- APIs for the following actions:
- Add new proposed attribute to an event
- Add proposed change to an attribute
- View a proposal
- Accept a proposal
- Discard a proposal
- new APIs described on the automation page
- vulnerability reported by Airbus Group CERT
- Deprecated ajax attribute view had inverse access control logic
- removed ajax path
- added XML/JSON view
- Fixed a critical bug in the XML export
- As of recently XML exports include relations as they were missing before
- the sanitisation of the event info field in related attributes was incorrectly sanitized of unicode characters
- this can lead to the XML export breaking and also for affected events to be blocked from synchronisation
- Proposal fixes
- fixed an invalid uuid generation that lead to an exception
- fixed the attachments for proposals still using the old attachment system that disallows most filenames
- added the automatic creation of hashes for attachment proposals
- As RichieB2B noted, get_current_user() gets the owner of the script in CentOS / RHEL not the user executing the script (as in Ubuntu)
- Current solution uses posix_getpwuid and posix_geteuid if the php-posix package is installed
- if not, it uses whoami
- for some users the workers appeared to be dead even though the worker processes were functional and started by the correct user
- this was due to access to /proc being blocked by open_basedir directive settings
- added a check and the corresponding view changes to this being the case
- Under these distros, php is blocked from seeing concurrently running php processes even under the same user
- instead of running ps, the diagnostic now checks the existance of the pid file in /proc/
- datepicker seems to bug out as of recently
- misplaced popup that overlaps with the top bar
- fixed by updating to a newer version of datepicker
- added a new view that generates a markdown version of the categories and types view, for easier gitbook generation
- diagnostic tool would throw exceptions because the db session tables are still missing in some older instances
- if a different session handler is used, the test is skipped
- REST delete of events lacked an API specific response
- simply redirected to the index
- it now returns eitehr "Event deleted" or "Event was not deleted" depending on the outcome