v2.9.0

This release includes huge database migrations made for query optimization, which includes rewriting of object permission tables. Database backup is highly recommended before upgrade.

Also there is a long changelog ahead, so please read information about most important changes in What's changed section before upgrade.

Major changes:

• Huge improvements in Web part which includes:
  • Beautified login/registration pages (#726)
  • Usage of Vite and Rollup for building instead of Create React App and Webpack (#741). If you have in-house plugins, read the What's changed section in documentation.
  • Rewrite to TypeScript (#807, kudos @postrowinski!)
  • Closable error messages (#763)
• Search should be much much faster because of these changes:
  • Counting of all results before applying actual query is optional and disabled by default as it has huge impact on performance (#718)
  • When user has access_all_objects capability, exclusive object permissions are not even considered in query (#783). It also means that access_all_objects really gives access to all
    objects in system (it's not "autosharing" of all added objects as before), so everything group is effectively useless and is not created by default.
• Changes in shares representation, so it's more clear who is the actual uploader of the sample. It's better described here (#717)
• certpl/mwdb Docker image uses gunicorn instead of uwsgi, as uwsgi project was mostly abandoned (#735)
• v2.9.0 comes with additional small feature that enables you to ask your users for consent to share samples with 3rd party services (#801)
• Karton is bumped to v5.1.0 and its producer shows in services tab in Karton Dashboard
• Object listing endpoints are accepting count parameter, so you can load them in chunks bigger than 10 (#755)

Minor changes and improvements:

• Dedicated group is created for each OpenID Connect provider (#668)
• ssdeep is replaced with pure-Python implementation - ppdeep (#692)
• sharing_objects capability was renamed to sharing_with_all which better describes its real meaning (#696)
• Backslashes are better handled in configuration search (#690)
• Rich attributes: field can be rendered as search link using special {{@value}} syntax (#628)
• Sample preview downloads sample in obfuscated form (with negated bits) to not trigger EDR/AV solutions (#721, thanks @middleware99!)
• Added access_uploader_info capability to make users able to search for uploaders from the outside of our groups without giving powerful sharing_with_all capability (#705)
• Rich preview in AttributeAddModal (#724)
• Handle 'misc:' as a proper tag (#742, thanks @jasperla!)
• OAuth logout, so you can easily logout yourself from OAuth provider e.g. to switch accounts (#732)
• Configurable upload size (#756)
• Critical error in Web shows JS stack information (#790)
• Capabilities can be changed also in User/Group view instead of only Access control page (#770)
• User is warned in Relations tab when number of relations exceeds 1000 (#791)
• use_x_forwarded_for option in configuration to respect X-Forwarded-For header, enabled by default in Docker images (#845)

Bugfixes:

• NetworkError exceptions in Web are a bit better handled and they shouldn't crash whole application so often (#846)
• OpenID Connect: fixed provider registration (4e015b6, thanks @v-rzh!)

Special thanks to @yankovs for tracking some regressions during development!

And finally thanks to development team that worked on this release: @KWMORALE, @Repumba, @postrowinski, @olivergav, @nazywam.

Hopefully we'll be publishing stable releases a bit more often so the changelogs won't be that long 🥲