This repository has been archived by the owner on Jul 12, 2023. It is now read-only.
v1.2.0
Release notes for exposure-notifications-verificaiton-server
Changelog since v1.1.0
Changes by Kind
Security
This was first patched, in v1.1.2, but is being repeated here
- SECURITY PATCH! This release fixes an issue where users or API keys with permission to expire verification codes could have expired codes that belonged to another realm if they guessed the UUID.
Enhancement
- Add human vetted translations for
my
(#2254, @mikehelmick) - Allows for a max latency injected for chaff requests, default is set to 1000 ms and is configurable. (#2279, @mikehelmick)
- System administrators can now remove a phone number from the user report deduplication list before the phone number ages out. (#2270, @mikehelmick)
- Add a global configuration option (applies to all realms) to configure the number of standard deviations away from the norm before behavior is consider an anomaly. You can configure this value by setting
ANOMALY_ALLOWED_STDEVS
on theserver
andmodeler
components to any positive float value. The default value is 2.0. (#2281, @sethvargo) - Add more documentation for SMS error statistics. (#2259, @sethvargo)
- Add sms errors chart to realm guide (#2282, @sethvargo)
- Adds user report translations for AF and ZU. (#2280, @mikehelmick)
- Allows HTTP GET request method (in addition to POST) for initiating the user report webview. The API key and nonce must still be passed as HTTP headers (unless dev mode is also enabled). dev mode should NOT be enabled in production to avoid logging the API key query params. (#2260, @mikehelmick)
- Ensure there is only one E2E realm and prohibit naming realms similarly to avoid confusion. (#2286, @sethvargo)
- Ensure validation errors always return an HTTP 422 response code for the web interface. (#2276, @sethvargo)
- Fix an issue with rendering charts when realms had less than 30 days worth of key server statistics. (#2269, @sethvargo)
- Fix parameters for the CodesClaimedRatioAnomaly and ElevatedSMSErrors alerts (#2266, @bschlaman)
- Ignore e2e realm in anomaly notifications. (#2284, @sethvargo)
- Improve performance for redrawing charts when the browser window is resized. (#2255, @sethvargo)
- Make Cloud Scheduler timezone configurable in Terraform via
var.cloud_scheduler_timezone
and update the default value to UTC time. (#2262, @sethvargo) - NotifyAnomalies and EnableSMSErrorWebhook are now enabled by default and cannot be disabled. (#2257, @sethvargo)
- Return more detailed responses on code expiration errors. Only return 500 on server-side errors. (#2264, @sethvargo)
Dependencies
Added
Nothing has changed.
Changed
- github.com/google/exposure-notifications-server: v1.1.0 → v1.2.0
- github.com/mikehelmick/go-chaff: v0.5.0 → v0.6.0
Removed
Nothing has changed.