From cbabbb21c1e3c5c988e79e1d1f0fa6f03d43fd72 Mon Sep 17 00:00:00 2001 From: Nicolas Maillat Date: Tue, 31 Oct 2023 16:51:10 +0100 Subject: [PATCH] PHRAS-3942 4.1.8-rc7 changelog and .env typo fix (#4402) --- .env | 70 ++++++++++++++++++++++++++++++++++++++-------------- CHANGELOG.md | 65 ++++++++++++++++++++++++++++++++++++++++++++---- 2 files changed, 111 insertions(+), 24 deletions(-) diff --git a/.env b/.env index a72c96c854..a238f08cc3 100644 --- a/.env +++ b/.env @@ -134,7 +134,7 @@ PHRASEANET_DOCKER_REGISTRY=local # Docker images tag. # @run -PHRASEANET_DOCKER_TAG=4.1.8-rc7 +PHRASEANET_DOCKER_TAG=4.1.8-rc6 # Stack Name # An optionnal Name for the stack @@ -146,9 +146,11 @@ STACK_NAME= # Phrasea network Name, the name of Phrasea network and see by traefik # @run PHRASEA_NETWORK_NAME=ps_internal - +# @run PHRASEA_DOMAIN=phrasea.local +# @run PHRASEA_GATEWAY_IP=172.30.0.1 +# @run PHRASEA_COMPOSE_PROJECT_NAME=ps @@ -181,13 +183,15 @@ PHRASEANET_MAINTENANCE=0 # Activate restrictions # restrictions can be based # on IP and/or password -# @run # configuration exemple : # GATEWAY_ALLOWED_IPS=10.0.0.1,10.0.1.1 # GATEWAY_DENIED_IPS=172.1.0.1,172.1.0.2 # GATEWAY_USERS="user1:password1,user2:password2" +# @run GATEWAY_ALLOWED_IPS= +# @run GATEWAY_DENIED_IPS= +# @run GATEWAY_USERS= # https and reverse proxy (on/off) @@ -199,8 +203,7 @@ GATEWAY_FASTCGI_HTTPS=off # security that helps to detect and mitigate certain types of attacks, including Cross-Site Scripting ## @run ## GATEWAY_CSP="default-src 'self' 127.0.0.1 https://apiws.carrick-skills.com:8443 https://apiws.carrick-flow.com:8443 https://fonts.gstatic.com *.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com *.axept.io *.matomo.cloud *.newrelic.com *.nr-data.net https://www.googletagmanager.com *.google-analytics.com *.phrasea.io https://apiws.carrick-flow.com:8443 https://apiws.carrick-skills.com:8443 https://maxcdn.bootstrapcdn.com data: ; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.gstatic.com *.alchemyasp.com *.axept.io *.matomo.cloud *.newrelic.com https://www.googletagmanager.com https://apiws.carrick-flow.com:8443 https://apiws.carrick-skills.com:8443 https://maxcdn.bootstrapcdn.com data: blob: ; style-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://fonts.googleapis.com https://www.google.com https://www.gstatic.com https://apiws.carrick-flow.com:8443 https://apiws.carrick-skills.com:8443 https://maxcdn.bootstrapcdn.com ; img-src 'self' data: blob: *.tiles.mapbox.com https://axeptio.imgix.net *.cloudfront.net *.phrasea.io *.amazonaws.com https://apiws.carrick-flow.com:8443 https://apiws.carrick-skills.com:8443 https://maxcdn.bootstrapcdn.com https://www.gnu.org/graphics/ https://sockjs-eu.pusher.com:443 wss://ws-eu.pusher.com ; object-src 'self'; frame-ancestors 'self'" - - +# @run GATEWAY_CSP="default-src 'self' 127.0.0.1 https://sockjs-eu.pusher.com:443 wss://ws-eu.pusher.com https://apiws.carrick-skills.com:8443 https://apiws.carrick-flow.com:8443 https://fonts.gstatic.com *.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com *.axept.io *.matomo.cloud *.newrelic.com *.nr-data.net https://www.googletagmanager.com *.google-analytics.com *.phrasea.io https://apiws.carrick-flow.com:8443 https://apiws.carrick-skills.com:8443 data: ;script-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.gstatic.com *.alchemyasp.com *.axept.io *.matomo.cloud *.newrelic.com https://www.googletagmanager.com https://apiws.carrick-flow.com:8443 https://apiws.carrick-skills.com:8443 ;style-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://fonts.googleapis.com https://www.google.com https://www.gstatic.com https://apiws.carrick-flow.com:8443 https://apiws.carrick-skills.com:8443;img-src 'self' data: blob: *.tiles.mapbox.com https://axeptio.imgix.net *.cloudfront.net *.phrasea.io *.amazonaws.com https://apiws.carrick-flow.com:8443 https://apiws.carrick-skills.com:8443 ; object-src 'self';frame-ancestors 'self'" # --- RabbitMQ settings ------------------------------------------------------------------------------------------------ @@ -295,12 +298,15 @@ PHP_LOG_LEVEL=warning # PHP Handler used to store/retrieve data. # http://php.net/session.save-handler -# session handler can be "files" and path must be than +# session handler can be "files" and path must be than +# @run SESSION_SAVE_HANDLER=redis +# @run SESSION_SAVE_PATH=tcp://redis-session:6379 # PHP session cookies to be secured -#only works if the application is under ssl protection +# only works if the application is under ssl protection +# @run COOKIE_SECURE=false # FPM @@ -308,33 +314,38 @@ COOKIE_SECURE=false # Possible Values: # static - a fixed number (pm.max_children) of child processes; # dynamic - the number of child processes are set dynamically based on the +# @run FPM_PM_TYPE=dynamic # FPM # The number of child processes to be created when pm is set to 'static' and the # maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. +# @run FPM_MAXCHILDREN=9 # FPM # The number of child processes created on startup. # Note: Used only when pm is set to 'dynamic' - +# @run FPM_STARTSERVERS=3 # FPM # The desired minimum number of idle server processes. # Note: Used only when pm is set to 'dynamic' # Note: Mandatory when pm is set to 'dynamic' +# @run FPM_MINSPARESERVER=2 # FPM # The desired maximum number of idle server processes. # Note: Used only when pm is set to 'dynamic' # Note: Mandatory when pm is set to 'dynamic' +# @run FPM_MAXSPARESERVER=4 # FPM # The number of requests each child process should execute before respawning. +# @run FPM_MAX_REQUESTS=1000 # --- MySQL settings --------------------------------------------------------------------------------------------------- @@ -422,15 +433,15 @@ DB_BACKUP_GZIP_LEVEL=9 # Pusher settings used when PHRASEANET_DOWNLOAD_ASYNC=true (configuration.yml: download_async / enabled=true) -# key +# pusher key # @run PUSHER_AUTH_KEY -# secret +# pusher secret # @run PUSHER_SECRET -# app_id +# pusher app_id # @run PUSHER_APP_ID @@ -439,10 +450,10 @@ PUSHER_APP_ID # Cache setting type can be "redis" or "arraycache" # @run -# @install - PHRASEANET_CACHE_TYPE=redis +# @run PHRASEANET_CACHE_HOST=redis +# @run PHRASEANET_CACHE_PORT=6379 # --- Phraseanet general settings -------------------------------------------------------------------------------------- @@ -466,9 +477,10 @@ PHRASEANET_PROJECT_NAME=Phraseanet # An non declarative variable is generated for other uses needed for deploiment (helm for exemple) # Domain name used by traefik in Phrasea stack # @run -# @install PHRASEANET_HOSTNAME=phraseanet.phrasea.local +# @run PHRASEANET_SCHEME=http +# @run PHRASEANET_APP_PORT=8082 # Variables below used to define the first user / email couple : @@ -572,22 +584,34 @@ PHRASEANET_RABBITMQ_VHOST=/ PHRASEANET_RABBITMQ_HEARTBEAT=30 # --- Phraseanet Elasticsearch settings ------------------------------------------------------------------------------------- - -# @setup - +# They env variables are only used during installation process, edit configuration.yml file or use phraseanet admin GUI to modify them +# @install PHRASEANET_ELASTICSEARCH_HOST=elasticsearch +# @install PHRASEANET_ELASTICSEARCH_PORT=9200 +# @install PHRASEANET_ELASTICSEARCH_INDEX=null +# @install PHRASEANET_ELASTICSEARCH_SHARD=3 +# @install PHRASEANET_ELASTICSEARCH_REPLICAS=0 +# @install PHRASEANET_ELASTICSEARCH_MINSCORE=2 +# @install PHRASEANET_ELASTICSEARCH_HIGHLIGHT=true +# @install PHRASEANET_ELASTICSEARCH_MAXRESULTWINDOW=500000 -PHRASEANET_ELASTICSEARCH_POPULATEORDER=MODIFICATION_DATE +# @install +PHRASEANET_ELASTICSEARCH_POPULATEORDER=RECORD_ID +# @install PHRASEANET_ELASTICSEARCH_ACTIVETAB=null +# @install PHRASEANET_ELASTICSEARCH_FACET_BASE=10 +# @install PHRASEANET_ELASTICSEARCH_FACET_COLLECTION=10 +# @install PHRASEANET_ELASTICSEARCH_FACET_DOCTYPE=10 +# @install PHRASEANET_ELASTICSEARCH_FACET_ORIENTATION=10 @@ -932,10 +956,12 @@ PHRASEANET_FTP_DIR=./datas/ftp # # For dev who don't have SSH_AUTH_SOCK (avoid an empty volume name) +# @run SSH_AUTH_SOCK=/dev/null # Kubernet context needs full pod hosname on nginx reverse proxing # This is need for PHraseanet SAML context on K8S +# @run PHRASEANET_K8S_NAMESPACE= # @@ -943,11 +969,17 @@ PHRASEANET_K8S_NAMESPACE= # simplesamlphp as service provider for Phraseanet # must be associated to a plugin # on docker-compose staxk add the profile phraseanet-saml-sp - +# @run SAML_ALLOW_DEBUG=true +# @run SAML_PHRASEANET_HOST=http://127.0.0.1:8082 +# @run SAML_SP_CONFIG_DIR=./saml-config/ +# @run SAML_SP_AUTHSOURCES= +# @run SAML_SP_CERT_DIR=./saml-cert/ +# @run SAML_IDP_METADATA_CONFIG= +# @run SAML_IDP_METADATA_LOCAL_CONFIG_DIR=./saml-metadata/ diff --git a/CHANGELOG.md b/CHANGELOG.md index 48a2ecca3d..27e8f0fcd0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,30 +1,85 @@ # CHANGELOG +## 4.1.8-rc7 + +### Update instructions + +- Migration patch: + - Migration script for configuration file, (backup it is recommended). + - Doctrine migration for updating databases scheme, (backup it is recommended). + +`bin/setup system:upgrade`, run by setup container with docker if env `PHRASEANET_UPGRADE=1 ` + +### Version summary + + - Matomo Media metrics integration. + - Phrasea Expose client improvements. + - CSRF Security fix. + - Substitution is now available for all sub definitions. + - SMTP, TLS 1.0 deprecation, TLS is now the version by default in version 1.2. + - When image contains transparency, background color can be forced to a specific color. + +### Stack (docker compose) + + - It is not possible to define Custom CSP + +### What's Changed + +* PHRAS-3914 Lightbox - mobile fix matomo url by @aynsix in https://github.com/alchemy-fr/Phraseanet/pull/4377 +* PHRAS-3892 set content security policies (csp) as env vars by @moctardiouf in https://github.com/alchemy-fr/Phraseanet/pull/4375 +* PHRAS-3852_tiff-background-color by @jygaulier in https://github.com/alchemy-fr/Phraseanet/pull/4376 +* PHRAS-3909 : Prod - Expose cli - load more publications - add pagination by @aynsix in https://github.com/alchemy-fr/Phraseanet/pull/4379 +* PHRAS-3416 phraseanet-localization by @nmaillat in https://github.com/alchemy-fr/Phraseanet/pull/4380 +* PHRAS-3913 Prod - Shared Baskets - validation - Need to apply rights twice by @aynsix in https://github.com/alchemy-fr/Phraseanet/pull/4378 +* PHRAS-3857 Check CSRF token on Prod and Admin forms by @aynsix in https://github.com/alchemy-fr/Phraseanet/pull/4361 +* PHRAS-3061 Admin - subview definition - missmatch error between value set in form and slider limit by @aynsix in https://github.com/alchemy-fr/Phraseanet/pull/4389 +* PHRAS-3894 : bin/maintenance clean: - Removing BETA prefix and Memory leak by @aynsix in https://github.com/alchemy-fr/Phraseanet/pull/4391 +* PHRAS-3921 prod - expose-cli - became compatible with Phrasea V3 keycloak and fix by @aynsix in https://github.com/alchemy-fr/Phraseanet/pull/4384 +* PHRAS-3929 Compose Set redis version For SAML container by @nmaillat in https://github.com/alchemy-fr/Phraseanet/pull/4390 +* PHRAS-3930 matomo media tracking by @aynsix in https://github.com/alchemy-fr/Phraseanet/pull/4393 +* PHRAS-3921 expose-cli oauth token uri compatibility v2 v3 and asset title set by @aynsix in https://github.com/alchemy-fr/Phraseanet/pull/4392 +* PHRAS-3933 prod - 403 "invalide search token" - after "video tools" openning by @aynsix in https://github.com/alchemy-fr/Phraseanet/pull/4394 +* PHRAS-3922 show the button stop on phraseanet service pull process and feedback reminder by @aynsix in https://github.com/alchemy-fr/Phraseanet/pull/4397 +* PHRAS-3928_download_async by @jygaulier in https://github.com/alchemy-fr/Phraseanet/pull/4386 +* PHRAS-3939 : fix order create basket by @aynsix in https://github.com/alchemy-fr/Phraseanet/pull/4401 +* PHRAS-3900 Check TLS version use for email SMTP sending - TLS 1.0 of 1.1 deprecation by @aynsix in https://github.com/alchemy-fr/Phraseanet/pull/4382 +* PHRAS-3931_phraseanet_local_id_in_api by @jygaulier in https://github.com/alchemy-fr/Phraseanet/pull/4400 +* PHRAS-3934 fix videotools subtitle timeline by @aynsix in https://github.com/alchemy-fr/Phraseanet/pull/4398 +* PHRAS-3935 : phraseanet_local_id became instance_id by @aynsix in https://github.com/alchemy-fr/Phraseanet/pull/4396 +* PHRAS-3918_subdef-substituable-setting by @jygaulier in https://github.com/alchemy-fr/Phraseanet/pull/4381 + + +**Full Changelog**: https://github.com/alchemy-fr/Phraseanet/compare/4.1.8-rc6...4.1.8-rc7 + ## 4.1.8-rc6 ### Update instructions -- Migration patch: no patch to play, just run upgrade for bump version -- Elasticsearch index action : a "drop", "create", "populate" of elasticsearch index can be useful. +- Migration patch: yes, so primary datastore require a backup before performing an update +- Elasticsearch index action : a "drop", "create", "populate" of elasticsearch index can be usefull. ### Version summary - - Improvement and bugfix + - bugfix an minor improvement (todo) ### Stack (docker compose) - PHP setting improvement - FPM setting improvement -## What's Changed +### What's Changed + * PHRAS-3893 prod - advanced search - control calendar missing for created_on and updated_on by @aynsix in https://github.com/alchemy-fr/Phraseanet/pull/4360 * PHRAS-3785 update composer dependencies for imagine by @moctardiouf in https://github.com/alchemy-fr/Phraseanet/pull/4362 * PHRAS-3252 Prod - Export - The captions are not being sent when doing an export by email by @aynsix in https://github.com/alchemy-fr/Phraseanet/pull/4363 * PHRAS-3387 php fpm optimization by @moctardiouf in https://github.com/alchemy-fr/Phraseanet/pull/4364 * PHRAS-3890: Admin - add "auth failure" - display and purge auth failure - only for super U by @aynsix in https://github.com/alchemy-fr/Phraseanet/pull/4368 * PHRAS-3903 Admin - object inspector - record index debug tools by @aynsix in https://github.com/alchemy-fr/Phraseanet/pull/4369 -* PHRAS-3904 Add server port on fastcgi - SAML multi provider support https conf by @moctardiouf in https://github.com/alchemy-fr/Phraseanet/pull/4370 +* PHRAS-3904 Add server port on fastcgi https conf by @moctardiouf in https://github.com/alchemy-fr/Phraseanet/pull/4370 +* PHRAS-3416 phraseanet localization by @nmaillat in https://github.com/alchemy-fr/Phraseanet/pull/4371 +* PHRAS-3826 add mask password argument by @aynsix in https://github.com/alchemy-fr/Phraseanet/pull/4372 * PHRAS-3889 Worker - metadata write - mime/type whitelist - write metadatas only on whitelisted files by @aynsix in https://github.com/alchemy-fr/Phraseanet/pull/4366 +* PHRAS-3901 release version 4.1.8-rc6 by @nmaillat in https://github.com/alchemy-fr/Phraseanet/pull/4365 * PHRAS-3910 fix redis php extension build by @moctardiouf in https://github.com/alchemy-fr/Phraseanet/pull/4373