Skip to content
This repository has been archived by the owner on Jul 12, 2023. It is now read-only.

v1.2.0

Compare
Choose a tag to compare
@mikehelmick mikehelmick released this 16 Nov 17:11
· 92 commits to main since this release
5005e2a

Release notes for exposure-notifications-verificaiton-server

Changelog since v1.1.0

Changes by Kind

Security

This was first patched, in v1.1.2, but is being repeated here

  • SECURITY PATCH! This release fixes an issue where users or API keys with permission to expire verification codes could have expired codes that belonged to another realm if they guessed the UUID.

Enhancement

  • Add human vetted translations for my (#2254, @mikehelmick)
  • Allows for a max latency injected for chaff requests, default is set to 1000 ms and is configurable. (#2279, @mikehelmick)
  • System administrators can now remove a phone number from the user report deduplication list before the phone number ages out. (#2270, @mikehelmick)
  • Add a global configuration option (applies to all realms) to configure the number of standard deviations away from the norm before behavior is consider an anomaly. You can configure this value by setting ANOMALY_ALLOWED_STDEVS on the server and modeler components to any positive float value. The default value is 2.0. (#2281, @sethvargo)
  • Add more documentation for SMS error statistics. (#2259, @sethvargo)
  • Add sms errors chart to realm guide (#2282, @sethvargo)
  • Adds user report translations for AF and ZU. (#2280, @mikehelmick)
  • Allows HTTP GET request method (in addition to POST) for initiating the user report webview. The API key and nonce must still be passed as HTTP headers (unless dev mode is also enabled). dev mode should NOT be enabled in production to avoid logging the API key query params. (#2260, @mikehelmick)
  • Ensure there is only one E2E realm and prohibit naming realms similarly to avoid confusion. (#2286, @sethvargo)
  • Ensure validation errors always return an HTTP 422 response code for the web interface. (#2276, @sethvargo)
  • Fix an issue with rendering charts when realms had less than 30 days worth of key server statistics. (#2269, @sethvargo)
  • Fix parameters for the CodesClaimedRatioAnomaly and ElevatedSMSErrors alerts (#2266, @bschlaman)
  • Ignore e2e realm in anomaly notifications. (#2284, @sethvargo)
  • Improve performance for redrawing charts when the browser window is resized. (#2255, @sethvargo)
  • Make Cloud Scheduler timezone configurable in Terraform via var.cloud_scheduler_timezone and update the default value to UTC time. (#2262, @sethvargo)
  • NotifyAnomalies and EnableSMSErrorWebhook are now enabled by default and cannot be disabled. (#2257, @sethvargo)
  • Return more detailed responses on code expiration errors. Only return 500 on server-side errors. (#2264, @sethvargo)

Dependencies

Added

Nothing has changed.

Changed

Removed

Nothing has changed.