v5.0.0
Avni-Server
Security features
- Enhanced Validation - If
enhanced_validationis set to true on the application.properties file, then several new validations will happen on save of entities - avniproject/avni-security#16, avniproject/avni-security#6 - Content Security Policy - Content Security Policy can be specified using the
csp.enabledandcsp.allowed.hostsproperty in application.properties - Check to make address_level_type mandatory - avniproject/avni-security#22
- Configurable Anti-csrf protection on all resources
- Add CORS support to avni-server
- Ability to blacklist urls using a
avni.blacklisted.urls-filefile specified in application.properties - Remove save/delete/post calls exposed via Spring Data-Rest endpoints
- Remove java stack trace from responses
- Parameterization of queries for Search
- Ability to set password policies in Keycloak
- Modify cookie attributes to add SameSite attribute to enhance security - avniproject/avni-security#17
Others
- Voided Relationship types can now be exported and imported in the bundle #584
- Prevention of sync problems when using direct assignment in conjunction with group subjects - avniproject/avni-client#1058
- Ensure subject migration syncs only to devices that belong to the catchment of the user - avniproject/avni-client#1115
- Prevent overlapping identifier assignments - avniproject/avni-webapp#1022 Documentation
Full Changelog: v4.0.1...v5.0.0