Release 2.8.0
Release 2.8.0 is a major release which features a couple of important security updates: adding Content Security Policy headers to AtoM responses and updates to atom cookies. Please note that CSP headers are set to report-only for this release, but AtoM administrators should update the directives list in config/app.yml if their AtoM site has any outgoing requests to external sources.
This release also makes the Bootstrap 5 Dominion theme the default theme for new installations, and deprecates Bootstrap 2 themes (arDominionPlugin and arArchivesCanadaPlugin) since Bootstrap 2 is no longer officially supported. AtoM administrators should plan to switch to a Bootstrap 5 theme.
This release also brings a big list of features and enhancements including support for changing diacritics settings (more details in the documentation), adding an authority record rename option, and a dedicated tab that allows viewing failed jobs in AtoM.
A huge thanks to the community contributors who worked on features and bug fixes this release:
Features and enhancements:
- Added diacritics setting functionality #1684
- Set arDominionB5Plugin to be the default theme for new installations in AtoM #1632
- Added a Bootstrap 2 deprecation notice in the web UI #1642
- Added REST API support for physical storage object creation #1628
- Added a new REST API endpoint that allows changing of an information object's publication status #1624
- Added a tab for viewing failed jobs #1613
- Added an authority record rename module #1542
- Increased the PDF indexing limit to 16MB #13650
- Amharic made available in Weblate for translation
Security updates:
- Add CSP headers to AtoM responses #1646
- Update CSP header default to 'report-only' #1693
- secure and samesite flags added to AtoM cookies #1641
Bug fixes:
- Fixed difficult to read job logs #1715
- Fixed typo in API key label when editing user. #1713
- Fixed archival institution page's upload limit form has a broken field on BS5 theme #1710
- Fixed invalid static pages being created with invalid slugs #1703
- Fixed clipboard send feature no longer sending the request data as a form submission #1701
- Fixed some BS5 theme typography issues and inconsistencies #1698
- Fixed autocomplete during SKOS import pointing to descriptions instead of taxonomies #1696
- Updated the CSRF attack message to be more informative #1678
- Added proper page titles for better accessibility (WCAG (2.4.2)) #1673
- Added error handling for the rename-slug CLI tool #1666
- Fixed Dockerfile so that it no longer gives an error when it is trying to install a package from npm #1662
- Fixed incomplete terms being saved in the taxonomy when adding access points #1661
- Fixed identifier counter not incrementing when used to modify existing descriptions #1653
- Fixed the broken media-type option on digital object deriv regeneration task #1643
- Fixed global search institutional delimiters and advanced search link #1635
- Removed the repeated re-index warnings on running the build-nested-set task #1634
- Fixed an ACL check in the REST API's digital object create endpoint that was malformed #1630
- Added a task description for the password reset task #1611
- Fixed G4 analytics not tracking pageviews from clicks in full-width treeview #1606
- Fixed escape special characters setting no longer working in 2.7.x #1605
- Reduced noise in search results that was there due to indexing inherited creators #1598
- Fixed multi-line i18n strings #1704
- Fixed update function for 'Language and script notes'. #13657
- Updated BS5 navbar-toggler-icon to Font Awesome icon #1688
- Fixed RAD template fields not appearing when switching languages #1596
Dependency updates:
- Bumped postcss from 8.4.12 to 8.4.31
- Bumped postcss and resolve-url-loader
- Bumped @cypress/request from 2.88.10 to 3.0.1
- Bumped tough-cookie and @cypress/request
- Upgraded Cypress to v13.2
Also many thanks to the folks who reported security vulnerabilities for this release:
- Helder Gomes Silva #1641
Full Changelog: v2.7.3...v2.8.0