Skip to content

Latest commit

 

History

History
286 lines (185 loc) · 9.7 KB

CHANGELOG.rst

File metadata and controls

286 lines (185 loc) · 9.7 KB

Change history

3.0.1 (2025-03-04)

Bugfixes and QOL

  • disabled admin nav sidebar [open-api-framework/#79]

Project maintenance

  • bumped python dependencies: open-api-framework to 0.9.3, commonground-api-common to 2.5.0, django to 4.2.19, cryptography to 44.0.1
  • added bump-my-version to dev dependencies [#152]
  • added workflow to CI to auto-update open-api-framework [#145]
  • updated quick-start workflow to test docker-compose.yml [maykinmedia/objects-api#509, open-api-framework/#104]

3.0.0 (2025-01-22)

Breaking changes

  • removed v1 endpoints [objects-api/issues/#453]

2.3.0 (2025-01-10)

Breaking changes

  • upgraded django-setup-configuration to 0.5.0

Warning

Previous configuration files used for setup_configuration do not work. See the documentation for the available settings that can now be configured through setup_configuration.

  • added support for configuring token authorizations through django-setup-configuration version 0.4.0 [#481]
  • added support for configuring mozilla-django-oidc-db through django-setup-configuration version 0.4.0 [#480]

New features

  • updated OAF version to 0.9.1. This upgrade allows admin users managing their sessions through the admin.

Bugfixes and QOL

  • fixed latest docker image tag not being pushed [open-api-framework/#92]
  • updated zgw-consumers to 0.35.1 [open-api-framework/#66]

Warning

Configuring external services is now done through the Service model. This replaces the APICredential model in the admin interface. A data migration was added to move to the Service model. It is advised to verify the Service instances in the admin to check that the data migration was ran as expected.

Project maintenance

  • security updates [open-api-framework/#93]
  • switched from pip-compile to uv [open-api-framework/#81]
  • implementend open-api-workflows [open-api-framework/#13]

2.2.2 (2024-10-01)

Bugfixes and QOL

  • [#131] Fix API schema not showing caused by CSP errors
  • [#131] Change SameSite session cookie to lax to fix OIDC login not working
  • [#127] Remove the need to manually configure Site.domain for the 2FA app title
  • [#128] Change all setup configuration to disabled by default

2.2.1 (2024-08-29)

New features

  • made user emails unique to prevent two users logging in with the same email, causing an error (maykinmedia/open-api-framework#39)
  • updated open-api-framework to 0.8.0, which includes adding CSRF, CSP and HSTS settings (#124). All new environment variables are added to the documentation

Warning

User email addresses will now be unique on a database level. The database migration will fail if there are already two or more users with the same email address. You must ensure this is not the case before upgrading.

Warning

SECURE_HSTS_SECONDS has been added with a default of 31536000 seconds, ensure that before upgrading to this version of open-api-framework, your entire application is served over HTTPS, otherwise this setting can break parts of your application (see https://docs.djangoproject.com/en/4.2/ref/middleware/#http-strict-transport-security)

Bugfixes and QOL

  • fixed CSS style of help-text icon in the Admin (open-zaak/open-notificaties#150)
  • bumped python dependencies due to security issues: django, celery, certifi, maykin-2fa, mozilla-django-oidc-db, sentry-sdk, webob and others (#122, #123)

2.2.0 (2024-06-27)

New features

  • added name and name_plural fields to objecttype admin list view (#111)
  • added the createinitialsuperuser command (#92)
  • added SUBPATH environment variable to the docker compose setup (#108)

Warning

Two-factor authentication is enabled by default. The DISABLE_2FA environment variable can be used to disable it if needed.

Warning

Because the caching backend was changed to Redis, existing deployments must add a Redis container or Redis instance (see Installation > Environment configuration reference in the documentation on how to configure) the connection with Redis.

Warning

The service name for Elastic APM is now configurable via the ELASTIC_APM_SERVICE_NAME environment variable. The default value changed from Objecttypes API to objecttypes - <ENVIRONMENT>.

Warning

The following defaults for environment variables changed for the docker settings, be sure to override them:

  • DB_NAME: objecttypes -> postgres
  • DB_USER: objecttypes -> postgres
  • DB_PASSWORD: objecttypes -> ""

Bugfixes and QOL

  • updated to Django 4.2 (objects-api#385)
  • updated python to 3.11 (#117)
  • changed caching backend from LocMem to Redis
  • fixed Application groups admin changelist page (#116)
  • upgraded open-api-framework to 0.4.2 (#116)
  • upgraded various python libraries due to security issues (#109)
  • fixed objecttype admin searching with invalid UUIDs (objects-api#361)
  • updated changelog regarding ELASTIC_AP_SERVICE_NAME and changes to default values (#113)
  • merged the docker-compose-quickstart.yml with docker-compose.yml (#110)
  • refactored various settings and configurations (#102)
  • added Trivy image scanning and add publish CI step (#107)
  • fixed CodeQL CI action (#106)
  • fixed the styling for OIDC login (#105)

2.1.3 (2024-05-03)

Bugfix release

This release addresses a security weakness.

  • [GHSA-3wcp-29hm-g82c] replaced PK for Token model.

2.1.2 (2024-02-06)

Bugfixes and QOL

  • added USE_X_FORWARDED_HOST environment variable (#353)
  • added email environment variables (#366)

2.1.1 (2024-02-06)

Bugfixes and QOL

  • added ENVIRONMENT environment variable (maykinmedia/objects-api#310)
  • updated python to 3.10 (#94)
  • bumped Django to 3.2 (#88)
  • removed hijack library (#88)
  • replaced vng-api-common with commonground-api-common library (#88)
  • updated base for docker image from Debian 10 to Debian 12 (#94)
  • bumped python libraries mozilla-django-oidc, mozilla-django-oidc-db (#94)
  • fixed name of the folder in INSTALL.rst (#86)

2.1.0 (2022-06-24)

Component changes

  • New features
  • Bugfixes and QOL
    • removed boostrap from the landing page (maykinmedia/objects-api#294)
    • bumped to newer versions of pyjwt (#84), babel, lxml, waitress (#80), django (#79), mozilla-django-oidc-db (#74), pillow (#77)
    • remove swagger2openapi from dependencies (#79)
    • fixed Elastic APM configuration (#82)
    • fixed session key name (#78)

API 1.2.0 changes

API 2.1.0 changes

2.0.0 (2021-10-04)

Component changes

  • Supports API 2.0.0 and API 1.1.1
  • New features
    • supported importing of objecttypes from the url in the Objecttypes Admin (#63)
    • added two-factor authentication for the Objecttypes Admin (maykinmedia/objects-api#232)
  • Bugfixes and QOL
    • bumped to newer versions of django, django-debug-toolbar, sqlparse, pillow (#65)
    • fixed widget for JSON schema in the Objecttypes Admin (maykinmedia/objects-api#253)

API 2.0.0 changes

1.1.1 (2021-08-17)

New features

Bugfixes and QOL

  • Fixed OAS generation: remove unrelated error response bodies and headers (#56)
  • Bumped to newer versions of Django, urllib3, Django Debut Toolbar including security fixes (#61)

1.1.0 (2021-04-21)

New features

Bugfixes

  • Bumped to newer versions of Django, Jinja2, Pillow, PyYAML, pip-tools including security fixes (#47, #48, #49, #50, #54)
  • Fixed a crash when creating a new version of the objecttype with the incorrect url (maykinmedia/objects-api#121)
  • Fixed a crash when opening an objecttype without versions in the admin (maykinmedia/objects-api#144)

Deployment tooling / infrastructure

Documentation

All documentation is added to https://github.com/maykinmedia/objects-api/docs and included in the Objects API CHANGELOG

  • added sections with general intoduction to the API, the description of the object type versions and JSON Schema validation into the OAS (maykinmedia/objects-api#106)

1.0.0 (2021-01-13)

🎉 First release of Objecttypes API.