PHRAS-3942 4.1.8-rc7 changelog and .env typo fix

.env

@@ -134,7 +134,7 @@ PHRASEANET_DOCKER_REGISTRY=local
 
 # Docker images tag.
 # @run
-PHRASEANET_DOCKER_TAG=4.1.8-rc7
+PHRASEANET_DOCKER_TAG=4.1.8-rc6
 
 # Stack Name
 # An optionnal Name for the stack
@@ -146,9 +146,11 @@ STACK_NAME=
 # Phrasea network Name, the name of Phrasea network and see by traefik
 # @run
 PHRASEA_NETWORK_NAME=ps_internal
-
+# @run
 PHRASEA_DOMAIN=phrasea.local
+# @run
 PHRASEA_GATEWAY_IP=172.30.0.1
+# @run
 PHRASEA_COMPOSE_PROJECT_NAME=ps
 
 
@@ -181,13 +183,15 @@ PHRASEANET_MAINTENANCE=0
 # Activate restrictions
 # restrictions can be based 
 # on IP and/or password
-# @run
 # configuration exemple :
 # GATEWAY_ALLOWED_IPS=10.0.0.1,10.0.1.1
 # GATEWAY_DENIED_IPS=172.1.0.1,172.1.0.2
 # GATEWAY_USERS="user1:password1,user2:password2"
+# @run
 GATEWAY_ALLOWED_IPS=
+# @run
 GATEWAY_DENIED_IPS=
+# @run
 GATEWAY_USERS=
 
 # https and reverse proxy (on/off)
@@ -199,8 +203,7 @@ GATEWAY_FASTCGI_HTTPS=off
 # security that helps to detect and mitigate certain types of attacks, including Cross-Site Scripting
 ## @run 
 ## GATEWAY_CSP="default-src 'self' 127.0.0.1 https://apiws.carrick-skills.com:8443 https://apiws.carrick-flow.com:8443 https://fonts.gstatic.com *.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com *.axept.io *.matomo.cloud *.newrelic.com *.nr-data.net https://www.googletagmanager.com *.google-analytics.com *.phrasea.io https://apiws.carrick-flow.com:8443 https://apiws.carrick-skills.com:8443  https://maxcdn.bootstrapcdn.com data: ; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.gstatic.com *.alchemyasp.com *.axept.io *.matomo.cloud *.newrelic.com https://www.googletagmanager.com https://apiws.carrick-flow.com:8443 https://apiws.carrick-skills.com:8443  https://maxcdn.bootstrapcdn.com  data: blob: ; style-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://fonts.googleapis.com https://www.google.com https://www.gstatic.com https://apiws.carrick-flow.com:8443 https://apiws.carrick-skills.com:8443  https://maxcdn.bootstrapcdn.com ; img-src 'self'  data: blob: *.tiles.mapbox.com https://axeptio.imgix.net *.cloudfront.net *.phrasea.io *.amazonaws.com https://apiws.carrick-flow.com:8443 https://apiws.carrick-skills.com:8443  https://maxcdn.bootstrapcdn.com https://www.gnu.org/graphics/ https://sockjs-eu.pusher.com:443 wss://ws-eu.pusher.com ; object-src 'self'; frame-ancestors 'self'"
-
-
+# @run
 GATEWAY_CSP="default-src 'self' 127.0.0.1 https://sockjs-eu.pusher.com:443 wss://ws-eu.pusher.com https://apiws.carrick-skills.com:8443 https://apiws.carrick-flow.com:8443 https://fonts.gstatic.com *.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com *.axept.io *.matomo.cloud *.newrelic.com *.nr-data.net https://www.googletagmanager.com *.google-analytics.com *.phrasea.io https://apiws.carrick-flow.com:8443 https://apiws.carrick-skills.com:8443 data: ;script-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.gstatic.com *.alchemyasp.com *.axept.io *.matomo.cloud *.newrelic.com https://www.googletagmanager.com https://apiws.carrick-flow.com:8443 https://apiws.carrick-skills.com:8443 ;style-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://fonts.googleapis.com https://www.google.com https://www.gstatic.com https://apiws.carrick-flow.com:8443 https://apiws.carrick-skills.com:8443;img-src 'self' data: blob: *.tiles.mapbox.com https://axeptio.imgix.net *.cloudfront.net *.phrasea.io *.amazonaws.com https://apiws.carrick-flow.com:8443 https://apiws.carrick-skills.com:8443 ; object-src 'self';frame-ancestors 'self'"
 
 # --- RabbitMQ settings ------------------------------------------------------------------------------------------------
@@ -295,46 +298,54 @@ PHP_LOG_LEVEL=warning
 
 # PHP Handler used to store/retrieve data.
 # http://php.net/session.save-handler
-# session handler can be "files" and path must be than 
+# session handler can be "files" and path must be than
+# @run
 SESSION_SAVE_HANDLER=redis
+# @run
 SESSION_SAVE_PATH=tcp://redis-session:6379
 
 # PHP session cookies to be secured 
-#only works if the application is under ssl protection
+# only works if the application is under ssl protection
+# @run
 COOKIE_SECURE=false
 
 # FPM
 # Choose how the process manager will control the number of child processes.
 # Possible Values:
 # static  - a fixed number (pm.max_children) of child processes;
 # dynamic - the number of child processes are set dynamically based on the
+# @run
 FPM_PM_TYPE=dynamic
 
 # FPM
 # The number of child processes to be created when pm is set to 'static' and the
 # maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
+# @run
 FPM_MAXCHILDREN=9
 
 # FPM
 # The number of child processes created on startup.
 # Note: Used only when pm is set to 'dynamic'
-
+# @run
 FPM_STARTSERVERS=3
 
 # FPM
 # The desired minimum number of idle server processes.
 # Note: Used only when pm is set to 'dynamic'
 # Note: Mandatory when pm is set to 'dynamic'
+# @run
 FPM_MINSPARESERVER=2
 
 # FPM
 # The desired maximum number of idle server processes.
 # Note: Used only when pm is set to 'dynamic'
 # Note: Mandatory when pm is set to 'dynamic'
+# @run
 FPM_MAXSPARESERVER=4
 
 # FPM 
 # The number of requests each child process should execute before respawning.
+# @run
 FPM_MAX_REQUESTS=1000
 
 # --- MySQL settings ---------------------------------------------------------------------------------------------------
@@ -422,15 +433,15 @@ DB_BACKUP_GZIP_LEVEL=9
 
 # Pusher settings used when PHRASEANET_DOWNLOAD_ASYNC=true (configuration.yml: download_async / enabled=true)
 
-# key
+#  pusher key
 # @run
 PUSHER_AUTH_KEY
 
-# secret
+# pusher secret
 # @run
 PUSHER_SECRET
 
-# app_id
+# pusher app_id
 # @run
 PUSHER_APP_ID
 
@@ -439,10 +450,10 @@ PUSHER_APP_ID
 
 # Cache setting type can be "redis" or "arraycache"
 # @run
-# @install
-
 PHRASEANET_CACHE_TYPE=redis
+# @run
 PHRASEANET_CACHE_HOST=redis
+# @run
 PHRASEANET_CACHE_PORT=6379
 
 # --- Phraseanet general settings --------------------------------------------------------------------------------------
@@ -466,9 +477,10 @@ PHRASEANET_PROJECT_NAME=Phraseanet
 # An non declarative variable is generated for other uses needed for deploiment (helm for exemple)
 # Domain name used by traefik in Phrasea stack
 # @run
-# @install
 PHRASEANET_HOSTNAME=phraseanet.phrasea.local
+# @run
 PHRASEANET_SCHEME=http
+# @run
 PHRASEANET_APP_PORT=8082
 
 # Variables below used to define the first user / email couple :
@@ -572,22 +584,34 @@ PHRASEANET_RABBITMQ_VHOST=/
 PHRASEANET_RABBITMQ_HEARTBEAT=30
 
 # --- Phraseanet Elasticsearch  settings -------------------------------------------------------------------------------------
-
-# @setup
-
+# They env variables are only used during installation process, edit configuration.yml file or use phraseanet admin GUI to modify them
+# @install
 PHRASEANET_ELASTICSEARCH_HOST=elasticsearch
+# @install
 PHRASEANET_ELASTICSEARCH_PORT=9200
+# @install
 PHRASEANET_ELASTICSEARCH_INDEX=null
+# @install
 PHRASEANET_ELASTICSEARCH_SHARD=3
+# @install
 PHRASEANET_ELASTICSEARCH_REPLICAS=0
+# @install
 PHRASEANET_ELASTICSEARCH_MINSCORE=2
+# @install
 PHRASEANET_ELASTICSEARCH_HIGHLIGHT=true
+# @install
 PHRASEANET_ELASTICSEARCH_MAXRESULTWINDOW=500000
-PHRASEANET_ELASTICSEARCH_POPULATEORDER=MODIFICATION_DATE
+# @install
+PHRASEANET_ELASTICSEARCH_POPULATEORDER=RECORD_ID
+# @install
 PHRASEANET_ELASTICSEARCH_ACTIVETAB=null
+# @install
 PHRASEANET_ELASTICSEARCH_FACET_BASE=10
+# @install
 PHRASEANET_ELASTICSEARCH_FACET_COLLECTION=10
+# @install
 PHRASEANET_ELASTICSEARCH_FACET_DOCTYPE=10
+# @install
 PHRASEANET_ELASTICSEARCH_FACET_ORIENTATION=10
 
 
@@ -932,22 +956,30 @@ PHRASEANET_FTP_DIR=./datas/ftp
 #
 
 # For dev who don't have SSH_AUTH_SOCK (avoid an empty volume name)
+# @run
 SSH_AUTH_SOCK=/dev/null
 
 # Kubernet context needs full pod hosname on nginx reverse proxing 
 # This is need for PHraseanet  SAML context on K8S
+# @run
 PHRASEANET_K8S_NAMESPACE=
 
 #
 # SAML Service provider setting 
 # simplesamlphp as service provider for Phraseanet
 # must be associated to a plugin
 # on docker-compose staxk add the profile phraseanet-saml-sp
-
+# @run
 SAML_ALLOW_DEBUG=true
+# @run
 SAML_PHRASEANET_HOST=http://127.0.0.1:8082
+# @run
 SAML_SP_CONFIG_DIR=./saml-config/
+# @run
 SAML_SP_AUTHSOURCES=
+# @run
 SAML_SP_CERT_DIR=./saml-cert/
+# @run
 SAML_IDP_METADATA_CONFIG=
+# @run
 SAML_IDP_METADATA_LOCAL_CONFIG_DIR=./saml-metadata/

CHANGELOG.md

@@ -1,30 +1,85 @@
 # CHANGELOG
 
+## 4.1.8-rc7
+
+### Update instructions
+
+- Migration patch: 
+  - Migration script for configuration file, (backup it is  recommended).
+  - Doctrine migration for updating databases scheme, (backup it is  recommended). 
+
+`bin/setup system:upgrade`, run by setup container with docker if env `PHRASEANET_UPGRADE=1 ` 
+
+### Version summary
+
+ - Matomo Media metrics integration.
+ - Phrasea Expose client improvements. 
+ - CSRF Security fix.
+ - Substitution is now available for all sub definitions.
+ - SMTP, TLS 1.0 deprecation, TLS is now the version by default in version 1.2.
+ - When image contains transparency, background color can be forced to a specific color.
+
+### Stack (docker compose)
+
+   -  It is not possible to define Custom CSP
+
+### What's Changed
+
+* PHRAS-3914 Lightbox - mobile fix matomo url by @aynsix in https://github.com/alchemy-fr/Phraseanet/pull/4377
+* PHRAS-3892 set content security policies (csp) as env vars by @moctardiouf in https://github.com/alchemy-fr/Phraseanet/pull/4375
+* PHRAS-3852_tiff-background-color by @jygaulier in https://github.com/alchemy-fr/Phraseanet/pull/4376
+* PHRAS-3909 : Prod - Expose cli - load more publications - add pagination by @aynsix in https://github.com/alchemy-fr/Phraseanet/pull/4379
+* PHRAS-3416 phraseanet-localization by @nmaillat in https://github.com/alchemy-fr/Phraseanet/pull/4380
+* PHRAS-3913 Prod - Shared Baskets - validation - Need to apply rights twice by @aynsix in https://github.com/alchemy-fr/Phraseanet/pull/4378
+* PHRAS-3857 Check CSRF token on Prod and Admin forms by @aynsix in https://github.com/alchemy-fr/Phraseanet/pull/4361
+* PHRAS-3061 Admin - subview definition - missmatch error between value set in form and slider limit by @aynsix in https://github.com/alchemy-fr/Phraseanet/pull/4389
+* PHRAS-3894 : bin/maintenance clean: - Removing BETA prefix and Memory leak by @aynsix in https://github.com/alchemy-fr/Phraseanet/pull/4391
+* PHRAS-3921 prod - expose-cli - became compatible with Phrasea V3 keycloak and fix by @aynsix in https://github.com/alchemy-fr/Phraseanet/pull/4384
+* PHRAS-3929  Compose Set redis version For SAML container by @nmaillat in https://github.com/alchemy-fr/Phraseanet/pull/4390
+* PHRAS-3930 matomo media tracking by @aynsix in https://github.com/alchemy-fr/Phraseanet/pull/4393
+* PHRAS-3921 expose-cli oauth token uri compatibility v2 v3 and asset title set  by @aynsix in https://github.com/alchemy-fr/Phraseanet/pull/4392
+* PHRAS-3933 prod - 403 "invalide search token" - after "video tools" openning by @aynsix in https://github.com/alchemy-fr/Phraseanet/pull/4394
+* PHRAS-3922 show the button stop on phraseanet service pull process and feedback reminder by @aynsix in https://github.com/alchemy-fr/Phraseanet/pull/4397
+* PHRAS-3928_download_async by @jygaulier in https://github.com/alchemy-fr/Phraseanet/pull/4386
+* PHRAS-3939 : fix order create basket by @aynsix in https://github.com/alchemy-fr/Phraseanet/pull/4401
+* PHRAS-3900 Check TLS version use for email SMTP sending - TLS 1.0 of 1.1 deprecation by @aynsix in https://github.com/alchemy-fr/Phraseanet/pull/4382
+* PHRAS-3931_phraseanet_local_id_in_api by @jygaulier in https://github.com/alchemy-fr/Phraseanet/pull/4400
+* PHRAS-3934 fix videotools subtitle timeline by @aynsix in https://github.com/alchemy-fr/Phraseanet/pull/4398
+* PHRAS-3935 :  phraseanet_local_id became instance_id by @aynsix in https://github.com/alchemy-fr/Phraseanet/pull/4396
+* PHRAS-3918_subdef-substituable-setting by @jygaulier in https://github.com/alchemy-fr/Phraseanet/pull/4381
+
+
+**Full Changelog**: https://github.com/alchemy-fr/Phraseanet/compare/4.1.8-rc6...4.1.8-rc7
+
 ## 4.1.8-rc6
 
 ### Update instructions
 
-- Migration patch: no patch to play, just run upgrade for bump version 
-- Elasticsearch index action : a "drop", "create", "populate" of elasticsearch index can be useful.
+- Migration patch: yes, so primary datastore require a backup before performing an update
+- Elasticsearch index action : a "drop", "create", "populate" of elasticsearch index can be usefull.
 
 ### Version summary
 
- - Improvement and bugfix
+ - bugfix an minor improvement (todo)
 
 ### Stack (docker compose)
 
  - PHP setting improvement 
  - FPM setting improvement 
 
-## What's Changed
+### What's Changed
+
 * PHRAS-3893 prod - advanced search - control calendar missing for created_on and updated_on by @aynsix in https://github.com/alchemy-fr/Phraseanet/pull/4360
 * PHRAS-3785 update composer dependencies for imagine by @moctardiouf in https://github.com/alchemy-fr/Phraseanet/pull/4362
 * PHRAS-3252 Prod - Export - The captions are not being sent when doing an export by email by @aynsix in https://github.com/alchemy-fr/Phraseanet/pull/4363
 * PHRAS-3387 php fpm optimization by @moctardiouf in https://github.com/alchemy-fr/Phraseanet/pull/4364
 * PHRAS-3890: Admin - add "auth failure" - display and purge auth failure - only for super U by @aynsix in https://github.com/alchemy-fr/Phraseanet/pull/4368
 * PHRAS-3903 Admin - object inspector - record index debug tools by @aynsix in https://github.com/alchemy-fr/Phraseanet/pull/4369
-* PHRAS-3904 Add server port on fastcgi - SAML multi provider support https conf by @moctardiouf in https://github.com/alchemy-fr/Phraseanet/pull/4370
+* PHRAS-3904 Add server port on fastcgi https conf by @moctardiouf in https://github.com/alchemy-fr/Phraseanet/pull/4370
+* PHRAS-3416 phraseanet localization by @nmaillat in https://github.com/alchemy-fr/Phraseanet/pull/4371
+* PHRAS-3826 add mask password argument by @aynsix in https://github.com/alchemy-fr/Phraseanet/pull/4372
 * PHRAS-3889 Worker - metadata write - mime/type whitelist - write metadatas only on whitelisted files by @aynsix in https://github.com/alchemy-fr/Phraseanet/pull/4366
+* PHRAS-3901 release version 4.1.8-rc6 by @nmaillat in https://github.com/alchemy-fr/Phraseanet/pull/4365
 * PHRAS-3910 fix redis php extension build by @moctardiouf in https://github.com/alchemy-fr/Phraseanet/pull/4373