Skip to content
This repository has been archived by the owner on Jul 12, 2023. It is now read-only.

Releases: google/exposure-notifications-verification-server

v1.6.0

31 Jan 15:56
@sethvargo sethvargo
v1.6.0
e6c8b91
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.6.0

Dependencies

Added

Nothing has changed.

Changed

Removed

Nothing has changed.

Assets 2
Loading

v1.5.2

20 Jan 18:03
@sethvargo sethvargo
v1.5.2
18cf212
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.5.2

Emailer

  • Fix an issue where BCCed addresses would incorrectly appear on the email envelope, defeating the purpose of BCC. (#2325, @sethvargo)
  • Fix an issue where CC and BCC recipients were not included in the email envelope for system alerts. (#2324, @sethvargo)

Dependencies

Added

Nothing has changed.

Changed

Nothing has changed.

Removed

Nothing has changed.

Assets 2
Loading

v1.5.1

18 Jan 16:58
@sethvargo sethvargo
v1.5.1
4b8481e
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.5.1

Changes since v1.5.0

Bugs

  • Fix a bug with the sms anomalies emailer where it may fail after the first run.

Changes since v1.4.0

UI

  • Add explanation for possible delta in token claim / publish rate due to iOS user-report behavior (#2309, @bschlaman)

Operations

  • Add functionality for sending alert emails to realm contacts for SMS and code anomalies. This removes the server operator from the loop in alerting realms of potential issues with SMS error rates or code claim ratios. However, this does require configuration and setup. If you previously enabled twilio ignored codes, remove the ignored_twilio_error_codes definition from your Terraform. For detailed setup instructions, see https://github.com/google/exposure-notifications-verification-server/blob/main/docs/production.md#setup-system-emails. This introduces a new service, emailer. When deploying, run terraform taint module.en.null_resource.build to ensure the new service is built. The initial Terraform deployment may fail with errors about a missing metric. After you configure the emailer as noted above, update the Terraform configuration for module the en and en-alerting module and set enable_emailer = true, then run Terraform a second time and it will succeed. If you restrict ingress traffic, also ensure add the revision annotation "run.googleapis.com/ingress" : "all" to the emailer service. (#2308, @sethvargo)
  • Add support for setting CC and BCC on all system-sent emails. To configure this, see the production guide for sending system emails. (#2320, @sethvargo)
  • Only register metric descriptors that have not yet been registered. (#2311, @sethvargo)

SMS

  • Allow user report to utilize a different "from" number for SMS sending. This can help reduce queuing and self report codes being blocked by a large bulk issue in a jurisdiction. (#2312, @mikehelmick)
  • Fix an issue where the server might crash when a large number of codes were submitted to the SMS provider and the SMS provider rejects the request due to a queueing issue. (#2307, @sethvargo)

Dependencies

Added

  • cloud.google.com/go/compute: v1.0.0
  • cloud.google.com/go/iam: v0.1.0

Changed

Removed

  • github.com/iancoleman/strcase: v0.2.0
  • github.com/lyft/protoc-gen-star: v0.5.3
Assets 2
Loading

v1.5.0

18 Jan 14:27
@sethvargo sethvargo
v1.5.0
c033566
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.5.0

⚠️ If you plan on enabling the emailer service, please use v1.5.1 instead, as it fixes a critical bug.

UI

  • Add explanation for possible delta in token claim / publish rate due to iOS user-report behavior (#2309, @bschlaman)

Operations

  • Add functionality for sending alert emails to realm contacts for SMS and code anomalies. This removes the server operator from the loop in alerting realms of potential issues with SMS error rates or code claim ratios. However, this does require configuration and setup. If you previously enabled twilio ignored codes, remove the ignored_twilio_error_codes definition from your Terraform. For detailed setup instructions, see https://github.com/google/exposure-notifications-verification-server/blob/main/docs/production.md#setup-system-emails. This introduces a new service, emailer. When deploying, run terraform taint module.en.null_resource.build to ensure the new service is built. The initial Terraform deployment may fail with errors about a missing metric. After you configure the emailer as noted above, update the Terraform configuration for module the en and en-alerting module and set enable_emailer = true, then run Terraform a second time and it will succeed. If you restrict ingress traffic, also ensure add the revision annotation "run.googleapis.com/ingress" : "all" to the emailer service. (#2308, @sethvargo)
  • Add support for setting CC and BCC on all system-sent emails. To configure this, see the production guide for sending system emails. (#2320, @sethvargo)
  • Only register metric descriptors that have not yet been registered. (#2311, @sethvargo)

SMS

  • Allow user report to utilize a different "from" number for SMS sending. This can help reduce queuing and self report codes being blocked by a large bulk issue in a jurisdiction. (#2312, @mikehelmick)
  • Fix an issue where the server might crash when a large number of codes were submitted to the SMS provider and the SMS provider rejects the request due to a queueing issue. (#2307, @sethvargo)

Dependencies

Added

  • cloud.google.com/go/compute: v1.0.0
  • cloud.google.com/go/iam: v0.1.0

Changed

Removed

  • github.com/iancoleman/strcase: v0.2.0
  • github.com/lyft/protoc-gen-star: v0.5.3
Assets 2
Loading

v1.4.0

10 Jan 20:12
@sethvargo sethvargo
v1.4.0
7684903
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.4.0

Changes since v1.3.0

User-report

  • Add user report debug option for development environments. (#2300, @mikehelmick)
  • For user-report webview, use agency background color instead of agency color. (#2303, @mikehelmick)

Operations

  • Allow server operators to ignore specific Twilio error codes in SMS alerts. Server operators can set the ignored_twilio_error_codes variable in the alerting module to a string list of error codes that should be ignored when determined if there are elevated SMS errors for a realm. This can be helpful for Twilio errors that are non-actionable, such as "30006" which means a message was sent to a landline phone number. This is a global configuration that applies to all realms on the server; there is no realm-specific configuration. This change affects the monitoring and alerting policy, not the data collection. Realms will still see all SMS errors in their statistics dashboard, even if that error code is excluded from the alerting policy. (#2306, @sethvargo)

Bug fixes

  • Extends stats retention default by 1d to avoid the last day being cleaned up and still being shown. (#2299, @mikehelmick)
  • Fix an issue where the server might crash when a large number of codes were submitted to the SMS provider and the SMS provider rejects the request due to a queueing issue. (#2307, @sethvargo)

Dependencies

Added

Nothing has changed.

Changed

Nothing has changed.

Removed

Nothing has changed.

Assets 2
Loading

v1.3.0

06 Dec 22:52
@sethvargo sethvargo
v1.3.0
e90240c
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.3.0

Enhancements

  • Add user report translations for PS. (#2292, @mikehelmick)
  • Adds user report translations for OM and TI languages. (#2291, @mikehelmick)
  • Change default pagination to be 24 elements per page. (#2290, @sethvargo)
  • Improve tracing of requests that span multiple services (like the e2e runer) (#2296, @sethvargo)
  • Set a custom user-agent header when running e2e tests to make log identification easier (#2293, @sethvargo)

Dependencies

Added

Nothing has changed.

Changed

Removed

Nothing has changed.

Assets 2
Loading

v1.2.0

16 Nov 17:11
@mikehelmick mikehelmick
v1.2.0
5005e2a
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.2.0

Release notes for exposure-notifications-verificaiton-server

Changelog since v1.1.0

Changes by Kind

Security

This was first patched, in v1.1.2, but is being repeated here

  • SECURITY PATCH! This release fixes an issue where users or API keys with permission to expire verification codes could have expired codes that belonged to another realm if they guessed the UUID.

Enhancement

  • Add human vetted translations for my (#2254, @mikehelmick)
  • Allows for a max latency injected for chaff requests, default is set to 1000 ms and is configurable. (#2279, @mikehelmick)
  • System administrators can now remove a phone number from the user report deduplication list before the phone number ages out. (#2270, @mikehelmick)
  • Add a global configuration option (applies to all realms) to configure the number of standard deviations away from the norm before behavior is consider an anomaly. You can configure this value by setting ANOMALY_ALLOWED_STDEVS on the server and modeler components to any positive float value. The default value is 2.0. (#2281, @sethvargo)
  • Add more documentation for SMS error statistics. (#2259, @sethvargo)
  • Add sms errors chart to realm guide (#2282, @sethvargo)
  • Adds user report translations for AF and ZU. (#2280, @mikehelmick)
  • Allows HTTP GET request method (in addition to POST) for initiating the user report webview. The API key and nonce must still be passed as HTTP headers (unless dev mode is also enabled). dev mode should NOT be enabled in production to avoid logging the API key query params. (#2260, @mikehelmick)
  • Ensure there is only one E2E realm and prohibit naming realms similarly to avoid confusion. (#2286, @sethvargo)
  • Ensure validation errors always return an HTTP 422 response code for the web interface. (#2276, @sethvargo)
  • Fix an issue with rendering charts when realms had less than 30 days worth of key server statistics. (#2269, @sethvargo)
  • Fix parameters for the CodesClaimedRatioAnomaly and ElevatedSMSErrors alerts (#2266, @bschlaman)
  • Ignore e2e realm in anomaly notifications. (#2284, @sethvargo)
  • Improve performance for redrawing charts when the browser window is resized. (#2255, @sethvargo)
  • Make Cloud Scheduler timezone configurable in Terraform via var.cloud_scheduler_timezone and update the default value to UTC time. (#2262, @sethvargo)
  • NotifyAnomalies and EnableSMSErrorWebhook are now enabled by default and cannot be disabled. (#2257, @sethvargo)
  • Return more detailed responses on code expiration errors. Only return 500 on server-side errors. (#2264, @sethvargo)

Dependencies

Added

Nothing has changed.

Changed

Removed

Nothing has changed.

Assets 2
Loading

v1.1.2

09 Nov 15:39
@sethvargo sethvargo
v1.1.2
f47bca0
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.1.2

Security

  • SECURITY PATCH! This release fixes an issue where users or API keys with permission to expire verification codes could have expired codes that belonged to another realm if they guessed the UUID.

Self-report

  • Allows HTTP GET request method (in addition to POST) for initiating the user report webview. The API key and nonce must still be passed as HTTP headers (unless dev mode is also enabled). dev mode should NOT be enabled in production to avoid logging the API key query params. (#2260, @mikehelmick)

Operations

  • Make Cloud Scheduler timezone configurable in Terraform via var.cloud_scheduler_timezone and update the default value to UTC time. (#2262, @sethvargo)
  • Return more detailed responses on code expiration errors. Only return 500 on server-side errors. (#2264, @sethvargo)

Dependencies

Added

Nothing has changed.

Changed

Nothing has changed.

Removed

Nothing has changed.

Assets 2
Loading

v1.1.1

05 Nov 12:44
@sethvargo sethvargo
v1.1.1
04d5207
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.1.1

Internationalization

Administration

Bug fixes and features

  • Improve performance for redrawing charts when the browser window is resized. (#2255, @sethvargo)
  • Allows HTTP GET request method (in addition to POST) for initiating the user report webview. The API key and nonce must still be passed as HTTP headers (unless dev mode is also enabled). dev mode should NOT be enabled in production to avoid logging the API key query params. (#2260, @mikehelmick)

Dependencies

Added

Nothing has changed.

Changed

Nothing has changed.

Removed

Nothing has changed.

Assets 2
Loading

v1.1.0

01 Nov 16:06
@sethvargo sethvargo
v1.1.0
7b10ccf
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.1.0

Upgrade notes

  • You may get errors during the Terraform apply about a missing metric. Ignore this error and continue the deploy, then re-run Terraform when finished.
  • This release contains two new features: SMS error webhooks and anomaly notifications. These features are both enabled by default. If you want to disable these features, see the release note below for instructions to disable. We do not recommend disabling these features.

Enhancements

  • Add functionality for individual realms to configure a Twilio error webhook. If configured, the realm statistics page will display a summary of recent Twilio errors by error code, grouped by UTC day. This feature is available by default, but requires configuration on the Twilio account. It can be disabled by setting ENABLE_SMS_ERROR_WEBHOOK=false. We do not recommend disabling this setting unless there are technical issues. The ability to disable this feature will be removed in a future release. (#2231, @sethvargo)
  • Add predictive modeling for anomaly detection for code claim rates. If the most recent day's ratio falls below one standard deviation of the 14-day historical average, it's considered an anomaly. Anomalies are flagged in the UI to users with StatsRead permissions via a persistent banner. Anomalies are also visible system admin realms index page and realm page. Server operators can disable the realm banner by setting NOTIFY_ANOMALIES=false. Server operators will also receive an alert on their non-paging alert channel when realm's are in an anomaly state. See the new CodesClaimedRatioAnomaly playbook for more information. We do not recommend disabling this setting unless there are technical issues. The ability to disable this feature will be removed in a future release. (#2229, @sethvargo)
  • Adds Burmese user report webview translations (#2252, @mikehelmick)
  • Split translations for main server and enx-redirect server to allow decoupling of the translation set. (#2224, @mikehelmick)
  • Adds HI and PA as supported user-report webview languages. (#2248, @mikehelmick)
  • Greatly increases the number of translations for the user report web view. (#2251, @mikehelmick)

Bug fixes

  • Fixed missing return that could display errors to users when enable/disabling API keys under certain circumstances (#2240, @mikehelmick)
  • Fix the name for the backup-worker job in gcloud command in Terraform output. (#2227, @sethvargo)
  • Fix an issue with the per-user and external issuer tables on the statistics page that would prevent the nested fields from expanding. (#2249, @sethvargo)
  • When deleting a verification code post-SMS send fail, use the primary key for more efficient deletion (#2250, @mikehelmick)
  • Only rebuild models once on each invocation of the modeler. (#2228, @sethvargo)

Dependencies

Added

  • gioui.org: 57750fc
  • github.com/Microsoft/hcsshim/test: 43a75bb
  • github.com/PuerkitoBio/purell: v1.1.1
  • github.com/PuerkitoBio/urlesc: de5bf2a
  • github.com/Shopify/logrus-bugsnag: 577dee2
  • github.com/ajstarks/svgo: 644b8db
  • github.com/alexflint/go-filemutex: 72bdc8e
  • github.com/bitly/go-simplejson: v0.5.0
  • github.com/blang/semver: v3.5.1+incompatible
  • github.com/boombuler/barcode: v1.0.0
  • github.com/bshuster-repo/logrus-logstash-hook: v0.4.1
  • github.com/buger/jsonparser: f4dd9f5
  • github.com/bugsnag/bugsnag-go: b1d1530
  • github.com/bugsnag/osext: 0dd3f91
  • github.com/bugsnag/panicwrap: e2c2850
  • github.com/checkpoint-restore/go-criu/v4: v4.1.0
  • github.com/containerd/aufs: v1.0.0
  • github.com/containerd/btrfs: v1.0.0
  • github.com/containerd/go-cni: v1.0.2
  • github.com/containerd/imgcrypt: v1.1.1
  • github.com/containerd/nri: v0.1.0
  • github.com/containerd/zfs: v1.0.0
  • github.com/containernetworking/cni: v0.8.1
  • github.com/containernetworking/plugins: v0.9.1
  • github.com/containers/ocicrypt: v1.1.1
  • github.com/coreos/go-iptables: v0.5.0
  • github.com/coreos/go-oidc: v2.1.0+incompatible
  • github.com/d2g/dhcp4: a1d1b6c
  • github.com/d2g/dhcp4client: v1.0.0
  • github.com/d2g/dhcp4server: 7d4a0a7
  • github.com/d2g/hardwareaddr: e7d9fbe
  • github.com/denverdino/aliyungo: a747050
  • github.com/dnaeon/go-vcr: v1.0.1
  • github.com/docker/go-events: e31b211
  • github.com/docker/go-metrics: v0.0.1
  • github.com/docker/libtrust: fa56704
  • github.com/docker/spdystream: 449fdfc
  • github.com/docopt/docopt-go: ee0de3b
  • github.com/elazarl/goproxy: 947c36d
  • github.com/emicklei/go-restful: v2.9.5+incompatible
  • github.com/evanphx/json-patch/v5: v5.5.0
  • github.com/evanphx/json-patch: v4.9.0+incompatible
  • github.com/fogleman/gg: v1.3.0
  • github.com/fullsailor/pkcs7: d7302db
  • github.com/gabriel-vasile/mimetype: v1.4.0
  • github.com/garyburd/redigo: 535138d
  • github.com/go-fonts/dejavu: v0.1.0
  • github.com/go-fonts/latin-modern: v0.2.0
  • github.com/go-fonts/liberation: v0.1.1
  • github.com/go-fonts/stix: v0.1.0
  • github.com/go-ini/ini: v1.25.4
  • github.com/go-latex/latex: b3d85cf
  • github.com/go-logr/logr: v0.2.0
  • github.com/go-openapi/jsonpointer: v0.19.3
  • github.com/go-openapi/jsonreference: v0.19.3
  • github.com/go-openapi/spec: v0.19.3
  • github.com/go-openapi/swag: v0.19.5
  • github.com/gogo/googleapis: v1.4.0
  • github.com/golang/freetype: e2365df
  • github.com/gomodule/redigo: v1.8.2
  • github.com/googleapis/gnostic: v0.4.1
  • github.com/hashicorp/go-secure-stdlib/base62: v0.1.1
  • github.com/hashicorp/go-secure-stdlib/mlock: [v0.1.1](https://github.com/has...
Read more
Assets 2
Loading