Changes
1.4.3 (2022-07-15)
Fixed a number of bugs introduced in the 1.4.x series
Accept 20x status codes from subscriber callbacks instead of only HTTP 204
Bumped to vng-api-common 1.7.8 for future feature development
[open-zaak/open-zaak#1207] Bumped to Django security release
[#78] Added missing bleach dependency
1.4.2 (2022-07-01)
Fixed a crash when using the OIDC integration.
Thanks @damm89 for reporting this and figuring out the cause!
1.4.1 (2022-06-24)
Bugfix release following 1.4.0
Fixed missing migration file for conversion from ADFS library to OpenID Connect library
Fixed the CI build not producing
latest
image tags correctly
1.4.0 (2022-05-03)
New features
Implemented automatic delivery retry mechanism on failure (#1132)
You can now manually (re)-send notifications from the admin interface (#1135)
Improved admin interface for notifications (#1133)
Documentation
document Open Notificaties message delivery guarantees (#1151)
described subscription filters in docs (#1134)
Project maintenance
Replace ADFS library with generic OpenID Connect library - please see the notes below! (#1139)
Upgraded Python version from 3.7 to 3.9
Upgraded to Django 3.2.13 (#1136)
Warning
Manual intervention required for ADFS/AAD users.
Open Notificaties replaces the ADFS/Azure AD integration with the generic OIDC integration. On update, Open Notificaties will attempt to automatically migrate your ADFS configuration, but this may fail for a number of reasons.
We advise you to:
back up/write down the ADFS configuration BEFORE updating
verify the OIDC configuration after updating and correct if needed
Additionally, on the ADFS/Azure AD side of things, you must update the Redirect URIs:
https://open-notificaties.gemeente.nl/adfs/callback
becomes
https://open-notificaties.gemeente.nl/oidc/callback
.
In release 1.5.0 you will be able to finalize the removal by dropping the relevant tables.
1.3.0 (2022-03-28)
New features
Upgraded to Django 3.2 LTS version (#1124)
Confirmed support for PostgreSQL 13 and 14
Project maintenance
Upgraded a number of dependencies to be compatible with Django 3.2 (#1124)
Warning
Manual intervention required!
Admin panel brute-force protection
Due to the ugprade of a number of dependencies, there is a new environment variable
NUM_PROXIES
which defaults to 1
which covers a typical scenario of deploying
Open Notificaties behind a single (nginx) reverse proxy. On Kubernetes this is
typically the case when using an ingress. Other deployment layouts/network topologies
may require tweaks if there are additional load balancers/reverse proxies in play.
Failing to specify the correct number may result in:
login failures/brute-force attempts locking out your entire organization because one of the reverse proxies is now IP-banned - this happens if the number is too low.
brute-force protection may not be operational because the brute-forcer can spoof their IP address, this happens if the number is too high.
1.2.3 (2021-12-17)
Fixed a container image bug
MIME-types of static assets (CSS, JS, SVG…) were not properly returned because of
the container base image not having the /etc/mime.types
file.
1.2.2 (2021-12-07)
Fixed a bug allowing for empty kenmerk values in notifications.
1.2.1 (2021-09-20)
Open Notificaties 1.2.1 fixes a resource leak. See the below info box for more details.
Note
Notifications are delivered to subscriptions via asynchronous background workers. These background tasks were incorrectly storing the execution metadata and result in the backend without consuming/ pruning them from the result store. The symptoms should have been fixed with the 1.2.0 release where the default backend is switched to Redis instead of RabbitMQ (which normally does evict keys after a certain timeout) - but this release fixes the root cause. Result and metadata are now no longer stored.
1.2.0 (2021-09-15)
Fixes
Fixed the webserver and background worker processes not having PID 1
Containers now run as un-privileged user rather than the root user (open-zaak/open-zaak#869)
Added Celery Flower to the container images for background worker task monitoring
New features
Added support for generic OpenID Connect admin authentication (open-zaak/open-zaak#1034)
1.1.5 (2021-04-15)
Bugfix release
Bumped ADFS libraries to support current state of Azure AD
Fixed issue with self-signed certificates loading
1.1.4 (2021-03-25)
Quality of life release
Updated to pip-tools 6 internally for dependency management
Bumped Django and Jinja2 dependencies to get their respective bug- and security fixes
Added support for self-signed (root) certificates, see the documentation on readthedocs for more information.
Clarified version numbers display in footer
1.1.3 (2021-03-17)
Bugfix release fixing some deployment issues
Fixed broken
STATIC_URL
andMEDIA_URL
settings derived fromSUBPATH
. This should fix CSS/Javascript assets not loading inRemoved single-server documentation duplication (which was outdated too)
Removed
raven test
command from documentation, it was removed.Made CORS set-up opt-in
1.1.2 (2020-12-17)
Quality of life release, no functional changes.
Updated deployment tooling to version 0.10.0. This adds support for CentOS/RHEL 7 and 8.
Migrated CI from Travis CI to Github Actions
Made PostgreSQL 10, 11 and 12 support explicit through build matrix
1.1.1 (2020-11-09)
Small quality of life release.
Updated documentation links in API Schema documentation
Added missing Redis service to
docker-compose.yml
Fixed
docker-compose.yml
(Postgres config, session cache…)Fixed version var in deploy config
Fixed settings/config for hosting on a subpath
Added management command for initial Open Notificaties setup (
setup_configuration
)Fixed broken links in docs
Bumped dev-tools isort, black and pip-tools to latest versions
Fixed tests by mocking HTTP calls that weren’t mocked yet
Fixed handling HTTP 401 responses on callback auth validation. Now both 403 and 401 are valid responses.
1.1.0 (2020-03-16)
Feature and small improvements release.
Note
The API remains unchanged.
Removed unnecessary sections in documentation
Updated deployment examples
Tweak deployment to not conflict (or at least less likely :-) ) with Open Zaak install Open Zaak and Open Notificaties on the same machine are definitely supported
Added support for ADFS Single Sign On (disabled by default)
Added documentation build to CI
1.0.0 final (2020-02-07)
🎉 First stable release of Open Notificaties.
Features:
Notificaties API implementation
Tested with Open Zaak integration
Admin interface to view data created via the APIs
Scalable notification delivery workers
NLX ready (can be used with NLX)
Documentation on https://open-notificaties.readthedocs.io/
Deployable on Kubernetes, single server and as VMware appliance
Automated test suite
Automated deployment