1.6.0-rc.2 (2022-06-30)

Changes NGINX Content-Security-Policy configuration to allow data urls as image src and adds data: to the forbidden keywords. (cedf240), closes #862
Fixes an occasional ConstraintViolationException that can only be caused by parallel processing of multiple requests from the same IP. (71c1c98), closes #828
HTTP status code is now set correctly for validation errors with JSON-RPC (400). Related to this, there is now a central place to handle exceptions with JSON-RPC and to configure the correct HTTP status code. (e0b98f7), closes #827
When checking incoming and entered data for possible attacks, case is now ignored for keywords. (a378e58), closes #864

In the .env (see .env.sample) now the configuration for the mail dispatch can be done. With this it is now possible to send notifications when new data has been transferred to the IRIS client (at the moment implemented for the data of an event). (4310bd0), closes #557 #858
Users can now use two-factor authentication with time-based one-time password (TOTP). If it is enabled, a TOTP is expected and verified by a corresponding app after the conventional login. To set up the app, the user is displayed a QR code by IRIS. It is also possible for the admin to activate this mandatorily via environment variable. If a 2FA is expected but has not yet been finally configured for a user with a successful verification, the QR code is displayed after the successful conventional login and the verification is performed. (03b915c), closes iris-connect/iris-backlog#251 #840

Provide feedback