v0.3.8

What's Changed

• CVE-2022-41946 by @milt in #254

Full Changelog: v0.3.7...v0.3.8

v0.3.7

What's Changed

• latest lrs lib to clear CVE-2022-41719 by @milt in #253

Full Changelog: v0.3.6...v0.3.7

v0.3.6

Release Notes

• Add support for the statements/read/mine scope (see: #245). When querying statements with this scope, only statements with the authority value associated with the current credentials are retrieved. For more information on scopes, see section 4.2 OAuth 1.0 Authorization Scope of the xAPI Statement spec.
• Add validation of authority templates (see: #248).

v0.3.5

Release Notes

Important Security Update: Fix a bug where, when performing an OIDC administration action, any authenticated request would be performed regardless of the user's scopes.

v0.3.4

Release Notes

• Update Postgres to 42.4.1 in order to address CVE-2022-31197
• Update Testcontainers test dependency to 1.17.3
• Fix failing test case for HTTPS

v0.3.3

What's Changed

• suppress CVE-2022-23172, CVE-2022-23173 for priority map, not affected by @milt in #241

Full Changelog: v0.3.2...v0.3.3

v0.3.2

What's Changed

• SQL-154 allow runtime log level control with env var by @milt in #238

Full Changelog: v0.3.1...v0.3.2

v0.3.1

What's Changed

• bump jetty deps for CVE-2022-2048, CVE-2022-2047, CVE-2022-2191 by @milt in #240

Full Changelog: v0.3.0...v0.3.1

v0.3.0

What's Changed

• BREAKING SQL-150 Overwrite Statement Authority by @milt in #234. Previously SQL LRS would not apply the operator-specified authority if one was present on an incoming statement. From v0.3.0 onwards all statement authority objects will be overwritten. Note that this change does not apply to statements already stored in the LRS by previous versions.

Full Changelog: v0.2.11...v0.3.0

v0.2.11

Release Notes

• Suppress false positive CVEs on H2.
• Update Cheshire dependency to 5.11.0.

See Pull Request #229 for more details.