feed to display
news from the provider.

Other than that this is a maintainance and transition release.

* Twitter feed on main page (thanks theaamanda and lilaluca).
* upgrade to rails 4.2
* upgrade to bootstrap 3

Upgrading:

* We now use rails 4's `secret_key_base`. Please make sure to supply it
  in config/config.yml for production environments. If you are using the
  leap platform that will already take care of it.

Deprecations:

* We have not seen any active use of the **billing** functionality.
  So we deprecate it and will probably drop it in one of the next releases.
* We will replace the user facing **help desk** functionality with a single
  sign on mechanism to integrate with other help desk systems.
  We will maintain the endpoint to submit tickets and the ticket management
  in the admin interface. That way it should also be easy to create your own
  ticket submission form.
* We deprecate the ability to **signup and login** directly through the webapp.
  We will remove it in the future for security reasons. Signup and Login should
  only happen through bitmask to prevent password phishing and js injections.



version 0.8 - email and RGSoC
------------------------------------------

This release focused on getting all the features needed for a complete
email provider and merging in the work done by Rails Girls Summer of
Code.

* Support for invite codes: admins can require that new
  users present an invite code. If required, the invite code
  cannot be bypassed and is incorporated in the Secure Remote
  Password negotiation. (thanks ankonym, ayajaff).
* Support for customer account billing, including subscriptions.
  (thanks claucece, EvyW).
* Ability to remove, disable, and re-enable users.
  (thanks EvyW).
* Many localization fixes.
* Many bug fixes.

version 0.7.1 - localization
------------------------------------------

Support for localization has been turned on and much improved. Since you
probably don't want to enable all the available languages, make sure to set
`default_locale` and `available_locales` in your configuration file.

When deploying via the LEAP platform, these are controlled via
`default_locale` and `languages` in provider.json.

version 0.7 - rotating DBs
------------------------------------------

CouchDB is not designed to handle ephemeral data, like sessions, because
documents are never really deleted (a tombstone document is always kept to
record the deletion). To overcome this limitation, we now rotate the
`sessions` and `tokens` databases monthly. The new database names are
`tokens_XXX` and `sessions_XXX` where XXX is a counter since the epoch that
increments every month (not a calendar month, but a month's worth of seconds).
Additionally, nagios checks and `leap test run` now will create and destroy
test users in the `tmp_users` database, which will get periodically deleted
and recreated.