Skip to content

Release 2.8.0
Compare
Choose a tag to compare
@anvit anvit released this 08 Jan 19:13
· 66 commits to qa/2.x since this release
v2.8.0
f045e6e
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Release 2.8.0 is a major release which features a couple of important security updates: adding Content Security Policy headers to AtoM responses and updates to atom cookies. Please note that CSP headers are set to report-only for this release, but AtoM administrators should update the directives list in config/app.yml if their AtoM site has any outgoing requests to external sources.

This release also makes the Bootstrap 5 Dominion theme the default theme for new installations, and deprecates Bootstrap 2 themes (arDominionPlugin and arArchivesCanadaPlugin) since Bootstrap 2 is no longer officially supported. AtoM administrators should plan to switch to a Bootstrap 5 theme.

This release also brings a big list of features and enhancements including support for changing diacritics settings (more details in the documentation), adding an authority record rename option, and a dedicated tab that allows viewing failed jobs in AtoM.

A huge thanks to the community contributors who worked on features and bug fixes this release:

Features and enhancements:

  • Added diacritics setting functionality #1684
  • Set arDominionB5Plugin to be the default theme for new installations in AtoM #1632
  • Added a Bootstrap 2 deprecation notice in the web UI #1642
  • Added REST API support for physical storage object creation #1628
  • Added a new REST API endpoint that allows changing of an information object's publication status #1624
  • Added a tab for viewing failed jobs #1613
  • Added an authority record rename module #1542
  • Increased the PDF indexing limit to 16MB #13650
  • Amharic made available in Weblate for translation

Security updates:

  • Add CSP headers to AtoM responses #1646
  • Update CSP header default to 'report-only' #1693
  • secure and samesite flags added to AtoM cookies #1641

Bug fixes:

  • Fixed difficult to read job logs #1715
  • Fixed typo in API key label when editing user. #1713
  • Fixed archival institution page's upload limit form has a broken field on BS5 theme #1710
  • Fixed invalid static pages being created with invalid slugs #1703
  • Fixed clipboard send feature no longer sending the request data as a form submission #1701
  • Fixed some BS5 theme typography issues and inconsistencies #1698
  • Fixed autocomplete during SKOS import pointing to descriptions instead of taxonomies #1696
  • Updated the CSRF attack message to be more informative #1678
  • Added proper page titles for better accessibility (WCAG (2.4.2)) #1673
  • Added error handling for the rename-slug CLI tool #1666
  • Fixed Dockerfile so that it no longer gives an error when it is trying to install a package from npm #1662
  • Fixed incomplete terms being saved in the taxonomy when adding access points #1661
  • Fixed identifier counter not incrementing when used to modify existing descriptions #1653
  • Fixed the broken media-type option on digital object deriv regeneration task #1643
  • Fixed global search institutional delimiters and advanced search link #1635
  • Removed the repeated re-index warnings on running the build-nested-set task #1634
  • Fixed an ACL check in the REST API's digital object create endpoint that was malformed #1630
  • Added a task description for the password reset task #1611
  • Fixed G4 analytics not tracking pageviews from clicks in full-width treeview #1606
  • Fixed escape special characters setting no longer working in 2.7.x #1605
  • Reduced noise in search results that was there due to indexing inherited creators #1598
  • Fixed multi-line i18n strings #1704
  • Fixed update function for 'Language and script notes'. #13657
  • Updated BS5 navbar-toggler-icon to Font Awesome icon #1688
  • Fixed RAD template fields not appearing when switching languages #1596

Dependency updates:

  • Bumped postcss from 8.4.12 to 8.4.31
  • Bumped postcss and resolve-url-loader
  • Bumped @cypress/request from 2.88.10 to 3.0.1
  • Bumped tough-cookie and @cypress/request
  • Upgraded Cypress to v13.2

Also many thanks to the folks who reported security vulnerabilities for this release:

  • Helder Gomes Silva #1641

Full Changelog: v2.7.3...v2.8.0

Assets 2
Loading