All notable changes to this project will be documented in this file.
[0.8.1] - 2022-11-07
- Make time zone configurable via server properties during runtime, but only in debug mode.
- Extended documentation on role and entity permissions
[0.8.0] - 2022-07-12
- Configurable requirements for user names and passwords. The default is the old hard-coded configuration.
- Minimal changes to the error messages for invalid user names and passwords.
[0.7.3] - 2022-05-03
misc/pam_authentication/ldap.confis not used for configuring the
ldap_authentication.shscript anymore. Use
misc/pam_authentication/ldap.envinstead and view the documentation inside the file itself for more information.
- caosdb-server#142 Can’t create users with dots in their user names
ldap_authentication.sh <username>failed on every attempt when used in combination with OpenLDAP with default configuration.
ldap_authentication.shallowed empty and even wrong passwords when used in combination with MS Active Directory when AD is configured to allow binding with an empty password.
ldap_authentication.shallowed empty and even wrong passwords when used in combination with MS Active Directory when AD is configured to allow binding with an empty password. This is only relevant for non-default configurations of the
PAM.pam_scriptoption in the
[0.7.2] - 2022-03-25
This is an important security update.
- Implementation for the ACM GRPC-API (caosdb-proto 0.2)
- Implementation for the EntityACL GRPC-API (caosdb-proto 0.2)
- Wrong serialization of date time values in the GRPC-API (resulting in org.caosdb.server.datatime@12347abcd or similar).
- Missing serialization of file descriptors in the GRPC-API during retrievals.
- caosdb-server#131 Query: AND does not work with sub-properties
- Add previously missing
- caosdb-server#132 Query: subproperties should not require parentheses
- caosdb-server#174 GRPC-API: Server should gracefully handle non-file entities with file-like attributes.
- caosdb-server#217 Server gets list property datatype wrong if description is updated.
- caosdb-server#220 Entities can be retrieved via GRPC despite insufficient permissions.
- caosdb-server#221 Unknown error during update of property leaving out datatype.
- caosdb-server#223 State is being leaked even though RETRIEVE:ENTITY permission is not granted.
[v0.7.1] - 2021-12-13
This is an important security update.
[v0.6.1] - 2021-11-13 [YANKED]
This version’s release was pulled after some problems during the release process. It is identical to v0.7.1
[v0.6.0] - 2021-11-17
- Endpoint for CaosDB GRPC API 0.1 (see https://gitlab.com/caosdb-proto.git for
Authentication is supported via a Basic scheme, using the well-known
Notable limitations of the current implementation of the API:
- It is currently not possible to mix retrievals (caosdb.entity.v1.RetrieveRequest) with any other transaction type - so transaction are either read-only or write-only. The server throws an error if it finds mixed read/write transactions.
- It is currently not possible to have more that one query (caosdb.entity.v1.Query) in a single transaction. The server throws an error if it finds more than one query.
- Legacy XML/HTTP API (also known as the REST API). The API will not be removed until the web interface (caosdb-webui) and the python client libraries have been updated and freed from any dependencies. However, new clients should not implement this API anymore.
[v0.5.0] - 2021-10-19
- An openAPI specification of the XML api
- New server configuration option
SERVER_BIND_ADDRESS, which is the address to listen to. See server.conf.
IdOnlyflag (see https://gitlab.indiscale.com/caosdb/src/caosdb-server/-/issues/187). The flags was not working anyways. However,
SELECT id FROM ...queries are now optimized in the way the
IdOnlyflag was supposed to do.
- #181 CQL’s
- #183 No reasonable error when using bad datetime format. (https://gitlab.indiscale.com/caosdb/src/caosdb-server/-/issues/183)
- #127 “nan” as value (list item) in properties with data type “LIST
” return with “Cannot parse value to double” error.
- #170 Updating an abstract list-type property with a default value fails with “unkown error”.
- #145 Documentation of importances and inheritance
- Missing sources of the easy-unit dependency.
- #178 Formatting of tables in documentation
[v0.4.0] - 2021-06-21
- Related to #146, a new flag for entities and complete transactions:
force-missing-obligatory=[ignore|warn|error]. The flag overrides the default behavior of the server (throwing an error when an obligatory property is missing).
ignorejust discards the consistency check,
warnonly issues a warning when obligatory properties are missing and
errorthrows an error in that case. The flag can be set for the complete transaction and each single entity, while the entity flag takes precedence.
- New EntityState plug-in. The plug-in disabled by default and can be enabled
by setting the server property
EXT_ENTITY_STATE=ENABLED. See !62 for more information.
ETagproperty for the query. The
ETagis assigned to the query cache each time the cache is cleared (currently whenever the server state is being updated, i.e. the stored entities change). This can be used to debug the query cache and also allows a client to determine whether the server’s state has changed between queries.
- Basic caching for queries. The caching is enabled by default and can be controlled by the usual “cache” flag.
- Documentation for the overall server structure.
SINCEkeywords for query transaction
- The default session timeout changed from 10 min to 60 min. Please set it to
your needs via the server config option
- #146 - Default behavior for missing obligatory properties
- #131 - CQL Parsing error when white space characters before some units.
- #134 - CQL Parsing error when multiple white space characters after
- #130 - Error during
- #125 -
bend_symlinksscript did not allow whitespace in filename.
- #122 - Dead-lock due to error in the DatabaseAccessManager.
- #120 - Editing entities that were created with a no longer existing user leads to a server error.
- #31 - Queries with keywords in the path (e.g.
... STORED AT 0in.txt)
- #116 - Queries
FIND [ANY VERSION OF] *and
FIND [ANY VERSION OF] ENTITY.
[0.3.0] - 2021-02-10
- New version history feature. The “H” container flag retrieves the full version history during a transaction (e.g. during Retrievals) and constructs a tree of successors and predecessors of the requested entity version.
- New query functionality:
ANY VERSION OFmodifier. E.g.
FIND ANY VERSION OF RECORD WITH pname=valreturns all current and old versions of records where
pname=val. For further information, examples and limitations see the wiki page on CQL
- New server property
SERVER_SIDE_SCRIPTING_BIN_DIRSwhich accepts a comma or space separated list as values. The server looks for scripts in all directories in the order or the list and uses the first matching file.
- Automated documentation builds:
- Server can be started without TLS even when not in debug mode.
- Select queries would originally only select the returned properties by their names and would not check if a property is a subtype of a selected property. This has changed now and select queries will also return subtypes of selected properties.
SERVER_SIDE_SCRIPTING_BIN_DIRproperty is deprecated.
SERVER_SIDE_SCRIPTING_BIN_DIRSshould be used instead (note the plural form!)
- Text user interface (CaosDBTerminal).
- Bug: When the user password is updated the user is deactivated.
- Semi-fixed a bug which occurs when retrieving old versions of entities which reference entities which have been deleted in the mean time. The current fix adds a warning message to the reference property in question and sets the value to NULL. This might even be desired behavior, however this would have to finally specified during the Delete/Forget phase of the implementation of the versioning.
- Inheritance job cannot handle inheritance from same container (!54)
- Bug in the query parser (MR!56) - The parser would throw an error when the query contains a conjunction or disjunction filter with a first element which is another disjunction or conjunction and being wrapped into parenthesis.
[0.2.0] - 2020-09-02
- Support for deeply nested selectors in SELECT queries.
- One-time Authentication Tokens for login without credentials and login with particular permissions and roles for the course of the session.
Entity/namesresource for retrieving all known entity names.
- Scripting is simplified by adding a
homedirectory, of which a copy is created for each called script and set as the
- bend_symlinks.sh (version 0.1, experimental) fix broken symlinks in the internal file system. See README.md
- move_files.py (version 0.1, experimental) Script for moving files (change their path) in the internal file system based on a two-column tsv file (with columns “from” and “to”). See README.md.
- LDAP server may now be given and may be different from LDAP domain. See
- #47 - Sub-properties can now be queried, such as in
SELECT window.width FROM house.
- Added support for versioning, if it is enabled on the backend.
- All caosdb server java classes moved from
org.caosdb.[...]because the new root package is compliant with the java package naming conventions while the old was not. This has some implications for configuring the server. See README_SETUP.md, section “Migration” for additional information.
- The server by default now only serves TLS 1.2 and 1.3, all previous versions have been disabled in the default settings. Make sure that your clients (especially the Python client) are up to date.
- Missing handling of list of reference properties in SELECT queries.
- #51 - name queries (e.g.
FIND ENTITY WITH name = ...)
- #27 - star matches slashes (e.g. for
FIND ... STORED AT /*.dat).
- #30 - file path cannot be in quotes
- #46 - Server-side scripting failed as an unprivileged user because there was no writable home directory.
- NaN Double Values (see #41)
- #14 - Handle files on file system without File entity: Those entries are returned without ID but with a notice now.
- #11 - pam_authentication leaks the password to unprivileged processes on the same machine.
- #39 - quotes around datetimes in queries
- #99 - Checksum updating resulted in infinite loop on server.
Security (in case of vulnerabilities)
- TLS is by default restricted to v1.2 and v1.3 now.
- #11 - PAM and LDAP authentication no longer leak the password to unprivileged processes on the same machine.
- #68 - Shadow sensitive information when logging for debugging purposes.