diff --git a/UPGRADE.md b/UPGRADE.md
new file mode 100644
index 0000000000..792d9844c4
--- /dev/null
+++ b/UPGRADE.md
@@ -0,0 +1,39 @@
+Upgrade notes
+
+## [28.0.0](https://github.com/CESNET/perun/compare/v27.1.0...v28.0.0) (2023-08-10)
+
+
+### ⚠ BREAKING CHANGES
+
+* authz table was updated
+ALTER TABLE authz ADD COLUMN created_at timestamp default statement_timestamp() not null;
+ALTER TABLE authz ADD column created_by varchar default user not null;
+UPDATE configurations set value='3.2.16' WHERE property='DATABASE VERSION';
+* **core:** column 'global' was added to the attribute_critical_actions table
+Database changelog:
+ALTER TABLE attribute_critical_actions ADD COLUMN global boolean default false not null;
+UPDATE configurations SET value='3.2.17' WHERE property='DATABASE VERSION';
+* **core:** Added created_at and created_by columns to authz table.
+* **core:** New property 'appAllowedRoles' added to the CoreConfig. In perun.properties define 'perun.appAllowedRoles.apps' as a list of names of apps where role limitation is necessary.
+For each app name, define regex which maps to the Referer header of the request coming from the given app and a list of allowed roles. For example:
+perun.appAllowedRoles.apps=registrar
+perun.appAllowedRoles.registrar.reg=^.*/registrar/.*$
+perun.appAllowedRoles.registrar.roles=SELF,MFA
+* **core:** Make sure following registration modules are not used on your instance - Ceitec, EduGain, Elixircz, Sitola and WeNMR.
+
+* fixup! feat(core): extend authz table with audit attributes ([a85de71](https://github.com/CESNET/perun/commit/a85de7144b8022e316aa585f4fbbc8c202bf4bf7))
+* **core:** removed unused registration modules ([32bbba5](https://github.com/CESNET/perun/commit/32bbba58c9d13eca4ae1a316ad69de7ee3a0c16e))
+
+
+### New features and notable changes
+
+* 🎸 BBMRIResources reg. module ([8cee9f6](https://github.com/CESNET/perun/commit/8cee9f607bb73631b565c472b956a678f1964619))
+* 🎸 new RPC method membersManager/sendUsernameReminder ([60eccd0](https://github.com/CESNET/perun/commit/60eccd088924090fc78b71857f2cd4a286c39e94))
+* **core:** allow to set attribute action as globally critical ([da3d1eb](https://github.com/CESNET/perun/commit/da3d1eb24553b11933d259cd33438fe9287a710b))
+* **core:** attribute modul for mfaEnforceSettings ([6de84b7](https://github.com/CESNET/perun/commit/6de84b7e71e1141b91058fadb1fd4abcfa320389))
+* **core:** extend authz table with audit attributes ([1608da5](https://github.com/CESNET/perun/commit/1608da50bd1d62842e5b6d18475bee9f273a63b2))
+* **core:** filter getMembersPage ([9d52d58](https://github.com/CESNET/perun/commit/9d52d5857d0b253218fc2e86a39b85a3df88e534))
+* **core:** last successful propagation ([56d6722](https://github.com/CESNET/perun/commit/56d672243a6b1ebe2733bcc5e153c5af6fcad11e))
+* **core:** remove not allowed roles ([c3654b6](https://github.com/CESNET/perun/commit/c3654b63092e99c212823d60e40f67dbf8e15871))
+* **core:** skip MFA for internal components ([259e284](https://github.com/CESNET/perun/commit/259e284b0e39f89a22983c3d1f2eb153107d2b24))
+* enable facility search for SP reg role ([9274d3c](https://github.com/CESNET/perun/commit/9274d3cb2edb65e1f8e8479b2ea899266bc7a055))
diff --git a/perun-auditlogger/pom.xml b/perun-auditlogger/pom.xml
index 93aa6e43d4..76f162117c 100644
--- a/perun-auditlogger/pom.xml
+++ b/perun-auditlogger/pom.xml
@@ -6,7 +6,7 @@
perun
cz.metacentrum
- 27.1.0
+ 28.0.0
cz.metacentrum.perun
diff --git a/perun-auditparser/pom.xml b/perun-auditparser/pom.xml
index 4bb16e27f2..bb49a316d2 100644
--- a/perun-auditparser/pom.xml
+++ b/perun-auditparser/pom.xml
@@ -6,7 +6,7 @@
perun
cz.metacentrum
- 27.1.0
+ 28.0.0
cz.metacentrum.perun
diff --git a/perun-base/pom.xml b/perun-base/pom.xml
index cc34b6a223..cd2aa8db84 100644
--- a/perun-base/pom.xml
+++ b/perun-base/pom.xml
@@ -6,7 +6,7 @@
perun
cz.metacentrum
- 27.1.0
+ 28.0.0
cz.metacentrum.perun
diff --git a/perun-cabinet/pom.xml b/perun-cabinet/pom.xml
index a10105b1c6..75474191f2 100644
--- a/perun-cabinet/pom.xml
+++ b/perun-cabinet/pom.xml
@@ -6,7 +6,7 @@
perun
cz.metacentrum
- 27.1.0
+ 28.0.0
cz.metacentrum.perun
diff --git a/perun-cli-java/pom.xml b/perun-cli-java/pom.xml
index 8ef8d35eb8..fad6f73e1e 100644
--- a/perun-cli-java/pom.xml
+++ b/perun-cli-java/pom.xml
@@ -7,7 +7,7 @@
perun
cz.metacentrum
- 27.1.0
+ 28.0.0
cz.metacentrum.perun
diff --git a/perun-cli/Perun/Agent.pm b/perun-cli/Perun/Agent.pm
index c3e2a29564..ea9cebfa06 100755
--- a/perun-cli/Perun/Agent.pm
+++ b/perun-cli/Perun/Agent.pm
@@ -1,5 +1,5 @@
package Perun::Agent;
-my $agentVersion = '27.1.0';
+my $agentVersion = '28.0.0';
my $agentVersionMajor;
if ($agentVersion !~ /^(\d+)(?{ $agentVersionMajor = $^N })\..*/i)
{
diff --git a/perun-core/pom.xml b/perun-core/pom.xml
index 198870d331..f3ca5daffd 100644
--- a/perun-core/pom.xml
+++ b/perun-core/pom.xml
@@ -6,7 +6,7 @@
perun
cz.metacentrum
- 27.1.0
+ 28.0.0
cz.metacentrum.perun
diff --git a/perun-dispatcher/pom.xml b/perun-dispatcher/pom.xml
index bbbbf4073e..bdeed62205 100644
--- a/perun-dispatcher/pom.xml
+++ b/perun-dispatcher/pom.xml
@@ -6,7 +6,7 @@
perun
cz.metacentrum
- 27.1.0
+ 28.0.0
cz.metacentrum.perun
diff --git a/perun-engine/pom.xml b/perun-engine/pom.xml
index 539111076f..0e339d98e0 100644
--- a/perun-engine/pom.xml
+++ b/perun-engine/pom.xml
@@ -6,7 +6,7 @@
perun
cz.metacentrum
- 27.1.0
+ 28.0.0
cz.metacentrum.perun
diff --git a/perun-integration/pom.xml b/perun-integration/pom.xml
index 8955fbbad5..db132bf371 100644
--- a/perun-integration/pom.xml
+++ b/perun-integration/pom.xml
@@ -5,7 +5,7 @@
perun
cz.metacentrum
- 27.1.0
+ 28.0.0
4.0.0
diff --git a/perun-ldapc/pom.xml b/perun-ldapc/pom.xml
index 7b30b5edb7..158bc0aa2b 100644
--- a/perun-ldapc/pom.xml
+++ b/perun-ldapc/pom.xml
@@ -7,7 +7,7 @@
perun
cz.metacentrum
- 27.1.0
+ 28.0.0
cz.metacentrum.perun
diff --git a/perun-notification/pom.xml b/perun-notification/pom.xml
index 301f462ada..91410d90d4 100644
--- a/perun-notification/pom.xml
+++ b/perun-notification/pom.xml
@@ -6,7 +6,7 @@
perun
cz.metacentrum
- 27.1.0
+ 28.0.0
cz.metacentrum.perun
diff --git a/perun-openapi/openapi.yml b/perun-openapi/openapi.yml
index 1d021652bd..b251288f5c 100644
--- a/perun-openapi/openapi.yml
+++ b/perun-openapi/openapi.yml
@@ -1,6 +1,6 @@
openapi: 3.0.3
info:
- version: 27.1.0
+ version: 28.0.0
title: Perun RPC API
description: Perun Remote Procedure Calls Application Programming Interface
contact:
diff --git a/perun-openapi/pom.xml b/perun-openapi/pom.xml
index 3760761ebd..6abac73e49 100644
--- a/perun-openapi/pom.xml
+++ b/perun-openapi/pom.xml
@@ -7,7 +7,7 @@
perun
cz.metacentrum
- 27.1.0
+ 28.0.0
cz.metacentrum.perun
diff --git a/perun-registrar-lib/pom.xml b/perun-registrar-lib/pom.xml
index ed3f5365ae..2f22b1c5e0 100644
--- a/perun-registrar-lib/pom.xml
+++ b/perun-registrar-lib/pom.xml
@@ -6,7 +6,7 @@
perun
cz.metacentrum
- 27.1.0
+ 28.0.0
cz.metacentrum.perun
diff --git a/perun-rpc/pom.xml b/perun-rpc/pom.xml
index d1cdd8f9ba..b2d4b6f9cc 100644
--- a/perun-rpc/pom.xml
+++ b/perun-rpc/pom.xml
@@ -6,7 +6,7 @@
perun
cz.metacentrum
- 27.1.0
+ 28.0.0
cz.metacentrum.perun
diff --git a/perun-scim/pom.xml b/perun-scim/pom.xml
index 16823c35df..934f3d255a 100644
--- a/perun-scim/pom.xml
+++ b/perun-scim/pom.xml
@@ -6,7 +6,7 @@
perun
cz.metacentrum
- 27.1.0
+ 28.0.0
cz.metacentrum.perun
diff --git a/perun-web-gui/pom.xml b/perun-web-gui/pom.xml
index 32e6a97f1f..e2f1b9f92d 100644
--- a/perun-web-gui/pom.xml
+++ b/perun-web-gui/pom.xml
@@ -6,7 +6,7 @@
perun
cz.metacentrum
- 27.1.0
+ 28.0.0
cz.metacentrum.perun
diff --git a/pom.xml b/pom.xml
index c4fd19ed3f..2af59d8df0 100644
--- a/pom.xml
+++ b/pom.xml
@@ -7,7 +7,7 @@
cz.metacentrum
perun
- 27.1.0
+ 28.0.0
pom