v1.6.0-rc.1

1.6.0-rc.1 (2022-06-22)

Bug Fixes

• add support for multi-column sort query parameters (fixes broken table sort of iris-message list) (9daf6a1), closes #801
• Dependencies: Updates version of jackson-databind to fix the vulnerability: avd.aquasec.com/nvd/cve-2020-36518 (84a4b04)
• Deps: updates Spring Boot to 2.6.6 to fix the vulnerability avd.aquasec.com/nvd/cve-2022-22965 (46a50b5)
• fix dependabot security alert and update multiple npm dependencies (7b71e64), closes #729
• fix e2e tests by correcting the spec order (53fd088), closes #764
• Fixes a validation error when changing user data of admins. This could lead to an admin not being able to change their data under certain circumstances (only admin and role not transferred with). (61f6bc3), closes #703
• ga-gotham config tls communication between internal eps (4b6cf41)
• removed line breaks at the end of certificates. (64104a0)

Features

• For JSON-RPC calls (calls from EPS), the client name submitted by EPS is now used as user (if available). Thus, the metadata of records created via JSON-RPC now also contain a user as creator and it is easier to see by whom the data was created. (71ff56f), closes #826
• Messages: Messages can now be used to exchange guests of events between health departments. This makes it possible to transmit the guests received through a data request to the responsible department. The data can be transferred directly from the event overview to a message or can also be added to a message as an attachment. This is the beginning, more data types will follow. (9c3c8cd), closes #640
• Messages: Messages can now be used to exchange vaccination reports between health departments. This makes it possible to transmit received records to the appropriate department through a data transfer. The data can be transferred directly from the vaccination report overview to a message or can also be added as an attachment to a message. (64636ba), closes #762
• Old messages are deleted after a configurable time (default is after 180 days) with all associated data. (d768632), closes #773
• The authentication tokens (JWT) now retain their validity beyond the restart of the IRIS client. This means that, ideally, users notice only little of a restart of the application. (2442685), closes #804
• The client backend now also supports the use of a refresh token, which can be used to extend the short validity of the authentication. This makes it more convenient to use, especially in conjunction with a two-factor authentication. (b20ed86), closes #803
• The client is now a bit more secure against attacks and authentication token (JWT) stealing. For this, the JWT is now transferred and processed in HTTP-only cookies. In this context, XSRF protection with XSRF-TOKEN cookies has also been enabled. (ae25da8), closes #802
• Users are no longer deleted immediately, but marked as deleted. The marked users can no longer be used and are no longer displayed. However, the data is still available, for example, for working with the audit logs. After all references to the users are deleted according to the respective deadline or after a specified time, the users are finally anonymized. Procedure and time periods are configurable. (a913eaf), closes iris-connect/iris-backlog#235 #761
• Users can be marked as locked. This makes it possible to temporarily lock users when they are absent. The locked users are not deleted, they are still available in the overview, but cannot be used for a login. (68d55ec), closes #775