From e72bda47b0048fb1c6822b7133fbc5bdbd9c6ce7 Mon Sep 17 00:00:00 2001 From: Jon Ayers Date: Thu, 26 Jan 2023 00:43:27 +0000 Subject: [PATCH 1/5] chore: add changelog for 1.39.0 --- changelog/1.39.0.md | 28 ++++++++++++++++++++++++++++ manifest.json | 6 ++++++ 2 files changed, 34 insertions(+) create mode 100644 changelog/1.39.0.md diff --git a/changelog/1.39.0.md b/changelog/1.39.0.md new file mode 100644 index 000000000..7e06f94f3 --- /dev/null +++ b/changelog/1.39.0.md @@ -0,0 +1,28 @@ +# 1.38.2 + +### Breaking changes ❗ + +There are no breaking changes in 1.38.2. + +### Features ✨ + +- Added support for an admin-configurable maximum age for API keys in the Admin panel. +- Added a toggle to the OIDC provider in the Admin panel to disable automatic user creation. + When toggled on, users will have to be manually created by an administrator with an email + that matches the value provided by the 'email' field in the OIDC payload. The login type + of the user must be set to OIDC for them to successfully login. +- Added a logout action to the audit log to track user logouts. +- Removed the hard limit on total number of images in a deployment. + +### Bug fixes 🐛 + +- Fixed an issue where users couldn't install the code-server PWA (Progressive Web App). +- Fixed various paths where API Keys were not being audited. +- Fixed an issue where deleted users were not shown in the audit log. +- Fixed various UI inconsistencies around images and image tags. +- Fixed an issue that could cause the dashboard to unnecessarily re-render multiple times. + +### Security updates 🔐 + +- Fixed an issue where exporting audit logs could be vulnerable to a CSV injection. +- Websocket clients are now rejected if they supply an invalid 'sec-websocket-key' header value. diff --git a/manifest.json b/manifest.json index c20030996..8701b6b16 100644 --- a/manifest.json +++ b/manifest.json @@ -948,6 +948,12 @@ "path": "./changelog/index.md", "icon_path": "./assets/images/icons/paper.svg", "children": [ + { + "path": "./changelog/1.39.0.md", + "children": [], + "title": "1.39.0", + "description": "Released on 01/25/2023" + }, { "path": "./changelog/1.38.0.md", "children": [ From b380159adcd3e2e182a11aad59f1efeac451ca56 Mon Sep 17 00:00:00 2001 From: Jon Ayers Date: Thu, 26 Jan 2023 00:45:42 +0000 Subject: [PATCH 2/5] fix some verbiage --- changelog/1.39.0.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/changelog/1.39.0.md b/changelog/1.39.0.md index 7e06f94f3..c44dd81b3 100644 --- a/changelog/1.39.0.md +++ b/changelog/1.39.0.md @@ -1,16 +1,16 @@ -# 1.38.2 +# 1.39.0 ### Breaking changes ❗ -There are no breaking changes in 1.38.2. +There are no breaking changes in 1.39.0. ### Features ✨ -- Added support for an admin-configurable maximum age for API keys in the Admin panel. +- Added the ability to set the maximum age for an API key in the Admin panel. - Added a toggle to the OIDC provider in the Admin panel to disable automatic user creation. When toggled on, users will have to be manually created by an administrator with an email that matches the value provided by the 'email' field in the OIDC payload. The login type - of the user must be set to OIDC for them to successfully login. + of the user must be set to OIDC in order to successfully login. - Added a logout action to the audit log to track user logouts. - Removed the hard limit on total number of images in a deployment. From cfa20c5019323e81fe07bc4e3bc155b72038d637 Mon Sep 17 00:00:00 2001 From: Jon Ayers Date: Thu, 26 Jan 2023 00:48:50 +0000 Subject: [PATCH 3/5] lint --- changelog/1.39.0.md | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/changelog/1.39.0.md b/changelog/1.39.0.md index c44dd81b3..3b0c526f1 100644 --- a/changelog/1.39.0.md +++ b/changelog/1.39.0.md @@ -7,22 +7,28 @@ There are no breaking changes in 1.39.0. ### Features ✨ - Added the ability to set the maximum age for an API key in the Admin panel. -- Added a toggle to the OIDC provider in the Admin panel to disable automatic user creation. - When toggled on, users will have to be manually created by an administrator with an email - that matches the value provided by the 'email' field in the OIDC payload. The login type - of the user must be set to OIDC in order to successfully login. +- Added a toggle to the OIDC provider in the Admin panel to disable automatic + user creation. + When toggled on, users will have to be manually created by an administrator + with an email that matches the value provided by the 'email' field in the + OIDC payload. The login type of the user must be set to OIDC in order to + successfully login. - Added a logout action to the audit log to track user logouts. - Removed the hard limit on total number of images in a deployment. ### Bug fixes 🐛 -- Fixed an issue where users couldn't install the code-server PWA (Progressive Web App). +- Fixed an issue where users couldn't install the code-server PWA + (Progressive Web App). - Fixed various paths where API Keys were not being audited. - Fixed an issue where deleted users were not shown in the audit log. - Fixed various UI inconsistencies around images and image tags. -- Fixed an issue that could cause the dashboard to unnecessarily re-render multiple times. +- Fixed an issue that could cause the dashboard to unnecessarily re-render + multiple times. ### Security updates 🔐 -- Fixed an issue where exporting audit logs could be vulnerable to a CSV injection. -- Websocket clients are now rejected if they supply an invalid 'sec-websocket-key' header value. +- Fixed an issue where exporting audit logs could be vulnerable to a CSV + injection. +- Websocket clients are now rejected if they supply an invalid + 'sec-websocket-key' header value. From a040bcb2cb0abec2e55ffe6455b13d29f053bba6 Mon Sep 17 00:00:00 2001 From: Jon Ayers Date: Thu, 26 Jan 2023 00:51:02 +0000 Subject: [PATCH 4/5] tabs > spaces --- changelog/1.39.0.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/changelog/1.39.0.md b/changelog/1.39.0.md index 3b0c526f1..981f59aa9 100644 --- a/changelog/1.39.0.md +++ b/changelog/1.39.0.md @@ -10,9 +10,9 @@ There are no breaking changes in 1.39.0. - Added a toggle to the OIDC provider in the Admin panel to disable automatic user creation. When toggled on, users will have to be manually created by an administrator - with an email that matches the value provided by the 'email' field in the - OIDC payload. The login type of the user must be set to OIDC in order to - successfully login. + with an email that matches the value provided by the 'email' field in the + OIDC payload. The login type of the user must be set to OIDC in order to + successfully login. - Added a logout action to the audit log to track user logouts. - Removed the hard limit on total number of images in a deployment. From ff225b2fb8602ccc53b1835c213f332fcaedecb9 Mon Sep 17 00:00:00 2001 From: Jon Ayers Date: Thu, 26 Jan 2023 00:55:01 +0000 Subject: [PATCH 5/5] formatting --- changelog/1.39.0.md | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/changelog/1.39.0.md b/changelog/1.39.0.md index 981f59aa9..e7eeefb2b 100644 --- a/changelog/1.39.0.md +++ b/changelog/1.39.0.md @@ -8,11 +8,10 @@ There are no breaking changes in 1.39.0. - Added the ability to set the maximum age for an API key in the Admin panel. - Added a toggle to the OIDC provider in the Admin panel to disable automatic - user creation. - When toggled on, users will have to be manually created by an administrator - with an email that matches the value provided by the 'email' field in the - OIDC payload. The login type of the user must be set to OIDC in order to - successfully login. + user creation. When toggled on, users will have to be manually created by an + administrator with an email that matches the value provided by the 'email' + field in the OIDC payload. The login type of the user must be set to OIDC + in order to successfully login. - Added a logout action to the audit log to track user logouts. - Removed the hard limit on total number of images in a deployment.