Changes in version 5.0.8 Fix multilang export of questionnaires (#4190) Bump client dependencies to latest version Update translations Changes in version 5.0.7 Revise implementation of form validation Implement language changes on ng-bootstrap datepicker Revise internationalization issues Revise admin sidebar menu fixing "Channels" link Bump client dependencies to latest version Update translations Changes in version 5.0.6 Change text "Postpone the expiration date" to "Edit the expiration date" (#4175) Revise reports' statuses configuration (#4177) Fix regression on reports search introduced in release 5.0.0 (#4184) Correct missing translation for "Privacy" and "Whistleblowing" policies link Update list of italian ministries and authorities using the software Revise description of the software adding reference to DPG recognition Update client dependencies to latest versions Update translations Changes in version 5.0.5 Fix regression #4181 Apply accessibility fixes as for ticket #3998 Update client dependencies to latest version Update translations Changes in version 5.0.4 Apply accessibility fixes as for ticket #3998 Preserve newlines during markdown rendering (#4179) Fix internationalization issue on report page Disable caching of Tor descriptors Preserve newlines during markdown rendering (#4179) Fix internationalization issue on report page Revise session implementation fixing file downloads bug introduced in 5.0.3 Update client dependencies to latest version Update translations Changes in version 5.0.3 Implement encrypted sessions minimizing exposure of users keys Revise implementation of questionnaires' step navigation Make new reports expire at 23:59:59 UTC Fix visualization of disabled reminder showing incorrecly as '3000-01-01' Fix issue #4172 [doc] Update application security spec with detail on session encryption [doc] Update documentation about usage of Angualar in place of AngularJS [doc] Revise software features descriptions [doc] Update list of italian public agencies using the software [doc] Update documentation images Bump client dependencies to latest version Update translations Changes in version 5.0.2 Fix loading of channels when context id is provided as URL parameter Fix implementation of file enabler in relation to 2fa confirmation Implement few fixes as by suggestion #4058 Add version bump script Update client dependencies to latest version Changes in version 5.0.1 Avoid to send emails when handlers exceed execution threshold Enable to use markdown in ToSs' labels Correct login interface for admin in relation to simplified login Revise interface showing files on related questions Bump client dependencies to latest version [ci] Revise tests and improve screenshots collection [doc] Update documentation images Changes in version 5.0.0 Implement full client rewrite on the base of Angular 18 and Bootstrap 5 Display report expiration date changes on report page (#4116) Display report status changes and their motivations on report page. (#4115) Bump client dependencies to latest version Update translations Changes in version 4.15.9 Fix setting of expiration date upon report repopening Bump npm dependencies to latest versions Update translations Changes in version 4.15.8 Revert raising of proof of work token complexity requiring more testing Bump npm dependencies to latest versions Update translations Changes in version 4.15.7 Apply proof of work to sessions renewal Implement rate limiting on whistleblowers' reports and attachments Implement cache reset when a configuration variable is varied with gl-admin Revise reminder implementation in relation to ticket #4121 Fix bell icon indicating reports with active reminder date Ensure app shows app after loading all the translations Silence reporting of exceptions of type sqlalchemy.exc.OperationalError Bump npm dependencies to latest versions [doc] Update application security specs about rate limiting features Changes in version 4.15.6 Fix act as operator functionality broken since 4.15.0 (#4099) Temporarily remove interfaces to provide a motivation on report status change Since the feature is not complete many users appear very confused of having to enter a motivation that is not shown. The functionality will be reintroduced soon soon with a complete implementation. Raise complexity of proof of work on sessions Implement basic QoS algorithm on handling of virtual hosting limiting burst of traffic. Changes in version 4.15.5 Fix: Do not notify report updates when personal notes are loaded Update translations Changes in version 4.15.4 Revert change introduced in 4.15.3 to prevent updating report date at the time of first report opening following community preference Add packaging for Ubuntu 24.04 (Noble Numbat) Bump npm dependencies to latest version Update translations Changes in version 4.15.3 Do not consider opening a report for the first time as a report update Changes in version 4.15.2 Correct definition of symbol OP_CLEANSE_PLAINTEXT causing malfunction on 4.15.1 in systems running with OpenSSL <= 3.0.0 Changes in version 4.15.1 Apply revision and optimization to TLS configurations Fix bug on admin operation handlers preventing to reset 2fa of users Bump npm dependencies to latest versions Update translations Changes in version 4.15.0 Fix issues #4019, #4020 Do not loose channel selection when changing platform language Make it possible to use channel id parameter on homepage link Fix memory leak on speaker anonymization algorithm Implement deletion of audit logs after 5 years or report deletion Do not require mandatory motivation on report close Extend gl-admin command adding possibility to change encrypted passwords Deprecate old migrations for globaleaks versions < 4.0.0 Optimize Tor loading enabling permanent data dir Bump npm dependencies to latest versions Update translations [doc] Add reference to new security audit report by ISGroup Changes in version 4.14.8 Fix failure on configuration of network filter introduced in 4.14.0 (#3971) Fix failure on the upload of PGP keys (#3970) Update translations Changes in version 4.14.7 Update pid file in globaleaks.service Changes in version 4.14.6 Revise mail notifications in case of multiple report access grants (#3928) Create pid file on /dev/shm/globaleaks/ Revase packaging reducing dependencies Changes in version 4.14.5 Downgrade version of PDFjs breaking pdf viewer (#3960) Changes in version 4.14.4 Correct assignment of classes on tag Ensure one could change the report status without specifying a motivation (#3935) Fix visualization of user preferences for analyst user role (#3940) Implement autofocus on first input of login pages (#3744) Improve accessibility by setting initial focus on the reporting questionnaire Revise implementation of report status change incorrectly setting the report to never expire; defect introduced in 4.14.0 Bump npm dependencies to latest versions Update translations Changes in version 4.14.3 Apply minor bugfixing on release 4.14.0; see git log for details Changes in version 4.14.2 Apply minor bugfixing on release 4.14.0; see git log for details Changes in version 4.14.1 Apply minor bugfixing on release 4.14.0; see git log for details Changes in version 4.14.0 Implement masking and redaction features (#3420, #3429) Register report update when the report is opened (#3918) Implement functionality enabling a recipient to operate on behalf of a whistleblower Add analyst user role and initial implementation of statistics panel Extend recipient list UI adding number of recipients for each report Added possibility to export the report list in form of CSV Redirect to hostname only when the HTTPS certificate is configured and enabled Make it possible to localize privacy and whistleblowing policies urls Enable showdown simplifiedAutoLink option Simplify interface for enabling and disabling email notifications Enable recipients connected to contexts to list every report Implement data retention policies on closed statuses Introduces a proviledge to restrict who can re-open management of reports Remove custodian user role enabler Count whistleblowers accesses Correct CSR download function Bump npm dependencies to latest versions Update translations [doc] Update documentation images Changes in version 4.13.22 Deprecate file upload preview based on data uri The feature will be reimplemented soon based on the secure file viewer extended to more file types that not just images. Revert "Modify report print to unroll tabs and export completed data" Reason: functionality with graphical imperfections on some browsers The feature will be reimplemented creating exports of type pdf Revise firewall rules in relation to issue #3856 Changes in version 4.13.21 Fix issue #3855 introduced in 4.13.19 Changes in version 4.13.20 Revise firewall rules changes introduced in 4.13.19 Changes in version 4.13.19 Correct audio player in relation to handling of multiple recordings Modify report print to unroll tabs and export completed data Reimplement CI on the base of Github Actions During wizard register hostname only if it is not an IP Revise firewalling rules in relation to Tor malfunctions When creating a new channel always assign the 'default' questionnaire Fix issues: #3790, #3794 Update translations [doc] Revise documentation about Continuous Integration Changes in version 4.13.18 Fix download of recipient files by whistleblowers Deprecate Accessibility Declaration feature; it seems to confuse most of the users and who need it could use the standard footer customization feature. Bump client dependencies to latest versions Update translations source Changes in version 4.13.17 Enable secure file viewer by design and by default Implement sandboxed listening of audio recordings Make it possible for whistleblowers to listen to their own audio recordings (#3736) Make it possible for whistleblowers to download their own file uploads Always ask organization data when on signup form Fix issue #3740 Bump client dependencies to latest versions Update translations Changes in version 4.13.16 Fix issue #3727 Rename report Export functionality in Download Replace icon used for file downloads Bump npm dependencies to latest versions Changes in version 4.13.15 Improve responsivity of audio player interface (#3712) Silence exceptions related to remote connections Correct initialization order in Tor service Update whistleblowing identity question Reorganize Sites' options Show postpone button also when the channel data retention policy is disabled Revise content security policy Bump npm dependencies to latest versions Update translations Changes in version 4.13.14 Revise vocoder implementation Apply minor bugfixing Bump npm dependencies to latest versions Update translations Changes in version 4.13.13 Implement speaker anonymization based on vocoder (#3483) Fix issue on identity access for identities inserted before version 4.11 (#3628) Fix homepage link definition in debian packaging (#3685) Fix regression in user email change API (#3674) Bump npm dependencies to latest versions Update translations Changes in version 4.13.12 Add Docker scripts: Dockerfile and docker-compose.yaml Apply improvements for SEO purposes Bump npm dependencies to latest versions Add systemd script and revise packaging Implement automated restart on failure (e.g. OOM) Update translations Changes in version 4.13.11 Revise file decryption compatibility in compatibility with all sw versions Changes in version 4.13.10 Revise fixes included in 4.13.10 in compatibility with all sw versions Changes in version 4.13.9 Complete fix for failure on files migration from versions <= 4.11.5 (#3606) File restore procedure described on ticket Changes in version 4.13.8 Fix regression on fileviewer introduced in 4.13.0 Revise migration to db version 65 in relation to recipient files Changes in version 4.13.7 Revise firewall rules in relation to new rootless mode Changes in version 4.13.6 Refactor application to be run as rootless Fix additional questionnaire functionality Fix issue #3610 Bump client version to latest versions Update translations Changes in version 4.13.5 Fix issue #3609 Changes in version 4.13.4 Fix duplicated entries shown on reports lists Changes in version 4.13.3 Fix bug #3599 introduced in release 4.13.2 Changes in version 4.13.2 Ensure to register the same time for every action performed during a submission Log admin operation: send_password_reset_email Optimize Tor loading storing consensus data permanently Change tor socket port to 9999 Changes in version 4.13.1 Fix issue wiith selection of users to which granting report access Remove redundant reordering of reports reordered on the client Fix order of identity access requests by date (reverse) Fix indicators for identities provided after the initial report Fix issue #3592 Changes in version 4.13.0 Make it possible for recipients to transfer access to their reports to other recipients (#3511) Make it possible to configure a Privacy Policy for internal users (#3510) Re-add CSS id ReceiptText used by some users for customization purposes (#3579) Export start_time on /api/public API Add initial draft of /api/health API Enforce redirect from IP address to server hostname Launch Tor via TxTorcon implementing Tor by design and by default Export platform start time on public API Fix issue #3577, #3587 Bump npm dependencies to latest versions Update translations Changes in version 4.12.9 Add fieldset and legend to radio buttons inputs (#3433) Add label to language selector (#3574) Fix LE renewal compatibility with python3-acme 2.1.0 (#3571) Changes in version 4.12.8 Remove report labels from mail notifications Fix defect #3565 Update translations Changes in version 4.12.7 Revise fix for issue #3556 Changes in version 4.12.6 Fix issues: #3549, #3556 Changes in version 4.12.5 Fix bug loading of Tor onion services introduced in 4.12.0 Changes in version 4.12.4 Fix issue #3555 Revise migration of receiver files Update translations Changes in version 4.12.3 Avoid to create first questionnaire step that seems to confuse users Simplify whistleblowing interface related to files Fix duplication of questionnaires using field templates Correct validation of questionaires in relation to addition of feature #3426 Fix regression #3546 Changes in version 4.12.2 Vary the permission policy in relation to feature #3426 Correct title of emails for new reports Update translations Changes in version 4.12.1 Fix regression on receipt visualization introduced during packaging of 4.12.0 Changes in version 4.12.0 Add packaging for Debian 12 Bookworm (#3485) Perform full application review following AgID advice on accessibility The full whistleblowing process is now accessible with screen readers Implement notification for reports reminders (#3419) Add two factor authentication on file based' configurations Automatically configure a self signed certificate to ensure every connection is always encrypted Implement encryption of identity access requests and replies Implement encryption of reports label Perform db migration in RAM to ensure shorter downtimes on update Enable file viewer by default Make it possible to configure a Privacy Policy link Make it possible to configure a Whistleblowing Policy link Add support for Basque (Euskara) language Update translations Fix issues #3442, #3456, #3466, #3471, 3504 Voice question [doc] Update documentation [doc] Update ER schema representation Changes in version 4.11.5 Fix regression on ip filter check introduced in 4.11.4 causing authorized connections to be blocked Bump npm dependencies to latest version Update translations Changes in version 4.11.4 Implement database sessions caching Optimize API cache Changes in version 4.11.3 Improve TOTP implementation adding a 1 step window Fix packaging in relation to missing license file Changes in version 4.11.2 Revise content security policy Revise HTML to improve accessibility (#3373) Fix issues #3407, #3412 Bump npm dependencies to latest version Update translations Changes in version 4.11.1 Fix packaging of PDF.js library (#3400) Automatically delete demo platforms older than 30 days Bump npm dependencies to latest versions Update translations [doc] Align documentation to latest development Changes in version 4.11.0 Add optional sandboxed viewer to open some types of files (#3345) Make it optional for administrators to usage of PGP (#3382) Make it possible for users to configure a custom reminder on reports (#2866) Remove possibility to close the Privacy Badge when clicked (#3387) Make it possible to customize the "Request Support" feature (#3335) Fix regression on unread reports reminder introduced in commit cf708b2 Prevent users to delete users when escrow keys could be invalidated Revise Content Security Policy restricting priviledges on general API Set Cross-Origin-Resource-Policy to same-origin instead of same-site Add PDF.js library by @mozilla Deprecate use of FileSaver.js library Adopt Inter Noto Sans font families to improve sw internationalization Bump npm dependencies to latest versions Update translations [doc] Update documentation on the implemented Content Security Policy [doc] Revise ApplicationSecurity documentation Changes in version 4.10.18 Fix wizard when performed using a remote connection Changes in version 4.10.17 Revise checks on browser compatibility Fix code related to re-generation of onion services Changes in version 4.10.16 Fix packaging issue preventing release 4.10.15 to work Changes in version 4.10.15 Fix regression on multimedia content visualization due to restricted Content Security Policy (#3307) Modify Tor indicator to track if the whistleblower has always used Tor (#3299) Make it possible to load GIF and JPEG images as logo (#3301) Revise password scoring function to require at least 12 characters and at least 10 different characters (#3311) Added data filters on report list page Implement responsive menu and add icons to menu items Update translations [doc] Revise Application Security section [doc] Update documentation about the content security policy Changes in version 4.10.14 Apply minor UI fixes Bump client dependencies to latest versions Update translations Changes in version 4.10.13 Revise fix fo regression on ACME key generation introduced in 3.10.11 (#3295) Changes in version 4.10.12 Fix regression on generation of Acme Account Key introduced in 4.10.11 Update translations Changes in version 4.10.11 Randomize LetsEncrypt renewal solving failing issues on congested times Revise packaging of client libraries Fix jslint errors Fix submission reset feature in relation to the addition of two factor authentication check Remove outdated code invalidating session when visiting the homepage Preserve internal user sessions in the sessionStorage When whistleblower session expires redirect the user on a blank page (#3293) Map locationStorage on sessionStorage (#3277) Fix issue #3277 Bump npm dependencies to latest version Update translations Changes in version 4.10.10 Fix corrupted file upload problem for files bigger than 1MB introduced in 4.10.0 Update the last update date when the report status is changed Revert fix for issue #3272 Revise Debian packaging Bump npm dependencies to latest versions Update translations Changes in version 4.10.9 Fix issue #3272 Changes in version 4.10.8 Fix password confirmation in relation to unicode escape encoding Extend image file types supported by the application adding gif and jpeg Perform logout when navigating pages that do not require auth (#3221) Fix issue #3225 Bump npm dependencies to latest versions Changes in version 4.10.7 Fix regression on users password change introduced in 4.10.0 Changes in version 4.10.6 Replace usage of python random module with python secrets module Fix mimetype for javascript files in relation to IANA definititions Bump terser to latest version Changes in version 4.10.5 Fix regression in relation to password resets requiring old passwords Fix regression in relation to old reports introduced in 0750098ef936452904f666bcb5aefc24fcfade84 Remove redundant interface for loading PGP keys by copy/paste Bump npm dependencies to latest version Update translations [doc] Add reference to ROS Security Audit 2022 [doc] Update documentation images Changes in version 4.10.4 Revise mime types fixing loading of favicon files (#3258) Make it possible to filter receiver tips by date args (updated_after, updated_before) Changes in version 4.10.3 Fix initialization of onion servers Changes in version 4.10.2 Revise mime types fixing loading of favicon files (#3258) Fix client failure when testing email notifications (#3259) Fix duplicated option visualization in advanced settings (#3260) Fix loading of custom scripts from /var/globaleaks/scripts/ directory Bump npm dependencies to latest version Update translations Changes in version 4.10.1 Fix certificate renewal failure introduced in 4.10.1 Changes in version 4.10.0 Validate url argument of support handler using regexp matching Remove interface for immediate user activation Avoid to fix file permissions at runtime Implement dedicated handlers for password change Drop privileges as soon that command line arguments are parsed and sockets are binded Remove web possiblity to load javascript customization via web interface Limit accepted mimetypes depending on the handler Add requirement of two factor authenticatioon confirmation to set of operations - Enabling encryption - Disabling 2fa - Toggling system key escrows - Toggling user key escrows - Visualizing account recovery keys - Resetting system reports - Using password reset links Prevent two factor token reuse Do not load file customizations when managing tenants Limit listing files loaded for public access to administrators or privileged recipients Restrict content security policies limiting resources that could be loaded Add directory traversal checks after loading paths from the database Enforce failure when apparmor or iptables support is missing Revise signup form removing redundant data collection Strip html tags before processing markdown Ensure token decorator could not be bypassed Ensure uploded file names do not contain slashes Add warning in case of use of default smtp configuration Modify simplified login to not expose usernames Improve templating avoiding templates injection Bind only on local host when in development mode Make it possible to change network configuration only by root tenants admins Avoid to change page title to "Report" to limit traces on browser history Ensure to not write files bigger than the defined maximum file size Require explicit opt-in to enable developers exception notifications Remove web possiblity to load javascript customization via web interface Change token decorator using path variable instead of uri variable Disable developers exception notifications by default Remove API for client exception reporting Disable APIs for exporting HTTPS certificates' keys Bump npm dependencies to latest versions Update translations Changes in version 4.9.9 Reintroduce Tor Exit IP check based on onionoo data Bump npm dependencies to latest versions Update translations Changes in version 4.9.8 Revise teardown of onion services Fix margins in RTL layout Update translations Changes in version 4.9.7 Fix compatibility with old versions of txtorcon (#3229) The failure was causing failure on ubuntu bionic for version 4.9.6 Changes in version 4.9.6 Improve resiliency of onion services setup and teardown Optimize application state and tenants Set Gzip Encoder compression level to 1 prioritizing speed over compression Remove "-" character from tag when the page title is not set Remove duplicated IDs from submissions form (#3222) Add aria label on "Plus" button for multi-answer questions (#3222) Add aria label on "Close" button of disclaimer modal (#3222) Add h1 tag on page title (#3222) Add for attribute to labels referred to form inputs (#3222) Improve accessibility of receipt interface interconnectin label and input (#3222) Bump npm dependencies to latest versions Update translations Changes in version 4.9.5 Fix exception triggered when recipients download their own files (#3220) Bump npm dependencies to latest versions Update translations Changes in version 4.9.4 Fix regression on download of files uploaded by recipients introduced in 4.9.1 Fix regression on simplified login introduced in 4.9.0 Correct Lithuanian language name incorrectly shown as Latvian Bump npm dependencies to latest versions Update translations Changes in version 4.9.3 Fix regression on Tenant Auth Switch introduced in 4.9.1 Bump npm dependencies to latest versions Update translations Changes in version 4.9.2 Fix regression on Export/Download of Files introduced in 4.9.1 Changes in version 4.9.1 Complete bugfixing for new package for Ubuntu Jammy 22.04 Extend proof of work protection to every not authenticated request != GET, OPTIONS Change default user permissions removing delete priviledge Fix regression on feature #2915 Bump npm dependencies to latest versions Update translations [doc] Update Threat Model texts [doc] Update Application Security document in relation to hashcash policy on unauthenticated requests Changes in version 4.9.0 Silence notification of common exceptions Prepare packaging for Ubuntu Jammy (#3185) Fix visibility of reports related to deleted contexts (#3209) Fix export failure for reports with large number of attachments (#3212) Fix compatibility with both SQLAlchemy 1.3 and 1.4 Add migration script 62 Add archived db version 62 used for tested purposes Implement SQLITE lockdown state (#3206) Simplify configuration of context hidden status Simplify configuration of users enabled status Deliver submissions also to recipients which account have been disabled Remove database support for incomplete features #2523 and #2552 Fix regression on notification of certificate renewal failure introduced in 4.8.1 Add autoincrement property to Tenant ID attribute (#3197) Change the type of the ID attribute of Audit Log to be an autoincremented integer (#3198) Bump npm dependencies to latest versions Update translations [doc] Update documentation images [doc] Update ER representation of the database [doc] Update documentation in relation to application testing [doc] Add documentation about hardened database configuration Changes in version 4.8.1 Improve performances of https renewal job Revise audit log marking system' report deletion by tenant Ensure that the local copy of the receipt is deleted after logout Deprecate outdated Tor check based on Bump npm dependencies to latest versions Update translations Changes in version 4.8.0 Improve audit log adding entry for reports deleted automatically by the system Improve audit log adding information about software updates (#3194) Improve self password reset feature making caseinsensitive email lookup Cancel deferred processing when client connection is closed Fix visualization of buttons for ordering contexts Fix failure on pgp encryption of wbfiles for recipients Hide no-configurable options from referenced fields templates instances Add missing multichoice input choice on fields creation Update default globaleaks questionnaire Optimize database removing id attribute on fieldattr model Fix issue #3193 Bump npm dependencies to latest versions Update translations [doc] Revise features documentation [doc] Update documentation images Changes in version 4.7.17 This version just fixes version numbering Changes in version 4.7.16 Deprecate haveged on systems running kernel >= 5.6 (#3184) Deprecate outdated and unused code related to old version of haveged #1722 Make it possible to reset template override setting (#2908) Fix regression on #3116 Bump npm dependencies to latest versions Changes in version 4.7.15 Fix exception on interrupted connections (#2706) Bump npm dependencies to lates versions Changes in version 4.7.14 Fix incorrect bump of bootstrap library to version 5 Fix exception on logout introducted in 4.7.12 Changes in version 4.7.13 Fix wrong release numbering stating 4.7.12 is still 4.7.11 Bump npm dependencies to latest versions Changes in version 4.7.12 Filter recurring meaningless exceptions from Twisted from notification Prevent users to revoke their own access to reports (#3182) Optimize Content Security Policy Fix regression on report postpone feature introduced in 4.7.11 Fix issue #3180 Bump npm dependencies to latest versions Update translations [doc] Update documentation about CSP [doc] Add reference link for AppArmor [doc] Add reference link for iptables Changes in version 4.7.11 Revise revoke access functionality to show real users' names Fix issues #3171, #3175 Bump FontAwesome from 5 to 6 Bump npm dependencies to latest versions Stop including fonts inside minified css Revise postpone feature in relation to #3166 Bump npm dependencies to latest versions Update translations [doc] Update documentation images Changes in version 4.7.10 Fix regression on files uploads introduced in 4.7.8 Changes in version 4.7.9 Avoid to serialize templates when exporting questionnaire Changes in version 4.7.8 Make it possible for secondary tenants to not be exposed via Tor (#3155) Reimplement tenant api removing direct acces by tenant number Make it possible to access secondary tenants via /t/subdomain path Restore possibility to provide a message to users that decide to not provide their identity Improve questionnaire template UI marking template questions with "Template" type (#3156) Add exception on permission checks for directory 'lost+found' (#3159) Fix regression on advanced field options configurations (#3154) Enable users to review file uploads before effective upload Fix issues #3157, #3160 Bump npm dependencies to latest version Update translations Changes in version 4.7.7 Add report progressive number to audit log (#3145) Implement serverside validation of password strength (#3150) Fix issues #3146 and #3149 Bump npm dependencies to latest version Update translations Changes in version 4.7.6 Fix regression #3135 Bump npm dependencies to latest version Update translations Changes in version 4.7.5 Make it possible to restart the application without invalidating password reset tokens Make it possible to customize Steps descriptions with markdown Bump npm dependencies to latest versions Update translations Changes in version 4.7.4 Fix regression on generation of PGP encrypted emails Update translations Changes in version 4.7.3 Revise apparmor script fixing permissions to generate password reset token Avoid to encrypt email subjects as in releases before 4.6.0 Changes in version 4.7.2 Fix regression on report export introduced in 4.7.0 for report including files updloaded by recipients Fix regression on report search introduced in 4.7.0 (#3131) Changes in version 4.7.1 Fix regression #3130 introduced in 4.7.0 Changes in version 4.7.0 Revise TLS configuration by specifically disabling TLS1 and TLS1.1 on SMTP connections Decouple encryption keys of submissions from encryption keys of files Optimize database and API for fetching reports summaries #3125 Optimize database by setting sqlite temp_store to memory on every new connection (#3125) Optimize database enabling automatic indexing is enabled on sqlite database (#3125) Fix migration of questions generated from templates by running migrations with foreign keys Fix loading of receipt page when context id is provided within the uri Modify grant tip access function to show real users' names (#3127) Bump npm dependencies to latest version Update translations [doc] Update ER representation of the database Changes in version 4.6.1 Fix regression in 4.6.0 preventing to visualize reports labels Update translations Changes in version 4.6.0 Adopt ECC keys of 384bits Modify ECDH configuration to use curve NID_secp384r1 Implement securitytxt (#2647) Register first access to files by whistleblowers Register first access to files by recipients Register first access to reports by recipients Optimize database removing unused attributes Add email validation on Signup and Support requests Revise code relate to mandatory-check on file uploads Make it possible to require whistleblowers to upload files before proceeding with the completion of the submission (#3116) Revise code relate to mandatory-check on file uploads Notify recipients when whistleblowers disclose their own identity Notify recipients when whistleblowers fills the secondary questionnaire Always strip the email subject when sending PGP encrypted emails Add Brave to the list of supported browsers (#3121) Correct Github donation link (#3120) Add support for Crimean Turkish translation Update translations [doc] Add Secure File Download measures section [doc] Add Browser History and Forensic Traces section [doc] Add TLS certificate keys section [doc] Revise section about Cache-Control header [doc] Revise application glossary [doc] Add documentation about supported browsers [doc] Update number of supported languages Changes in version 4.5.8 Fix self reset password regression introduced in 4.4.5 Set session keepalive period to 5 minutes Do not invalidate password reset tokens till actual password change Update translations Changes in version 4.5.7 Implement Cross-Origin-Embedder Policy Implement Cross-Origin-Resource Policy Fix issues #3117 and #3118 Update translations Changes in version 4.5.6 Fix regression on password reset links introduced in 4.4.5 Optimize serialization of public API reducing set of exported keys Open link for testing contexts on a new page Fix issue #3113 Changes in version 4.5.5 Add URL to support requests emails Fixes issue #3108, #3109, #3110, #3111 Bump npm dependencies to latest versions Update translations Changes in version 4.5.4 Implement session keep-alive and check on session expiration Fix issues #603, #2842, #3104, #3105, #3106 Bump npm dependencies to latest versions Changes in version 4.5.3 Fix regression on Simplified Login when combined with 2FA (regression introduced in 4.5.0) Changes in version 4.5.2 Implement Cross-Origin-Opener-Policy (#3103) Make it possible for administrators to configure the public name of users (#3094) Open TOS attachments and TOS reference link on a new page (#3097) Replace automatic link sanitizer with an explicit target=_blank directive Fix audit log in relation to visualization of images for users' 2fa status Revise UI of project logo upload functionality removing double click issue Always show hours and minutes on dates of file uploads Fix issues #3093 and #3095, #3098, #3100, #3101, #3102 Changes in version 4.5.1 Fix authenticaton on secondary tenants by root tenant users (regression introduced in 4.5.0) Changes in version 4.5.0 Fix internationalization of close button in support modal (#3084) Fix regression on compatibility with Internet Explorer (#3085) Avoid to show logout button on homepage and submission page Show explicit logout link on whistleblower sessions Revise login interface resetting inputs on failure Make it possible to manually configure TOTP secret (#3088) Add "Copy to clipboard" functionality on 2FA qrcode interface Fix possibility to provide identity after submission Always encrypt downloads with PGP when the user key is available (#3087) Fix bug on invalidation of escrow key when enabling key escrow of secondary tenants Always fetch user preferences when the user preferences are accessed Fix issue #3086, #3090 Bump npm dependencies to latest versions Improve request support feature by prepopulating the email field Update translations Changes in version 4.4.5 Revise rate limiting decorator limiting only whistleblowers' sessions #3076 Simplify handling of recipient public names Fix possibility of adding multiple file questions Make it possible to use drag and drop on admin file configurations Fix issue #3075 Bump npm dependencies to latest version Update translations Changes in version 4.4.4 Make it possible for recipient to choose the postpone date #3068 Make it possible for recipients to see real user names #3064 Make it possible for any recipient to remove files loaded by other recipients Make it possible to filter sites by any property Add audit log for password reset considering it as a login Fix reordering of submission substatuses #3066 Remove possibility to postpone expiration of multiple reports at once Simplify API removing proof of work token from authenticated APIs Implement session on any whistleblower action Implement rate limiting on user sessions Deprecate multisite login functionality Limit the maximum payload of any request to 2MB Remove outdated section of signup template Fix issues #2972, #3069 Revise exception handling Improve responsiveness of logo and page title on small screens Revise of comments and message buttons Bump npm dependencies to latest version Update translations Changes in version 4.4.3 Add NTP as package dependency on debian buster and ubuntu bionic Simplify interface of questionnaire configuration when only one step is present Revise layout of login and 2fa pages Fix functionality of self password recovery on the page that requires the account recovery key Update translations Changes in version 4.4.2 Apply minor bugfixing Revise native language names Add support for Bashkir language Update translations Changes in version 4.4.1 Add support for Serbian (Montenegro) and Tatar language Fix regression causing failure on file uploads and other mail exceptions (#3035) Update translations Changes in version 4.4.0 Bump database version to 56 to fix specific issue on db version 55 Changes in version 4.3.2 Fix regression on visualization on answers to fieldgroups introduced in 4.3.0 (#3053) Update translations Changes in version 4.3.1 Fix issues #2525, #2768, #3051, #3052 When key escrow is enabled activate user encryption as soon that users are created Apply minor bugfixing of new interfaces Update translations Changes in version 4.3.0 Make it possible for recipients to add a new recipient to their submissions (#2595) Implement Request Support feature (#3035) Revise data collected when asking whistleblower's identity (#3032) Logs when recipients access whistleblowers's identity Enable custodian functionality when a custodian user exists Prioritizing new encryption model over PGP encryption Deprecate support of HTTPS NPN protocol Revise password reset token setting expiration to 7 days Track access to submissions that are exported Make it possible to customize the text shown over the context selection Reorganize secondary tenant creation to not require wizard completion Improve 2FA account name to show: $hostname ($username) (#3021) Fix issues #3027, #3041 Bump npm dependencies to latest version Add support Persian (Afghanistan) language Add support for Armenian language Add support for Belarusian Add support for Checken language Add support for Kazakh language Add support for Kyrgyz language Add support for Pashto language Add support for Serbian (Latin) language Add support for Turkmen language Add support for Tajik language Add support for Uzbek language Update translations Changes in version 4.2.13 Deprecate onion services v2 #2894 Add Debian Bullseye (11) packaging #3019 Show receipt box only when /#/submission url is visited directly #3026 Revise TLS implementation improving security and performance Fix integration of ug@Cyrl language Apply minor bugfixing Update translations Bump client dependencies to lates version Changes in version 4.2.12 Fix regression #3029 on UI mocks visualization added in 4.2.11 Changes in version 4.2.11 Implement copy to clipboard function on encryption recovery key Implement copy to clipboard functionality on receipts (#1143) Implement copy to clipboard function on onion address (#1040) Re-implement feature #3026 with proper handling of responsiveness Make it possible to show comments and messages sent before disabling commenting and messaging Implement link to the homepage on logo and project title Fix regression on feature #2521 Fix issue #3015 Fix export of submissions including both files and comments Fix password reset link functionality when triggered by administrators of secondary sites Disable autocomplete on password change for modern browsers Log ip and user agent of internal users by default for security purposes Update documentation Publish tentative 2021-2023 roadmap Remove incorrect import of D3 library not used anymore Bump npm dependencies to latest version Add Uyghur translations in latin and cyrillic alphabets Add revised Tibetan translation Update translations Changes in version 4.2.10 Implement possibility to export all reports at once (#2824) Refactor Token implementation and separate it from Submission state Assign access_report audit log to secondary tenants Revise colors of the application in relation to style guidelines Change logo version and optimize size Update Tibetan translation (ongoing trranslation updated for revision purposes) Fix native language name for Swahili (Kiswahili) Update translations Changes in version 4.2.9 Fix issue #3007 preventing new setups of globaleaks 4.2.8 Fix password reset functionality in relation to pyotp dependency removal Revise min_len and max_len input validations in relation to IE 11 Add Tibetan translation (ongoin translation added for revision purposes) Update translations Changes in version 4.2.8 Update translations for revision purposes Changes in version 4.2.7 Fix functionality of import of questionnaires Fix loading of intermediate chain composed by more than one certificate Bump npm dependencies to latest versions Add Kramer translation (ongoing translation added for revision purposes) Add Uyghur translation (ongoing translation added for revision purposes) Update translations Changes in version 4.2.6 Add Bengali translation Add Lao translation Add Malayan translation Improve usability of drop down with >=10 choices Update translations Bump npm dependencies to latest versions Changes in version 4.2.5 Fix bug on file delivery in mixed PGP / non PGP configurations Add Burmese translation Add Chinese (Hong Kong) translation Update translations Bump npm dependencies to latest versions Changes in version 4.2.4 Fix issue #2998 affecting migration 54i, impacting releases 4.2.0-3 and causing corruption of files attached by administrators for platform customization. Fix issue #2995 Fix bug on notification to recipients of their own messages Changes in version 4.2.3 Improve readability of home page revisiting font-sites and margins Getting sure to filter white spaces when using ip addresses filters Fix issue #2993 Changes in version 4.2.2 Ignore browser language and prefer platform default Set Log job timing to 30 seconds Fix lint error affecting Log job shutdown Make update notifications subject to admin notifications enablers Fix issue #2991 Changes in version 4.2.1 Fix regression on removal on reset of anomaly counter Revise files handlers for proper management of contexts and users images Changes in version 4.2.0 Improve set of audit log events traking main events related to authentication, password reset, reports access and deletion (#2579) Optimize database removing redundant previous overengineering Prevent that the submission status could be reverted to new Improve resiliency adding limits to the numer of emails and files processed in a single job cycle Improve resiliency on possible failures on mail schedule due to single errors in mail generations Make it possible to disable new submissions without preventing whistleblowers access Revise implementation of Permission-Policy header Fix issues #2970, #2978, #2979, #2981 Backport Twisted #9410 from 19.7.0 Update npm dependencies to latest versions Add Macedonian translation Update Translations Changes in version 4.1.17 Fix issue #2970 Revise access log format to keep it standard Fix auto-epiration of new sites if not activated within 1 day Revise cleaning sched in relation to activation tokens expiration Add message-id header to emails to mitigate spam Make it possible for field templates to be defined by using field templates Downgrade D3 version to preserve compatibility with IE 11 Update npm dependencies to latest versions Changes in version 4.1.16 Fix mail notifications on ubuntu focal / python 3.8 Bump npm dependencies to latest version Changes in version 4.1.15 Fix issue #2967 Changes in version 4.1.14 Fix generation of email notifications for labeled submissions Changes in version 4.1.13 Add Covenant Contributor Code of Conduct Update Tor download link Archive testing code related to CORS embedding (#1270) Fix regression on report's postpone and delete interfaces Fix loading of minified version of CSS and JS Generate onion service only when platform mode is 'default' Fix issue on visualization of answers for conditional steps Changes in version 4.1.12 Compact database during cleaning schedule using sqlite VACCUM command Revise application packaging moving PID file inside /var/globaleaks Fix packaging adding explicit dependency on python3-cryptography Bump npm dependencies to latest version Changes in version 4.1.11 Fix possibility of resetting onion address Changes in version 4.1.10 Make it possible to download https encryption key for backup purposes Implement possibility to download access and debug log via the audit log Fix statistics tracking of logins and submissions Use cssmin and terser instead of using already minified libraries Rework http gzip doing it in streaming to every resource served Avoid caching of admin resources Add Swahili language Update translations Bump npm dependencies to latest version Changes in version 4.1.9 Fix issue #2904 Update translations Changes in version 4.1.8 Fix serialization of tip preview for platforms with encryption OFF Move experimentaal docker scripts to dedicated repository: Bump travis testing environment to Focal Bump npm dependencies to latest version Changes in version 4.1.7 Deprecate code related to onion service v2 generation Add list of italian public agencies that use the software to Developers Italia: Pre-generate Onion Service key as soon that the database is initiaized Reset Authentication session when navigating public interface Add Amharic translation Fix issue #2945 Bump npm dependencies to latest version Update translations Changes in version 4.1.6 Fix regression on migration 52 (#2936) (bug introduced in version 4.1.0) Changes in version 4.1.5 Fix bug on PGP encryption of files resulting on using always the same recipient key for every user (bug introduced in version 4.1.0) Changes in version 4.1.4 Revise header implementation adding css ID ProjectName, TitleSeparator and PageTitle Revise feature for enabling recipients to upload files to whistleblowers Update translations Changes in version 4.1.3 Revise logic of Tor network sandboxing Update translations Changes in version 4.1.2 - 2020-11-23 Revise notifications for custodian replies Fix visualization of recipient selection cards Changes in version 4.1.1 - 2020-11-22 Fix creation of new users for platforms where english is not enabled Fix gl-admin utility in relation to import error Add notifications for custodians replies Bump npm dependencies to latest versions Update translations Changes in version 4.1.0 - 2020-11-18 Revise the application UI following the official an new brand guidelines - Reduce colors of the application removing the usage of Green, preferring to use the Blue color of the brand to communicate the values of the project along security and transparency. Add compound favicon with resolution 16x16 32x32 48x48 Adopt Metropolis as application Font as defined by the brand guidelines Optimize the application for better accessibility and responsiveness Improve usability in relation to key escrow mechanism adding user hints about the necessity of saving the key esrow. Add receipt to the tip page to support users to annotate it (#2915) Bump npm dependencies to latest version Revise and improve network sandboxing enabling traffic to used ports Implement restricted indexing policiy by means of X-Robots-Tag: noarchive when indexing is enabled Revise Cache-Control headers and update related security documentation Implement automatic screenshot collection during tests and documentation update Fix issue Fix password reset malfunction in relation to users using 2FA Revise email spooling setting interval to 10 seconds and retry to 7 days Replace Feature-Policy Header with the renamed new standard Permission-Policy header Complete documentation of securit features currently implemented - Add preliminar documentation for more important user features: - Revise project documentation added to Developers Italia via publiccode.yml - Make is possible to use markdown when configuring a custom privacy badge Remove possibility to filter ip access for whistleblowers; the feature was never actually implemented and the interface shown was just added by mistake. We consider that Whistleblowers access shall never be prevented and that any restriction on this topic should be considered against the best practice. Pospone notification of Letsencrypt failures after a week of the initial failure Implement scheduler to notify users after 7 days of unread or updated reports Implement automatic update to onion services version 3 and plan OnionServices V2 deprecation in compatibility with Tor timeline (#2894) Update default smtp configuration Implement admin assisted password reset (applicable when escrow keys are enabled) Revise CSS of the application removing redundant or unused classes Bump database schema to version 53 Update ER schema of the application: - Reimplemt periodic file cleaning postponing deletion of files to 1 day since deletion and ensuring that files that are not linked to the database are properly deleted Bump test code coverage from 81% to 84% Remove possibility to include the application by means of an iframe making it possible to load the application via proper CORS requests Add subscriber table and subscribed document table for tracking GDPR and other contracts for demo and professional uses in preparation to furter planned development Replace GL-Language header making use of the standard Accept-Language header Implement HTTP OPTIONS method Add Estonian translation Update translations Changes in version 4.0.58 - 2020-09-28 Fix issue #2899 Fix possibility to reset password for platforms that are admin-only Remove HTTP Basic Authentication feature; this feature was been developed in order to be used in pre-production but many users seems to continue to abuse of its presence to create private whistleblowing portals not really accessible to the end users; from this the decision to remove completely the feature from the software. Changes in version 4.0.57 - 2020-09-27 Fix serialization for questions of type date (#2896) Implement serialization for questions of type date range Changes in version 4.0.56 - 2020-09-25 Fix additional question answers functionality Changes in version 4.0.55 - 2020-09-21 Fix issue #2892 Changes in version 4.0.54 - 2020-09-03 Fix recipient feature to load files to whistleblowers Changes in version 4.0.53 - 2020-08-31 Fix functionality for re-generating Onion addresses Changes in version 4.0.52 - 2020-08-30 Revise IPv6 support in relation to IP filtering and logging Changes in version 4.0.51 - 2020-08-09 Do not show multitenancy menu if multisite feature is disabled Add support for IPv6 Changes in version 4.0.50 - 2020-08-04 Add 1 second delay between mailung attempts Fix issue #2882 Fix regression on issue #2720 When encryption is not enabled preserve statistic data Fix visualization of admin interface for disabling user notifications Update npm dependencies to latest versions Update translations Changes in version 4.0.49 - 2020-07-27 Fix exception error on recipients selection Fix visualization of icons in questions messaging Changes in version 4.0.48 - 2020-07-26 Fix check on maximum selectable recipients Changes in version 4.0.47 - 2020-07-25 Fix issue #2878 Improve markdown avoiding privacy leaks on external links (#2879) Update translations Changes in version 4.0.47 - 2020-07-21 Fix disclaimer modal in relation to addition of Showdown Markdown (#1101) Changes in version 4.0.46 - 2020-07-21 Fix visualization of admin advanced settings on root tenant while in demo mode Changes in version 4.0.45 - 2020-07-21 Fix link for accessing reports in emails sent to recipients Changes in version 4.0.44 - 2020-07-20 Revise fix for HTTPS redirects in relation to letsencrypt and renewal Changes in version 4.0.43 - 2020-07-10 Revise tenatative domain correction introduced in 4.0.42 Bump npm dependencies to latest versions Update translations Changes in version 4.0.42 - 2020-07-19 Fix HTTPS redirects in relation to letsencrypt and renewal Implementat tentative domain correction in relation to presence or absence of 'www.' domain prefix Changes in version 4.0.41 - 2020-07-18 Do not send certificate expiry notice to users with disabled notifications Revise style of feature that enable to block submissions based on answers Update npm dependencies to latest version Improve lets'encrypt cert renewal for multisite platforms adding 60s delay Add latvian translation Update translations Changes in version 4.0.40 - 2020-07-08 Fix regression in logo upload introduced in 4.0.39 Changes in version 4.0.39 - 2020-07-08 Fix import of questionnaires in relation to step triggers Add unit tests for import of complex questionnaires Fix visualization of steps triggers in relation to score enabler Fix preferences interface for disabling email notifications Add Onion-Location header only over HTTPS Reimplement API token in compatibility with encryption functionality Move REST API to /api/* path Apply minor UI fixes Update npm dependencies to latests version Update translations Changes in version 4.0.38 - 2020-06-28 Fix regression on encrypted file uploads paths introduced in 4.0.33 Fix visualization of file uploads by recipients Fix audit log filter in relation to multitenancy Change comments serialization API serializing ids in place of author names Add Showdown markdown to homepage texts, footer, and questions description ToS questionstext (#1101, #2206) Update npm dependencies to latest version Update translations Changes in version 4.0.37 - 2020-06-22 Fix selected recipients count function Fix regexp based form validation Update translations Changes in version 4.0.36 - 2020-06-18 Retest and fix admin heatmap broken since initial release 4 Fix file upload buttons with 2-click defect Changes in version 4.0.35 - 2020-06-17 Apply minor style fixes Fix packaging version bump Update translations Changes in version 4.0.33 - 2020-06-10 Improve UI in relation to #2862 Always re-generate salt when changing password Revise TLS configuration preferring security over Update npm dependencies to latest version Prioritize PGP encryption for files when available Enable to download the audit log resources as CSV Update translations Changes in version 4.0.32 - 2020-06-08 Fix alphabetic display of receipients Changes in version 4.0.31 - 2020-06-07 Apply minor UI fixes Update translations Changes in version 4.0.30 - 2020-06-06 Apply minor UI fixes Changes in version 4.0.29 - 2020-06-05 Fix sidebar of recipients showing site settings link Revise implementation of Location headers redirecting to the homepage Changes in version 4.0.28 - 2020-06-05 Bump to angular version 1.8.0 Uniform UI to new brand guidelines Update translations Changes in version 4.0.27 - 2020-06-04 Fix immediate generation of onion services for secondary tenants Send exception notifications only to administrators of the root tenant Remove redundant borders to whistleblowers' login interface Disable user email notifications if they are disabled at user level Fix password reset feature broken in 4.0.26 Fix custom order visualization of recipients Uniform context and recipient selection interfaces Changes in version 4.0.26 - 2020-06-02 Uniform all random secrets to 256bit length Change default password change interval from 90 days to 1 year Fix exception email notifications in relation to multitenancy Fix issue #2861 Update npm dependencies to latest version Update translations Changes in version 4.0.25 - 2020-05-29 Fix issues: #2857, #2859 Update translations Changes in version 4.0.24 - 2020-05-25 Fix interfaces for enabling languages Apply minor UI fixes in relation to mobile responsiveness Changes in version 4.0.23 - 2020-05-24 Postpone integration of basic auth bypass for multitenancy management Changes in version 4.0.22 - 2020-05-24 Apply minor UI fixes in relation to mobile responsiveness Changes in version 4.0.21 - 2020-05-23 Fix issues: #2043, #2852 Apply mix UI refinements Update npm dependencies to lates versions Update translations Changes in version 4.0.20 - 2020-05-16 Fix minor UI defects Update translations Changes in version 4.0.19 - 2020-05-15 Fix issues: #2784, #2825, #2431, #2833, #2835, #2837, #2841, #2843 Implement Onion-Location Header (#2847) Update translations Changes in version 4.0.18 - 2020-04-28 Add support for latest Ubuntu LTS (20.04: Focal) Update translations Changes in version 4.0.17 - 2020-04-24 Fix issues: #2822, #2829 Update translations Changes in version 4.0.16 - 2020-04-23 Fix issue #2826 Bump npm dependencies to latest version Update translations: Changes in version 4.0.15 - 2020-04-16 Apply minor bugfixing Changes in version 4.0.14 - 2020-04-14 Fix issue #2818 Changes in version 4.0.13 - 2020-04-13 Add recipient name to reports' messages UI (#2815) Update translations Changes in version 4.0.12 - 2020-04-10 Fix issue #2814 Update translations Changes in version 4.0.10 - 2020-04-08 Fix issues: #2800, #2810, #2812 Fix counters on reports lists showing always counters of last report Update translations Changes in version 4.0.9 - 2020-04-07 Revise fix on connection check admin and recipient roles Fix issue #2800 Add updated documentation abouth threat model and encryption Update translation Changes in version 4.0.8 - 2020-04-02 Add updated documentation abouth threat model and encryption Update translation Changes in version 4.0.7 - 2020-04-02 Fix opening of 2FA and encryption recovery key modals Fix connection check admin and recipient roles Changes in version 4.0.6 - 2020-04-01 Apply minor UI bugfixing Update translations Changes in version 4.0.5 - 2020-03-25 Apply minor UI bugfixing Update translations Changes in version 4.0.4 - 2020-03-18 Add mock frunctions: replace, add-before, add-after Improve resiliency of notification job Fix issues: #2790, #2791 Changes in version 4.0.3 - 2020-03-12 Remove migration of two-factor-authentication secret from old setup due to many incompatibilities preventing correct authentication. Always serve the root tenant suring setup to enable reverse proxy configs. Revise privacy aspects of robots indicization. Update translations Changes in version 4.0.2 - 2020-03-09 Revise fixes included in 4.0.1 in relation to authentication failures Changes in version 4.0.1 - 2020-03-09 Apply minor bugfixing Changes in version 4.0.0 - 2020-03-05 Enable encryption and key escrow mechanism by default for new setups Make it possible to enable encryption and key escrow mechanism on existing setups Please refer to the official release announcement for important information about the update: - Changes in version 3.11.70 - 2020-02-24 Fix custodian functionalities in relation to custom identity template Changes in version 3.11.69 - 2020-02-11 Fix qrcode visualization in forced two factor authentication mode Fix listing of identity access requests Show context selection interface only when multiple contexts are available Update version of chrome used during testing Fix migration of whistleblower identity customizations Changes in version 3.11.68 - 2020-01-28 Fix regression preventing to configure admin users Changes in version 3.11.67 - 2020-01-23 Improve packaging removing unused dependencies Revise old migration scripts fixing defect in migration of db 36 Changes in version 3.11.65 - 2020-01-23 Fix package version Changes in version 3.11.64 - 2020-01-23 Fix regression in questionnaires update introduced in 3.11.63 Enforce file download on Terms of Service attachments (#2763) Fix defect in submission token implementaton preventing expiration Changes in version 3.11.63 - 2020-01-20 Fix check on user-context association on the same tenant Bump npm dependencies to latest versions Fix minor lint errors Make it possible to reset the platform hostname Hide score UI when the feature is disabled Remove ricochet configuration visibility in content settings When creating a new context set the tip time to live to 90 days Changes in version 3.11.62 - 2020-01-12 Apply user suggestions for feature #2643 Changes in version 3.11.61 - 2020-01-12 Apply minor UI fix Changes in version 3.11.60 - 2020-01-12 Show the logo of the context that is selected (#2643) Re-add whistleblower login form on submission page Deprecated ol txtorcon mock Apply minor UI fx Bump npm dependencies to latest version Changes in version 3.11.59 - 2020-01-04 Fix defect in application responsiveness Bump npm dependencies to latest versions Changes in version 3.11.58 - 2020-01-02 Fix defect in exceptions logging Changes in version 3.11.57 - 2019-12-30 Fix issue #2756 Remove apparmor rule for dash previously required by gnupg Bump npm dependencies to latest versions Update translations Changes in version 3.11.56 - 2019-12-25 Fix issue #2755 Changes in version 3.11.55 - 2019-12-19 Fix issue #2754 Update translations Changes in version 3.11.54 - 2019-12-14 Apply minor UI improvements Update translations Changes in version 3.11.53 - 2019-12-12 Fix defect regression on customization provisioning introducted in 3.11.53 Changes in version 3.11.52 - 2019-12-12 Apply minor UI improvements Changes in version 3.11.51 - 2019-12-12 Apply minor UI improvements Update translations Changes in version 3.11.50 - 2019-12-11 Fix client build regression introduced in 3.11.49 Changes in version 3.11.49 - 2019-12-11 Replace qrious with angular-qrcode Changes in version 3.11.48 - 2019-12-10 Removing python3-distro dependency requiring unusual large set of apparmor rules for the functionality offered Changes in version 3.11.47 - 2019-12-10 Update applying rules fixing issue #2747 Update translations Changes in version 3.11.46 - 2019-12-08 Revise installation script in relation to installation privacy Deprecate compatibility with python2 Update translations Changes in version 3.11.45 - 2019-12-04 Fixes issue #2737 and #2738 Changes in version 3.11.44 - 2019-12-03 Apply minor UI fixes Bump npm dependencies to latest versions Update translations Changes in version 3.11.43 - 2019-12-01 Add error logging on impossibility to validate a TLS Certificate (#2732) Improve font selection in relation to feature #2530 Fix serialization of encrypted tips in relation to tip preview Bump npm dependencies to latest versions Update translations Changes in version 3.11.42 - 2019-11-26 Implement certificate chain verification for outgoinv HTTPS and SMTPS (#2732) Apply minor bugfixing Bump npm dependencies to latest versions Update translations Changes in version 3.11.41 - 2019-11-20 Apply minor bugfixing Changes in version 3.11.40 - 2019-11-20 Apply minor bugfixing Update translations Changes in version 3.11.39 - 2019-11-17 Apply minor bugfixing Update translations Changes in version 3.11.38 - 2019-11-01 Fix regression #2720 Update translations Changes in version 3.11.37 - 2019-10-31 Apply minor fixes Update translations Changes in version 3.11.36 - 2019-10-31 Bump npm dependencies to latest versions Implement feature #2521 Export tip status inside the submission export (#2526) Revise CSS in relation to UI responsivenes Update translations Changes in version 3.11.35 - 2019-10-28 Revise UI of context selection Changes in version 3.11.34 - 2019-10-28 Revise authentication decorator ensuring session.tid/ correspondance Improve UI in relation to responsivenes Update translations Changes in version 3.11.33 - 2019-10-27 Fix issue #2717 Changes in version 3.11.32 - 2019-10-27 Improve UI of language selector Update translations Changes in version 3.11.31 - 2019-10-26 Improve UI of maximum recipients feature (#2530) Improve client minification Update translations Changes in version 3.11.30 - 2019-10-21 Optimize accesibility of the application (rank 92% of LightHouse) Optimize performance of first load (rank 65% of LightHouse) Optimize SEO of the appplication (rank 100% of LightHouse) Revise CSS using rem in place of em to ease customizations Update translations Changes in version 3.11.29 - 2019-10-16 Apply minor style fixes Changes in version 3.11.28 - 2019-10-16 Add virtualhost to access.log (#2703) Improve loading implementing resource preload Optimize code of password complexity meter removing zxcvbn library Improve style of NoScrypt message Improve Search Engine Optimizatin Fix disclaimer implementation reducing forensic traces Improve HTTP interface implementing HEAD method Improve multisite login UI adding the domain name Fix implementation of password reset link Fix configuration for instance of question templates Update translations Bump npm dependencies to latest version Changes in version 3.11.27 - 2019-10-10 Fix typo preventing authentication on old migrated platforms Changes in version 3.11.26 - 2019-10-09 Apply minor bugfixing Update translations Changes in version 3.11.25 - 2019-10-08 Implement pagination for Comments and Messaging (#531) Apply text revisions thanks to the community support Revise UI of Custodian functionalities Update translations Changes in version 3.11.24 - 2019-10-07 Postpone application of EAT patch included in previous release Changes in version 3.11.23 - 2019-10-07 Simplify User model removing incomplete multi tenant support Update ER representation of the database schema Improve privacy of whistleblower identity by showing the widget collapsed by default (#2497) On the EAT project archive questionnaire answer considering every answer subject to stats Apply minor bugfixing Update translations Changes in version 3.11.22 - 2019-10-04 Combine password reset with 2fa Enable password reset in default configuration Apply minor bugfixing Changes in version 3.11.21 - 2019-10-02 Update translations Changes in version 3.11.20 - 2019-10-01 Make TLS intermediate certificate optional (fix) Changes in version 3.11.19 - 2019-09-30 Fix regression #2683 Changes in version 3.11.18 - 2019-09-27 Fix demo mode in relation to creation of admin account Apply minor style bugfixing Changes in version 3.11.17 - 2019-09-27 Improve UX for enforced password change Implement possibility to enforce two factor authentication (#2681) Ensure that on enforced password are not reused (#2614) Changes in version 3.11.16 - 2019-09-26 Add support drag and drop of files (#2063) Make TLS intermediate certificate optional Bump npm dependencies to latest stables versions Changes in version 3.11.15 - 2019-09-24 Fix javascript packaging path Changes in version 3.11.14 - 2019-09-23 Apply revisions to apparmor profile Changes in version 3.11.13 - 2019-09-23 Apply revision to apparmor profile Fix export of tip comments Apply mix fixes in relation to RTL layout Changes in version 3.11.12 - 2019-09-23 Fix CSS processing in relation to RTL and pre-existent configs (#2677) Changes in version 3.11.11 - 2019-09-22 Disable Twisted logging in H2Connection and HTTPChannel class Changes in version 3.11.10 - 2019-09-22 Set Debian Buster as main supported platform Changes in version 3.11.9 - 2019-09-22 Add packaging for Debian Buster (#2676) Changes in version 3.11.8 - 2019-09-21 Fix reversed check on HSTS preload header injection introduced in 3.11.4 Changes in version 3.11.7 - 2019-09-20 Apply minor bugfixing Update translations Changes in version 3.11.6 - 2019-09-19 Fix packaging issue of 3.11.5 in relation to bootstrap inclusion Changes in version 3.11.5 - 2019-09-19 Bump npm dependencies to latest stables versions Make it possible for the whistleblower to remove a file before upload completion (#2521) Add demo badge to inform users to not use the platform for real submissions Avoid user of browser navigation reducing browser evidences (#2668) Update translations Changes in version 3.11.4 - 2019-09-16 Fix defect in field triggers WBPA: Enable HTTPS preload Changes in version 3.11.3 - 2019-09-16 Fix regression #2675 Changes in version 3.11.2 - 2019-09-16 Fix regression #2673 Update translations Changes in version 3.11.1 - 2019-09-10 Fix serialization of question templates Apply minor UI fixes Changes in version 3.11.0 - 2019-09-09 Implement HTTP/2 Revise HTTPS implementation enabling only TLS1.3 andTLS1.2 with ECDH key exchange Revise Lets'Encrypt implementation requesting ECC certificates with curve prime256v1 Prioritize CHACHA20 on clients that don't have AES-NI (e.g., Android devices) Optimize TLS implementation enabling session resumption Implement TOTP 2FA based on RFC 6238 Implement HTTP Feature-Policy Header (#2667) Implement encryption of file uploads metadata (#2665) Implement recovery procedure for encryption feature (#2649) Bump Bootstrap to version 4 Update translations Changes in version 3.10.7 - 2019-08-19 Revise application packaging in relation to CSP rules Fix progress bar UI of file uploads Changes in version 3.10.7 - 2019-08-16 Improve retrocompatibility of Content Security Policy for browsers not supporting CSP3 Changes in version 3.10.6 - 2019-08-16 Implement Content Security Policy as by #1998 Add Strict Transport Security header removed since HTTPS refactoring Fix issue on HTTPS redirects causing LetsEncrypt renewal to fail Add migration fix for very old setups in relation to commit 238c0dc (#2661) Changes in version 3.10.5 - 2019-08-13 Revert regression causing migrations scripts to proceed even on failure Apply minor bugfixing Changes in version 3.10.4 - 2019-08-09 Apply minor bugfixing Changes in version 3.10.3 - 2019-08-01 Apply minor bugfixing Changes in version 3.10.2 - 2019-08-01 Apply minor UI fixes Changes in version 3.10.1 - 2019-07-31 Fix regression on mail notification added in 3.10.0 Changes in version 3.10.0 - 2019-07-31 Automatically delete platforms not activated within 24 hours (#2639) Implement database support and encryption primitives for Recovery Keys (#2649) Improve UI of Whistleblower Login (#1693) Implement database support for immutable submissions (#2581) Bump npm dependencies to latest stables versions Update translations Changes in version 3.9.15 - 2019-07-24 Fix failure on authentication added in 3.9.14 Changes in version 3.9.14 - 2019-07-23 Update translations Changes in version 3.9.13 - 2019-07-19 Disable Copy-Cut-Paste on signup user email confirmation (#2637) On signup ask the user email twice (#2637) Fix login issue on old migrated platforms Fix the gl-admin reset pass in relation to mixed Argon/Scrypt situations Changes in version 3.9.12 - 2019-07-11 Fix issues #2625, #2626, #2630 Improve UI in relation to issue #2627 Fix regression #2629 Make it possible to reset HTTPS configuration without disabling HTTPS Make it possible for users to reset their password also when simplified login is enabled When a platform is created with a mode different from default, delete the admin user Bump npm dependencies to latest stables versions Update translations Changes in version 3.9.11 - 2019-07-05 Revise fix for issue #2612 Changes in version 3.9.10 - 2019-07-05 Fix issue #2612 Changes in version 3.9.9 - 2019-07-03 Fix issues: #2591, #2611, #2613 Update translations Changes in version 3.9.8 - 2019-07-02 Fix compatibility with IE11 Fix visualization of whistleblower identity answers Rewrite letsencrypt renewal routines decoupling them from certificate issuance Fix issues #2608, 2610 Update Translations Bump npm dependencies to latest stables versions Changes in version 3.9.7 - 2019-06-19 Apply minor bugfixing Bump npm dependencies to latest stable versions Update translations Changes in version 3.9.6 - 2019-06-13 Fix issue #2584 Fix issue #2588 Open ToS URLs in a new tab with no-referrer policy Apply minor bugfixing Changes in version 3.9.5 - 2019-06-10 Change requirement for Tor Onion Services V3 to Tor Changes in version 3.9.4 - 2019-06-10 Apply minor bugfixing Changes in version 3.9.3 - 2019-06-10 Upgrade Tor Onion Services to version 3 (#2582) Disable HEAD requests Disable connection persistance Reorganize access log to be in Apache Combined Format Redact the identity answers from tip export when the visibility should be subject to custodian authorization Apply minor bugfixing Changes in version 3.9.2 - 2019-06-05 Apply minor bugfixing Update translations Changes in version 3.9.1 - 2019-06-05 Apply minor bugfixing Changes in version 3.9.0 - 2019-06-05 Implement URL redirects (#2575) Collect statistics about mobile/desktop users (#2207) Optimize language selector for Mobile users (#2574, #1780) Implement Ricochet panel (#2513) Prepare database for Audit Log (#2579) Improve resiliency of HTTPS component Fix reload of renewed Let'sEncrypt certificates Improve securization of HTTPS configuration Apply minor bugfixing Update translations Changes in version 3.8.6 - 2019-05-21 Apply minor bugfixing Updates translations Changes in version 3.8.5 - 2019-05-16 Apply minor bugfixing Changes in version 3.8.4 - 2019-05-14 Fix configuration of recipients triggers on selectbox options Apply minor bugfixing Changes in version 3.8.3 - 2019-05-10 Apply minor bugfixing Changes in version 3.8.2 - 2019-05-09 Add basic profile for EAT project (#2568) Apply minor bugfixing Changes in version 3.8.1 - 2019-05-08 Apply minor bugfixing Changes in version 3.8.0 - 2019-05-07 Make it possible to configure the node timezone (#2525) Implement questions of type DATERANGE (#2561) Make it possible to block the submission after the selection of an answer (#2565) Make it possible to show a message after the selection of an answer (#2564) Make it possible to configure an 'hint' for the options of type checkbox and selectbox (#2524) Fix authentication issues on python2 and Ubuntu Xenial Changes in version 3.7.4 - 2019-05-03 Apply minor bugfixing Changes in version 3.7.3 - 2019-05-03 Fix authentication issue introduced in 3.7.2 (#2563) Changes in version 3.7.2 - 2019-05-01 Apply minor bugfixing Add malagasy language (currently copy of French translation) Update translations Changes in version 3.7.1 - 2019-04-23 Apply minor bugfixing Changes in version 3.7.0 - 2019-04-23 Implement features: #2534, #2535, #2536, #2537 Prepare database support for #2523 and #2552 Preinitialize the logo of secondary tenants when the mode is 'default' Revise texts related to the receipt Hide MultiSite enabler from secondary tenants Make it possible to use the root site for administrative purposes only (#2559) Update ER representation of the database schema Make it possible to configure a field trigger as "Sufficient" Fix score reorganizing the total_score formula and moving ranking on the client Update translations Changes in version 3.6.46 - 2019-04-17 Fix visualization of submissions received before version 3.6.41 Changes in version 3.6.45 - 2019-04-16 Apply minor bugfixing Addressed issues: - - - - - Changes in version 3.6.44 - 2019-04-07 Make it possible to reset submissions (#2447) Revise error codes of /bin/globaleaks Add project description to publiccode.yml Changes in version 3.6.43 - 2019-04-04 Apply minor bugfixing Changes in version 3.6.42 - 2019-04-02 Update translations Apply minor bugfixing Changes in version 3.6.41 - 2019-04-01 Bump npm dependencies to latest stables versions Add Slovak translation Update translations In the install script correct the detection about installed globaleaks Revise tip page hiding steps and questions that are not triggered Make it possible to run the application as root needed in many containers Add users' username to admin users overview Fix setup of development environment in relation to client updates Restrict submissions and files visibility to recipients only Always re-open the disclaimer modal when opening the submission page Revise visibility of the mandatory-field warning Re-evaluate recipients at every question-answer update Fixes and improvements to publiccode.yml Update publiccode.yml Changes in version 3.6.40 - 2019-03-07 Fix minor issue in visualization of the latest db version Make it possible to configure score points of type multiplier (#2531) Changes in version 3.6.39 - 2019-03-06 Fix wb identity field in relation to refactor #2504 Changes in version 3.6.38 - 2019-03-05 Fix navigation of submission steps for conditional steps Changes in version 3.6.37 - 2019-03-04 Optimize Comfort Loader Fix status visualization in recipient tip interface Changes in version 3.6.36 - 2019-03-04 Fix client lint errors Changes in version 3.6.35 - 2019-03-04 Fix minor regression added in 3.6.32 Changes in version 3.6.34 - 2019-03-04 Fix validation of mandatory fields for last step (#2504) Changes in version 3.6.33 - 2019-03-03 Apply minor fix to 3.6.32 postponing patch to next db update Changes in version 3.6.32 - 2019-03-03 Reduce configuraton inheritance to the project Implement basic print for submissions Changes in version 3.6.31 - 2019-02-28 Revise fix for issue #2506 Changes in version 3.6.30 - 2019-02-26 Remove debugging output Changes in version 3.6.29 - 2019-02-25 Reimplement fixes included in 3.6.26 Changes in version 3.6.28 - 2019-02-24 Apply minor bugfixing Changes in version 3.6.27 - 2019-02-24 Apply minor bugfixing Changes in version 3.6.26 - 2019-02-24 Implement migration for change of name in submission state: open->opened Changes in version 3.6.25 - 2019-02-24 Revise fix for issue #2506 Update translations Changes in version 3.6.24 - 2019-02-21 Revise fix for issue #2506 Changes in version 3.6.23 - 2019-02-21 Revise fix for issue #2506 Changes in version 3.6.22 - 2019-02-20 Revise fix for issue #2506 Changes in version 3.6.21 - 2019-02-19 Revise fix for issue #2506 Changes in version 3.6.20 - 2019-02-19 Revise fix for issue #2506 Address issue #2515 Bump npm dependencies to latest stable versions Update translations Changes in version 3.6.19 - 2019-02-19 Revise fix for issue #2506 Changes in version 3.6.18 - 2019-02-17 Revise fix for issue #2506 Changes in version 3.6.17 - 2019-02-15 Fix issue #2506 Changes in version 3.6.16 - 2019-02-14 Fix clean deb install over an existing migrated /var/globaleaks Changes in version 3.6.15 - 2019-02-11 Fix issue #2514 Changes in version 3.6.14 - 2019-02-08 Fix visualization of questionnaire answers of type multichoice (fix necessary for the correct visualization of old submissions) Fix minor lint errors Changes in version 3.6.13 - 2019-02-08 Fix issue #2512 Fix possibility for the whistleblower to select its own recipients Changes in version 3.6.12 - 2019-02-07 Fix deactivation of conditional steps Fix gl-admin fixing the possibility to set boolean values During migrations drop Statistics for nodes using db version < 38 Remove unused configuration 'unselectable' of recipients Fix usage of variable recipient_configuration Hide inverted triggers configuration that are still not fully implemented Hide steps errors when the steps navigation interface is hidden By default show selectbox options in configuration-order Correct danish language native name (#2508) Fix whitelisted ip addresses configuration for recipients (#2507) Make it possible to read and backup the encryption key from the user preferences Extend GCE to make it possible to export and import an existing encryption key Bump npm dependencies to latest stable versions Add Galician translation Update translations Changes in version 3.6.11 - 2019-01-31 Fix possibility for administrators to issue user password reset Fix bug in the disabling of HTTP basic authentication Differentiate user sessions by tenant id Fix texts as for suggestion #2503 Update translations Changes in version 3.6.10 - 2019-01-29 Fix migration 45 in relation to duplicated whistleblowerfile names Changes in version 3.6.9 - 2019-01-29 Fix migration 46 in relation to duplicated whistleblowerfile names Changes in version 3.6.8 - 2019-01-28 Fix issue #2498 Changes in version 3.6.7 - 2019-01-24 Fix regression on 2FA Changes in version 3.6.6 - 2019-01-24 Fix issues on authentication when 2FA is disabled Reduce period of Cleaning and Certificate Check to be daily Downgrade angular to 1.7.5 to solve #2495 Changes in version 3.6.5 - 2019-01-19 Fix validation of required questions of type checkbox Bypass HTTPS restart when a new tenant is created Changes in version 3.6.4 - 2019-01-18 Fix typ0 preventing visualization of questionnair navigation interface with steps names changes in version 3.6.3 - 2019-01-17 Fix issue causing reset of internationalized texts on update Changes in version 3.6.2 - 2019-01-16 Revert transaction changes included in 3.6.0 that seems to cause instability Changes in version 3.6.1 - 2019-01-15 Fix initialization of Tor Hidden Service Fix clientside logic of the multitenant auth switch Changes in version 3.6.0 - 2019-01-13 Add IP filtering check to TokenAuthHandler (#1211) Address issue #2469 removing private IP information from the public API Implement notifications of custodian events (#1464) Implement Location question by using a Graphical Map Selector and TopoJSON (#1407) Make it possible to configure explicitly context as Enabled, Disabled, Hidden Make it possible to configure enabled context with 0 static recipients assigned Make it possible to dyniamically change recipients based on questionnaire answers (#2477) Extend Terms of Service field to make it possible to configure an attachment (#2478) Implement email based two factor authentication) (#2481) Create database support for tracking backups Refactor automatic on update backups to use the database Prepare routines for automatic jobs; functionality currently disabled that will be finalized with the possibility of automatically saving backups on a remote scp server (#528) Fix ORM integration in relation to concurrency and transactions where some submissions id were found to be dupliated. Refactor Config variables in order to track the date of their change Implement Docker scripts (experimental) Update npm dependencies to latest versions Update translations Changes in version 3.5.8 - 2018-11-29 Fix visualization of logo preview Changes in version 3.5.7 - 2018-11-29 Add missing template home.html Changes in version 3.5.6 - 2018-11-28 Fix file upload in relation to files bigger than 1MB Fix configuration of boolan attributes of fields (#2463) Changes in version 3.5.5 - 2018-11-21 Fix whistleblower authentication on systems with pynacl < 1.2 Enforce usage of pynacl >= 1.2 on Bionic and Stretch Changes in version 3.5.4 - 2018-11-19: Fix migration 45 in relation to existing whistleblower access Changes in version 3.5.3 - 2018-11-19: Fix file delivery job in relation to encryption for multiple users. Fix SNI in relation to py2/py3 compatibility on hostnames Update translations Changes in version 3.5.2 - 2018-11-15: Apply minor bugfixing Changes in version 3.5.1 - 2018-11-14: Apply minor bugfixing Changes in version 3.5.0 - 2018-11-14 Add implementation of Additinal Questionnaire feature (#1404) Implement access.log in Apache Combined Log Format (#2420) Stop globaleaks process during preinst script (#2443) Add crypto engine implementation (still not enabled) Prepare database for the enabling of encryption Update npm dependencies to latest versions Update translations Addressed issues: - - - Changes in version 3.4.1 - 2018-10-04 Revise configuration applied on Fix defect on initialization of onion services present in 3.4.0 Disable caching for admin.tenants handler Changes in version 3.4.0 - 2018-09-30 Revise foreign keys used in database schema Changes in version 3.3.16 - 2018-09-29 Revise configurations applied in mode Changes in version 3.3.15 - 2018-09-28 Revise X-Frame-Options policy Changes in version 3.3.14 - 2018-09-27 Improve usability of signup form Update translations Changes in version 3.3.13 - 2018-09-21 Start using Tor packages included in debian distributions Reduce application footprint removing OpenPGP.js library from the client Improve resiliency in relation to management of open file descriptors Adopt Codacy coverage as code coverage tracking service in place of Coveralls Rewrite ZipStream utilities enabling to read from open file descriptors Update translations Changes in version 3.3.12 - 2018-09-10 Implement explicit deny x-frame-options to prevent iframe inclusion Update npm dependencies to latest versions Update translations Changes in version 3.3.11 - 2018-08-25 Update npm dependencies to latest versions Update translations Changes in version 3.3.10 - 2018-08-24 Fix serialization of fields of very old submissions missing field.template_id Fix serialization of public resource Make it possible to specify the mode for new created tenants Changes in version 3.3.9 - 2018-08-23 Add CSS selectors to simplify customization of Tip and Tip list pages Apply set of UI simplifications folling review Update translations Changes in version 3.3.8 - 2018-08-22 Fix serialization of /public resource in secondary tenants Changes in version 3.3.7 - 2018-08-22 Implement redirects for urls without the hashtag (#2160) Reload Tor hidden services in case of failures on the Tor control port Update translations Changes in version 3.3.6 - 2018-08-18 Revise configuration presets for mode Update translations Changes in version 3.3.5 - 2018-08-16 Fix path for preferences template in forced_password_change page Fix python-acme dependency version (0.25.1) Changes in version 3.3.4 - 2018-08-15 Add sidebar to users' preferences pages Add dashboard for users and custodians (currently empty) Revise platform settings that a recipient/custodian can edit Revise configuration presets for mode Fix submission status deletion (#2389) Fix diplay of expiration date of HTTPS certificates Fix display of fingerprint of PGP keys Changes in version 3.3.3 - 2018-08-10 Add missing templates for refactored user homepage Changes in version 3.3.2 - 2018-08-09 Add a landing homepage for both recipient and custodian users Fix possibility of changing logo by recipient / custodian Update npm dependencies to latest versions Update translations Changes in version 3.3.1 - 2018-08-07 Apply py2/py3 compatibility fixes Changes in version 3.3.0 - 2018-08-06 Fix SSRF issue on HTTPS Proxy Disable Error Stacktrace on production enviroment Add Indonesian translation thanks to @LocalizationLab volunteers Update translations Changes in version 3.2.6 - 2018-07-31 Fix initialization of tenants at user signup Fix initialization of user passwords Changes in version 3.2.5 - 2018-07-30 Fix HTTPs certificates renewal Changes in version 3.2.4 - 2018-07-29 Fix reinitialization of missing tenant variables Make it possible to configure the default questionnaire Implement the first set of configurations for Fix duplication of questionnaires in relation to field triggers Fix serializations of users in relation to multitenancy Changes in version 3.2.3 - 2018-07-21 Apply minor bugfixing Addresses issues: - Changes in version 3.2.2 - 2018-07-19 Implement signup form for project Update protractor testin library to 3.4.0 Apply minor bugfixing Update translations Changes in version 3.2.1 - 2018-07-16 Apply minor bugfixing Changes in version 3.2.0 - 2018-07-16 Implement password reset feature (#113) Implement possibility for Users to change General Settings (#2273) Implement Submission states feature (#1416) Implement multitenant login interface (#2357) Implement simplified multisite login interface (#2360) Addressed issues: - - - - - - - Changes in version 3.1.10 - 2018-07-08 Bump python-acme to version 0.25.1 The updated is required to make HTTPS certificate renewal to work due to a breaking change in the LE protocol. Addressed issues: - - - Changes in version 3.1.9 - 2018-06-14 Apply minor bugfixing Changes in version 3.1.8 - 2018-06-11 Fix issue in migration of default questiont templates Changes in version 3.1.7 - 2018-06-05 Fix issues on multiple field triggers and change of their state Addresses issues: - Changes in version 3.1.6 - 2018-06-5 Fix py2/py3 compatibility issues Changes in version 3.1.5 - 2018-06-05 Fix py2/py3 issues in letsencrypt utilities Fix init script in relation to NETWORK_SANDBOXING startup Fix apparmor script for the multiple versions of python supported Addresses issues: - Changes in version 3.1.4 - 2018-06-01 Fix init script in relation to NETWORK_SANDBOXING startup Changes in version 3.1.3 - 2018-05-31 Fix regression in processing of file uploads Changes in version 3.1.2 - 2018-05-30 Fix issue on navigation of submissions steps Changes in version 3.1.1 - 2018-05-30 Add constraint on python-acme (>= 0.22) Changes in version 3.1.0 - 2018-05-29 Complete compatibility with Py3 while maintaining support for Py2 Complete packaging for Ubuntu Bionic Drop support to pip based distributions: trusty, wheezy, jessie Upgrade Letsencrypt to use APIv2 Implement database additions to support next round of features Implement optional IP filtering for authenticated users (1211) Implement possibility for users to change their visualized name (2271) Implement possibility for users to change their email address (2272) Make it possible to configure the same footer for all the tenants (2274) Add Danish translation thanks to voluqnteers support! Update translations Update npm dependencies to latest versions Addresses issues: - Changes in version 3.0.29 - 2018-05-07 Apply code revisions for compatibility with both py2 and py3 Changes in version 3.0.28 - 2018-05-04 Fix bug related to overlapping usernames (#2266) Changes in version 3.0.27 - 2018-04-24 Fix counters for files,messages,comments shown in the tip list Implement minimal self-contained SOCKS5 capability (#2243) Update npm dependencies to latest versions Changes in version 3.0.26 - 2018-04-19 Fix minor regression in exception notification Changes in version 3.0.25 - 2018-04-18 Fix migration of default fields attributes in relation to wb_identity Update translations Update npm dependencies to latest versions Addresses issues: - Changes in version 3.0.24 - 2018-04-12 o Fix regression on privacy badge visible also over Tor Changes in version 3.0.23 - 2018-04-11 o Fix static file handler in relation to broken cache o Fix packaging in relation to disclaimer.html template Changes in version 3.0.22 - 2018-04-09 o Fix packaging in relation to D3 library inclusion Changes in version 3.0.21 - 2018-04-09 o Fix regression preventing the application to start Changes in version 3.0.20 - 2018-04-09 o Implement first round of fixes for supporting Win32 o Implement admin notifications for users signup o Complete migrations necessary for implementing deferred foreign keys o Update translations o Bump npm dependencies to latest stables versions Addresses issues: - - - Changes in version 3.0.19 - 2018-04-04 o Update translations o Bump npm dependencies to latest stables versions Addresses issues: - - - Changes in version 3.0.18 - 2018-03-28 o Fix errors on validation of PGP key o Update translations o Bump npm dependencies to latest stables versions Addresses issues: - - - Changes in version 3.0.17 - 2018-03-22 o Fix update of whistleblower identity question Changes in version 3.0.16 - 2018-03-22 o Apply minor UI bugfixing o Prevent multitenancy regression that allow admin configuration of reused usernames o Update translations Addresses issues: - Changes in version 3.0.15 - 2018-03-21 o Apply minor bugfixing Changes in version 3.0.14 - 2018-03-21 o Fix regression in file uploads bigger than 1MB (#2226) o Improve UI of mandatory fields o Apply minor bugfixing o Update translations Addresses issues: - Changes in version 3.0.13 - 2018-03-18 o Apply minor bugfixing Addresses issues: - Changes in version 3.0.12 - 2018-03-15 o Apply minor bugfixing Addresses issues: - Changes in version 3.0.11 - 2018-03-12 o Fix migration 39 in relation to contexts and users images Changes in version 3.0.10 - 2018-03-12 o Apply minor bugfixing Changes in version 3.0.9 - 2018-03-12 o Apply minor bugfixing Addresses issues: - - Changes in version 3.0.8 - 2018-03-06 o Apply minor bugfixing Addresses issues: - Changes in version 3.0.7 - 2018-03-06 o Apply minor bugfixing o Update translations Addresses issues: - - - Changes in version 3.0.6 - 2018-03-01 o Apply minor bugfixing Addresses issues: - - Changes in version 3.0.5 - 2018-02-28 o Apply minor bugfixing Changes in version 3.0.4 - 2018-02-27 o Apply minor bugfixing Addresses issues: - Changes in version 3.0.3 - 2018-02-27 o Apply minor bugfixing Addresses issues: - - - Changes in version 3.0.2 - 2018-02-25 o Fix bug on empty notifications of PGP expiration Changes in version 3.0.1 - 2018-02-23 o Implelement Debian Stretch 8.10 packaging (#2071) o Add Finnish translation o Update translations Addresses issues: - - - - Changes in version 3.0.0 - 2018-02-22 o Implement multitenancy support enabling to create multiple globaleaks sites on a single server process o Apply database structure refactoring and optimization o Adopts SQLAlchemy ORM in place of STORM o Add preliminar support for PostgreSQL, MySQL, SQL Server 2016 o Automatic Backup of entire data directory before each upgrade o Reimplement migrations using SQLAlchemy to deprecate storm usage o Improve implementation of file upload reducing exposure for DoS attacks o Revise UI/UX for better usability and internationalization o Implement GZIP as an offline process at build time o Implementation of advanced Whistleblower Identity Management compliant with Italian Anticorruption Authority Specs ANAC) o Implementation of Custodian for Whistleblower Identities compliant with Italian Anticorruption Authority Specs ANAC o Add support for Valencian language o Imlement basic signup capability for demo purposes o Update translations Changes in version 2.72.31 - 2018-01-15 o Fix interface for providing the whistleblower identity after an initial fully anonymous submission Changes in version 2.72.30 - 2018-01-15 o Enable to configure the whistleblower identity as mandatory field Changes in version 2.72.29 - 2018-01-12 o Fix API for deletion of models images Changes in version 2.72.28 - 2018-01-10 o Apply UI fix to questions addition Changes in version 2.72.27 - 2017-12-23 o Fix whistleblower identity field serialization Changes in version 2.72.26 - 2017-12-21 o Fix whistleblower identity field visualization Changes in version 2.72.25 - 2017-12-15 o Improve resiliency of apparmor detection and startup o Apply minor UI bugfixing o Bump npm dependencies to latest stables versions Changes in version 2.72.24 - 2017-12-08 o Apply minor bugfixing Changes in version 2.72.23 - 2017-11-30 o Fix regression on nested questions Changes in version 2.72.22 - 2017-11-29 o Fix regression in postinst in relation to user creation Changes in version 2.72.21 - 2017-11-28 o Fix UI for fields deletion Changes in version 2.72.20 - 2017-11-18 o Fix regression on steps triggers serialization Changes in version 2.72.19 - 2017-11-12 o Fix regression on questions deletion (#2126) Changes in version 2.72.18 - 2017-11-09 o Fix issue #2123 Changes in version 2.72.17 - 2017-11-08 o Apply minor bugfixing to process shutdown o Fix API token functionality o Fix UI for visualizing recipients on tip interface o Fix migration script in relation to issue #2078 o Update translations o Bump npm dependencies to latest stables versions Changes in version 2.72.16 - 2017-11-01 o Fix UI for uploading images o Fix UI for visualizing recipients on tip interface o Update translations Changes in version 2.72.15 - 2017-10-30 o Fix detection of network sanboxing support currently reported as always missing o Reduce size of logo included inside the application o Fix alignment and margins in relation to RTL UI o Fix creation of title meta in relation to pages with empty title o Fix UI for enabled/disabled submission based on user connection (with/without tor) o Update translations Changes in version 2.72.14 - 2017-10-29 o Implement verification script for application data (1670) o Fix mail translation in relation to few templates o Update translations o Bump npm dependencies to latest stables versions Changes in version 2.72.13 - 2017-10-24 o Improve efficiency of delivery sched o Fix deletion of questionnaire questions o Fix captcha reload on challenge failures o Apply minor rewrites targeting at more code reuse o Update translations Changes in version 2.72.12 - 2017-10-17 o Enable to reach the ACME challenge bypassing HTTP Basic AUTH Changes in version 2.72.11 - 2017-10-16 o Fix UI regression on tip postpone introduced in 2.72.9 o Fix possible issue on Context.questionnaire_id migration Changes in version 2.72.10 - 2017-10-15 o Apply minor UI bugfixing Changes in version 2.72.9 - 2017-10-14 o Improve efficiency of delivery sched o Silence misleading errors in init script o Update translations Other closed tickets: - Changes in version 2.72.8 - 2017-10-11 o Clean interface for mail templates configuration o Implement notification about seen / not seen messages o Improve shutdown resiliency implementing an hard deadline (30 seconds) o Make it possible to visualize selectbox and checkbox of a specific field sorted alphabetically (#2100) Other closed tickets: - - Changes in version 2.72.7 - 2017-10-02 o Fix minor issue in init script Changes in version 2.72.6 - 2017-10-02 o Improve exception handling in scheduled jobs o Apply PEP style corrections o Apply texts revisions o Improve packaging of application state o Make it possible to disable admin notifications of exceptions o Make it possible to disable developers notifications of exceptions o Update client libraries o Update translations Other closed tickets: - - Changes in version 2.72.5 - 2017-09-23 o Fix Let'sEncrypt certificate renewal scheduler o Update translations Changes in version 2.72.4 - 2017-09-21 o Apply PEP8 compliant style changes discovered by Codacy o Extend field triggers to handle hierarchical fields #1727 o Fix caching of hidden service name o Fix shutdown handling in OnionService job o Optimize ReceiverTip database queries o Reorder some wizard logic and add license display to the wizard #1927 o Refactor handlers and models to improve error handling and uniformity o Update client libraries o Update translations Changes in version 2.72.3 - 2017-09-11 o Apply bugfixing to initialization Changes in version 2.72.2 - 2017-09-09 o Apply bugfixing to whistleblower identity feature UI o Remove usage of Storm Reference and ReferenceSet API Changes in version 2.72.1 - 2017-09-05 o Apply bugfixing of postinst script Changes in version 2.72.0 - 2017-08-27 o Add profile select logic to the wizard #2039 o Add "Select" buttons to PGP key UI elements #792 o Optimize image serialization for contexts and receivers o Improve exception mail spooling performance and robustness o Migrate the field, context and questionnaire tables removing key column o Apply bugfixing to HTTPS detection and warning #2067 o Apply improvments to UI texts thanks to @comradekingu o Apply minor SSL, logging and python packaging changes o Update translations o Update client dependencies Changes in version 2.71.3 - 2017-08-23 o Apply bugfixing to HTTPS detection and warning Changes in version 2.71.2 - 2017-08-18 o Apply bugfixing to HTTPS detection and warning Changes in version 2.71.1 - 2017-08-10 o Apply bugfixing to update detection feature o Apply bugfixing to HTTPS detection and warning Changes in version 2.71.0 - 2017-08-09 o Add an admin API token controllable from gl-admin #2032 o Add a dismissable HTTP usage warning to the frontend #2034 o Show the security awareness modal also on /submission #2037 o Check for platform updates and display update needed in admin UI #1493 o Allow paste into password fields #2028 o Freeze pyasn1_modules and chardet to python package requirements o Remove migration support for DB versions 15 to 19 o Fix include of questionnaires in admin/context o Fix frontend redirect during '$routeChangeError' events o Hardcode release public keys in the install script o Improve error handling in the install script o Apply minor UI and logging changes o Update translations Other closed tickets: - - - - - Changes in version 2.70.10 - 2017-07-24 o Implement caching on /admin resources o Add time tracking of database transactions #2017 o Implement reporting of install failures #2021 o Refactor the client for fetching REST resources on demand #2018 o At setup time print all the platform addresses on which the platform is reachable #2008 Other closed tickets: - - Changes in version 2.70.9 - 2017-07-18 o Implement caching in most of admin REST resources o Optimize query for tips list visualization o Fix calculation of handlers response time #1996 o Update translations Changes in version 2.70.8 - 2017-07-13 o Fix serialization of fields making use of triggers Changes in version 2.70.7 - 2017-07-12 o Fix Tor connections detections o Fix save of existing questions/questionnaire on update Changes in version 2.70.6 - 2017-07-11 o Apply apparmor profile fixes Changes in version 2.70.5 - 2017-07-11 o Fix init script in relation to gl-admin script update Changes in version 2.70.4 - 2017-07-11 o Fix Tor HS initialization and add checks for proper permissions Changes in version 2.70.3 - 2017-07-10 o Fix serialization of contexts and recipients images #1986 o Make it possible to load a custom (pre-existing) hidden service key #1993 o Add retries to HS Tor setup and improve debugging of failures #1994 o Fix upload of files with unknown file type #1999 o Update LICENSE #1975 #1980 o Update translations Changes in version 2.70.2 - 2017-07-02 o Set requirement for Tor package >= o Improve install script to fix common missing requirements and allow to be executed twice for updating an existing instance o Update translations Changes in version 2.70.1 - 2017-06-29 o Apply minor fix to python-acme mocks for python<2.7.9 Changes in version 2.70.0 - 2017-06-29 o Automate SSL certificate management with Let's Encrypt and python-acme #1546 o Use Tor ephemeral services and the control port with python-txtorcon #1909 o Adjust HTTPS and Tor redirect logic #1982 o Fix and allow first setup without iptables or apparmor support #1177 o Fix issue on serialization of Context and Recipients images #1986 o Updated client dependencies to latest versions Changes in version 2.67.9 - 2017-06-20 o Fix HTTPS and Tor redirect logic o Fix bug with and improve the testing of wbfile upload o Update client dependencies to latest versions o Adjust the submission interface's spacing o Minor changes to REST routing Changes in version 2.67.8 - 2017-06-15 o Fix check_roles configuration for exception handler Changes in version 2.67.7 - 2017-06-12 o Fix check_roles configuration for exception handler Changes in version 2.67.6 - 2017-06-09 o Reimplement minimal REST server removing cyclone dependency o Enforce authentication decorators to be loaded at startup on all REST handlers o Enforce cache decorator to be loaded at startup on all REST handlers o Optimize serialization of objects exposed via /public API o Apply minor style fixes on UI paddings and margins o Move database initialization after daemon startup Changes in version 2.67.5 - 2017-05-10 o Implement search based select box for contexts o Fix visualization of file upload errors showing just last error o Update NPM dependencies o Create search based select box for contexts Closed tickets: - - Changes in version 2.67.4 - 2017-04-12 o Inject Strict Transport Security header only HTTPS connections Changes in version 2.67.3 - 2017-04-10 o Update client dependencies to latest versions Changes in version 2.67.2 - 2017-04-01 o Fix e2e tests for HTTPS configuration o Update messaging and tor download link shown when javascript is disabled o Optimize loading reducing public API get Changes in version 2.67.1 - 2017-03-17 o Start (restart) apparmor upon globaleaks install Changes in version 2.67.0 - 2017-03-17 o Add Ubuntu Xenial 16.04 support o Add (readd) Bulgarian support thanks to volunteers translations Changes in version 2.66.1 - 2017-03-06 o Revise iptables detection inside init script Changes in version 2.66.0 - 2017-03-05 o Implement HTTPS configuration and support configurable via admin panel o Simplify network sandboxing rules and reduce custom vars in config file. Note that the platform now tries to reserve sockets for port 80 and 443 on public interfaces and relies on the iptables rules to drop traffic in cases where NETWORKING_SANDBOXING=1. o Update app armor rules to support sub processing o Implement sub processes pool for HTTPS proxys o Move gzip out of main process into HTTPS proxys o Employ timing independent check_password comparison #1904 o Add detection of tor clients via an exit relay IP check o Add admin statistics job timing panel o Fix an issue with admin image uploads o Fix minor ui issues and update frontend libraries o Update translations o Remove bower usage for front end dependencies Closed tickets: - - - - - - - - Changes in version 2.65.19 - 2017-02-07 o Set request size limit to 1MB (with server side cap at 2MB) Changes in version 2.65.18 - 2017-02-07 o Fix request size check in relation to encoding overhead Closed tickets: - - Changes in version 2.65.15 - 2017-01-30 o Limit requests size to 100kb o Fix collection of general admin statistics Closed tickets: - - - Changes in version 2.65.14 - 2017-01-23 o Fix migration script 33 in relation to expiration of the access by the whistleblower o Optimize favicon loading o Fix issue #1878 Closed tickets: - Changes in version 2.65.13 - 2017-01-18 o Fix time check for notification of expiring submissions o Apply minor UI fixes o Update translations Changes in version 2.65.12 - 2017-01-16 o Fix addition of new template for submission expiration summary o Apply minor UI fixes o Update translations Changes in version 2.65.11 - 2017-01-12 o Improve sitemap.xml listing hreflang alternatives o Implement single active session for user [1836] o Implement exception notifications for administrators o Implement summary for Tip expiration o Apply mixed RTL fixes o Update translations Closed tickets: - - - - - Changes in version 2.65.10 - 2016-12-13 o Apply minor fixes Changes in version 2.65.9 - 2016-12-08 o Packaging fixes o Solved bug preventing admin email to be sent o Update translations Changes in version 2.65.8 - 2016-12-06 o Packaging fixes Changes in version 2.65.7 - 2016-12-06 o Packaging fixes Changes in version 2.65.6 - 2016-12-06 o Packaging fixes Changes in version 2.65.5 - 2016-12-06 o Remove pyc files from packaging following Debian guidelines o Fix attributes of whistleblower identity fields o Update Dutch translation Changes in version 2.65.4 - 2016-11-29 o Fix minor UI defects o Replace recipient name with pseudonym in all the public APIs o Force description input for file uploaded by recipients o Add display of counters of whistleblower file downloads o Add constraint on unique names for file uploads by recipients o Update translations Changes in version 2.65.3 - 2016-11-24 o Apply revision of migration 35 o Add pylint checks to the CI tests Changes in version 2.65.2 - 2016-11-24 o Apply revision of migration 35 Changes in version 2.65.1 - 2016-11-24 o Apply revision of migration 35 Changes in version 2.65.0 - 2016-11-24 o Apply custom css and javascript file only to pages of the whistleblower o Implement file attachments from the recipient to the whistleblower o Enforce stricter ranges for tip access and expiration timeouts o Add "noopener" to increase privacy over new page opening o Bump npm dependencies to latest stables versions o Update translations o Add romanian 100% Closed tickets: - - - Changes in version 2.64.16 - 2016-11-06 o Apply mixed UI fixes o Update translations Changes in version 2.64.15 - 2016-11-06 o Apply mixed UI fixes Changes in version 2.64.14 - 2016-11-06 o Update ukrainian translation o Revise statistics scheduler period Changes in version 2.64.13 - 2016-11-04 o Fix packaging in relation to requirements Changes in version 2.64.12 - 2016-11-04 o Fix migration scripts in relation to unmodifiable strings o Update translations Changes in version 2.64.11 - 2016-10-31 o Fix migration 33 in relation to user images o Rewrite schedulers in order to run them inside threads o Remove ahmia descriptor, no more used Changes in version 2.64.10 - 2016-10-25 o Apply minior bugfixing Changes in version 2.64.9 - 2016-10-24 o Fix integration of Slovenian translation o Simplified job scheduling and monitoring Closed tickets: - Changes in version 2.64.8 - 2016-10-18 o Fix integration of Slovenian translation Changes in version 2.64.7 - 2016-10-16 o Fix feature for disabling encryption warnings o Install all zope packages at system level to fix import issue o Update translations o Add Slovenian (82%) Closed tickets: - - - - Changes in version 2.64.6 - 2016-10-04 o Fix responsiveness of the sticky footer on small-screen devices o Allow to set an unlimited retention policy o Add polish translation (63%) o Update translations Closed tickets: - - - - Changes in version 2.64.5 - 2016-09-26 o Apply minor bugfixing Changes in version 2.64.4 - 2016-09-26 o Fix issue on migration 34 (#1759) Closed tickets: - Changes in version 2.64.3 - 2016-09-25 o Update translations o Update npm and bower dependencies to latest stables versions. Changes in version 2.64.2 - 2016-09-23 o Complete implementation of migration in relation to removed languages. Closed tickets: - Changes in version 2.64.1 - 2016-09-20 o Fix migration script 34 in relation to removed languages Changes in version 2.64.0 - 2016-09-19 o Support updating customized translations o Support for schema-less configurations o Integrate usage of protractor-accessibility-plugin o Improve code coverage from 88% to 91% o Update translations Closed tickets: - - - - Changes in version 2.63.5 - 2016-09-09 o Fix migration script 33 in relation to field constraints Closed tickets: - Changes in version 2.63.4 - 2016-09-03 o Minor UI fixes o Add CHECK constraints to field table to improve data consistency. o Update translations Changes in version 2.63.3 - 2016-08-27 o Fix initialization of first contexts in relations to recipients selection. o Fix bug not allowing to complete submissions on nodes configured with PGP encryption. o Update npm and bower dependencies to latest stables versions. o Update translations Closed tickets: - - Changes in version 2.63.2 - 2016-08-11 o Fix migration 31 in relation to issue o Implement shrinkwrap of npm dependencies Closed tickets: - - Changes in version 2.63.1 - 2016-08-08 o Fix CSS of the sticky footer in relation to the presence/absence of user footer Changes in version 2.63.0 - 2016-08-08 o Subject receipt expiration to a timeout related to last access o Update unsupported browser warning to latest supported browsers o Add client PGP key validatioin by means of OpenPGP.js o Adopt standard sql syntax in compliance with sql-92 o Implement no-paste capability on password configurators o Allow configuration of the Tor Browser download link Closed tickets: - - - - - Changes in version 2.62.9 - 2016-07-25 o Force language detection to prefer url params o Add CSS extensions for customization o Allow newlines inside css elements - #WhistleblowerSubmitBoxHeader - #WhistleblowerLoginPrompt Closed tickets: - - Changes in version 2.62.8 - 2016-07-14 o Improve UI following Changes in version 2.62.7 - 2016-07-14 o Add missing Catalan json file to the package Changes in version 2.62.6 - 2016-07-14 o Update translations adding Catalan (80%) o Fix API cache reset upon fields update Changes in version 2.62.5 - 2016-07-10 o Refactor build script to enable build of the experimental release o Refactor install script to enable install the experimental release o Update translations adding Catalan (70%) Changes in version 2.62.4 - 2016-07-05 o Implement browser language detection o Fix migration script 31 causing loss of configured css and logo o Update client dependencies to latest stable versions The following is the comprehensive list of closed tickets: - - Changes in version 2.62.3 - 2016-06-29 o Fix generation of content of exception emails. Changes in version 2.62.2 - 2016-06-28 o Improve schedulers implementing resiliency checks and notification of failures o Fix possibility for wizard reset o Improve clientside detection of API failures o Remove grunt-line-remover, dependency no more used o Bump grunt to stable version 1.0.1 o Update translations Changes in version 2.62.1 - 2016-06-26 o Fix loading of logo image in relation to API change Changes in version 2.62.0 - 2016-06-24 o Reimplement the wizard as an atomi operation (#1692) o Reduce the type of fonts served by the application to 1 (woff) o Set autocomplete=off on relevant forms o Reimplement internationalization API allowing to override every text via the admin interface o Add possibility to configure a pseudonym in place of the real user name The following is the comprehensive list of closed tickets: - - - Changes in version 2.61.14 - 2016-06-07 o Fix issue #1681 o Fix issue #1687 o Fix issue #1688 o Fix issue #1689 The following is the comprehensive list of closed tickets: - - - - Changes in version 2.61.13 - 2016-05-23 o Fix issue #1675 o Fix issue #1678 o Implement unit testing for encrypted pgp files Changes in version 2.61.12 - 2016-05-23 o Fix issue #1672 Changes in version 2.61.11 - 2016-05-12 o Minor UI fixes o Update translations Changes in version 2.61.10 - 2016-05-11 o Add back TipExport until it will be completely reimplemented using browsercrypto. Changes in version 2.61.9 - 2016-05-11 o Fix init script in relation to feature #1663 Changes in version 2.61.8 - 2016-05-11 o Implement internationalization of the language selector o Implement internationalization of the datepicker interface o Reduce the round trips needed for the application bootstrap by implementing a unified API including all the required resources. o Deprecate the unsafe IE9 and IE10 and force support for browsers that support webcrypto API. o Remove a large number of dependencies no more needed: blob polyfill jquery zipsteam o Reimplement the proof of woork mechanism in order to use the webcrypto API. The following is the comprehensive list of closed tickets: - - - - - - Changes in version 2.61.7 - 2016-04-25 o Fix regression #1655 The following is the comprehensive list of closed tickets: - Changes in version 2.61.6 - 2016-04-24 o Fix exception scattering while configuring contexts Changes in version 2.61.5 - 2016-04-23 o Implement feature (#1426) The following is the comprehensive list of closed tickets: - Chages in version 2.61.4 - 2016-04-18 Fix streaming encryption of PGP files (#1643) The following is the comprehensive list of closed tickets: - Changes in version 2.61.3 - 2016-04-13 Fix regression on Context/Users deletion (#1633) Fix issues: #1637, #1639 o Add Chinese (Taiwan) translation (67%) o Remove Catalan support fallen below 50% :( The following is the comprehensive list of closed tickets: - - - - Changes in version 2.61.2 - 2016-04-09 o Fix loading of custom css Changes in version 2.61.1 - 2016-04-09 o Fix ulimit setting in init script Changes in version 2.61.0 - 2016-04-09 o Implement haveged as an additional source of entropy o Implement password meters through the zxcvbn library o Implement an export tip button on the tip list page o Implement HTTP Basic Authentication support to limit platform access during development o Implement a client side test for SMTP configuration o Implement List visualization for contexts o Implement Card visualization for contexts o Serve Context and Receivers images through the REST API reducing time and overhead loading external images o Implement experimental mlock capability in order to prevent the GL process from swapping RAM to disk o Implement support for limiting date questions with min and max date options o Implement support for recipients selectively opting in or opting out of submission notifications o Implement eslint in the continuous integration lifecycle o Refine RTL by using the bootstrap-inline-rtl library o Serve CSS and fonts via the /node REST API in order to reduce load time and address #1601 The following is the comprehensive list of closed tickets: - - - - - - - - - - - - - - - - - - - Changes in version 2.60.144 - 2016-03-14 o Fix regression on private messages o Fix visualization of the loader o Improve unit-testing of PGP scenario o Update translations The following is the comprehensive list of closed tickets: - - Changes in version 2.60.143 - 2016-02-27 o Solve recursion issue on field templates Changes in version 2.60.142 - 2016-02-26 o Remove migration support for db versions < 15 o Minor UI fixes Changes in version 2.60.141 - 2016-02-26 o Fix regression in proof of work present since 2.60.136 and affecting IE o Minor UI fixes Changes in version 2.60.140 - 2016-02-24 o Fix serialization of files in submission export o Minor UI fixes Changes in version 2.60.139 - 2016-02-23 o Implement autofocus on unfilled mandatory questions o Make possible configure questionnaires out of contexts and reuse them o Enable autovacuum support for sqlite o Prevent leakage of server timezone in zipfiles The following is the comprehensive list of closed tickets: - - Changes in version 2.60.138 - 2016-02-17 o Minor UI fixes o Add possibility to disable submission steps navigation bar o Enable score feature on checkboxes o Add autocomplete==off to relevant inputboxes Changes in version 2.60.137 - 2016-02-15 o Improve startup messaging o Wait migration script to complete before going to background Changes in version 2.60.136 - 2016-02-14 o Implement experimental score feature on selectbox and checkboxes o Implement experimental contitional questions/steps feature o Implement autologin controller for embedded receipts use case o Rewrite debian packaging of apparmor script Changes in version 2.60.135 - 2016-02-04 o Fix syntax error in apparmor script Changes in version 2.60.134 - 2016-02-04 o Adopt CodeClimate for monitoring of code quality o Improve packaging including libraries version following #1515 o Hide experimental features behind a advanced configuration enabler o Implement basic submission export by means of a zip file including questionnaire anwsers, eventual messages and files. o Update all javascript dependencies to latest stables The following is the comprehensive list of closed tickets: - - - - - Changes in version 2.60.133 - 2016-01-14 o UI fixes Changes in version 2.60.132 - 2016-01-13 o UI fixes Changes in version 2.60.131 - 2016-01-10 o Packaging fixes Changes in version 2.60.130 - 2015-01-06 o Minor bugfixing The following is the comprehensive list of closed tickets: - Changes in version 2.60.129 - 2015-12-26 o UI Fixes The following is the comprehensive list of closed tickets: - - Changes in version 2.60.128 - 2015-12-24 o UI Fixes The following is the comprehensive list of closed tickets: - - - - commit 8b33bfa813d5b0f15e90701b88432f8eed8fecf4 Author: evilaliv3 <> Date: Wed Dec 23 22:25:51 2015 +0100 Address issue #1540 commit 3d8524bc5170d5c75e021a11e6b4a139a46474e1 Author: evilaliv3 <> Date: Wed Dec 23 22:05:41 2015 +0100 Reimplement pending request animation addressing issue #1539 commit ad5fb2aa74a41d49ab11d433319d723287fdad0b Author: evilaliv3 <> Date: Tue Dec 22 15:24:26 2015 +0100 Simplify requirements checking and remove --upgrade from pip install command commit 6c8576fe3ca73efe2398e8d58b1ca1b17340339b Author: evilaliv3 <> Date: Tue Dec 22 01:58:14 2015 +0100 Implement issue #1469 Changes in version 2.60.127 - 2015-12-21 o Fix file upload regression Changes in version 2.60.126 - 2015-12-21 o Minor backend fixes The following is the comprehensive list of closed tickets: - Changes in version 2.60.125 - 2015-12-21 o UI Fixes o Refactor mail templating system and notification scheduler o Implement Short URL feature (#1527) The following is the comprehensive list of closed tickets: - - - - Changes in version 2.60.124 - 2015-12-14 o UI Fixes o Packaging fixes The following is the comprehensive list of closed tickets: - Changes in version 2.60.123 - 2015-12-11 o UI Fixes The following is the comprehensive list of closed tickets: - - Changes in version 2.60.122 - 2015-12-10 o Migration fixes The following is the comprehensive list of closed tickets: - Changes in version 2.60.121 - 2015-12-09 o Packaging fixes o UI Fixes The following is the comprehensive list of closed tickets: - - - - Changes in version 2.60.120 - 2015-12-03 o UI Fixes o Migration fixes Changes in version 2.60.119 - 2015-11-30 o UI Fixes Changes in version 2.60.118 - 2015-11-27 o UI Fixes o Update translations Changes in version 2.60.117 - 2015-11-25 o UI Fixes o Update translations Changes in version 2.60.116 - 2015-11-24 o Packaging fixes o Update translations Changes in version 2.60.115 - 2015-11-22 o Packaging fixes Changes in version 2.60.114 - 2015-11-21 o Implement Proof of Work based on the HashCash to improve protection from spam attacks o Implement secure wiping of files upon deletion o Integrate OpenPGP.js library o Integrate the scrypt-async library o Add possibility for admins to configure their PGP key for mail notifications o Add possibility for configuring the title of the main application pages o Split admin/user/custodian authentication from whistleblower authentication handler o Add possibility for enabling the whistleblower to comment/message/file upload on a later stage of the submission o Implement custodian of the whistleblower identities user o Modularize currently implemente admin API handlers o Implement hidden contexts and hidden submission urls o Improve fields validators and their UI o Improve detection of jobs malfunctions by monitoring their timing o Improve detection of client malfunction by implementing secure exception notification to the backend with encrypted notifications for administrators o Bugfix support for IE10 o Improve resiliency of migration script The following is the comprehensive list of closed tickets: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Changes in version 2.60.113 - 2015-10-22 o Minor UI fixes o Packaging fixes Changes in version 2.60.112 - 2015-09-26 o Improve unit testing Changes in version 2.60.111 - 2015-09-26 o Improve unit testing Changes in version 2.60.110 - 2015-09-19 o Improve unit testing o Update translations Changes in version 2.60.109 - 2015-09-16 o Minor bugfixing of UI and migration scripts Changes in version 2.60.108 - 2015-09-07 o Minor UI fixes Changes in version 2.60.107 - 2015-09-07 o Minor backend fixes o Minor UI fixes The following is the comprehensive list of closed tickets: - - - - - - - Changes in version 2.60.106 - 2015-09-06 o Minor backend fixes o Minor UI fixes The following is the comprehensive list of closed tickets: - - - - - Changes in version 2.60.105 - 2015-08-28 o DB migration fixes o Minor UI fixes The following is the comprehensive list of closed tickets: - - Changes in version 2.60.104 - 2015-08-27 o Minor UI fixes Changes in version 2.60.103 - 2015-08-26 o Minor UI fixes o Minor backend fixes The following is the comprehensive list of closed tickets: - Changes in version 2.60.102 - 2015-08-24 o Minor UI fixes The following is the comprehensive list of closed tickets: - Changes in version 2.60.101 - 2015-08-24 o Minor UI fixes o Improve error resiliency of file management with a retry mechanism o Add monitoring of Jobs time o Add monitoring of Handlers time o Add clientside exception notification o Implement multi entry fields o Implement horizontal fields ordering o Archive questionnaire datastructure on submit o Serialize questionnaire answers in structured relationl DB in order to allow search and statistics Changes in version 2.60.100 - 2015-08-13 o Minor UI fixes Changes in version 2.60.99 - 2015-08-04 o Minor backend fixes Changes in version 2.60.98 - 2015-08-03 o Minor UI fixes Changes in version 2.60.97 - 2015-08-03 o Improved Tip Page UI o Improved File Uploader UI o Minor UI fixes to submission interface The following is the comprehensive list of closed tickets: - - - - - - - - Changes in version 2.60.96 - 2015-07-30 o Minor UI fixes Changes in version 2.60.95 - 2015-07-30 o Minor UI fixes Changes in version 2.60.94 - 2015-07-28 o Minor UI fixes Changes in version 2.60.93 - 2015-07-28 o Minor UI fixes Changes in version 2.60.92 - 2015-07-28 o Minor UI fixes Changes in version 2.60.91 - 2015-07-18 o Minor UI fixes Changes in version 2.60.90 - 2015-07-17 o Minor UI fixes Changes in version 2.60.89 - 2015-07-15 o Minor UI fixes Changes in version 2.60.88 - 2015-07-15 o Minor backend fixes The following is the comprehensive list of closed tickets: - - Changes in version 2.60.87 - 2015-07-07 o Minor UI fixes Changes in version 2.60.86 - 2015-07-07 o Minor UI fixes Changes in version 2.60.85 - 2015-07-05 o Packaging fixes Changes in version 2.60.84 - 2015-07-05 o Fix Apparmor script adding missing allowed paths o Improve UX of Tip page and Tip List page o Remove JQuery dependency app size of ~10% The following is the comprehensive list of closed tickets: - Changes in version 2.60.83 - 2015-06-28 o Fix bug in file uploader due to parallel chunks o Revise Anti Disk Flood checks The following is the comprehensive list of closed tickets: - - - Changes in version 2.60.82 - 2015-06-22 o Improved UX for file uploads o Misc UI fixes o Update Translations The following is the comprehensive list of closed tickets: - - - - - - - Changes in version 2.60.81 - 2015-06-14 o Misc UI fixes o Update Translations Changes in version 2.60.80 - 2015-06-14 o Misc UI fixes Changes in version 2.60.79 - 2015-06-14 o Misc UI fixes o Update Translations Changes in version 2.60.78 - 2015-06-14 o Internationalization fixes Changes in version 2.60.77 - 2015-06-13 o Bump of AngulaJS to 1.3.16 o Important performance improval of tiplist page o General UI improval thanks to angular one-time-binding o Improve anti-flood protections and implement anomaly notifications o Implement simplified templating system The following is the comprehensive list of closed tickets: - - - - - - - - - - Changes in version 2.60.76 - 2015-06-10 o Minor UI fixes Changes in version 2.60.75 - 2015-06-09 o Minor UI fixes Changes in version 2.60.74 - 2015-05-30 o Minor UI fixes Changes in version 2.60.73 - 2015-05-28 o Packageing fixes Changes in version 2.60.72 - 2015-05-28 o Packageing fixes Changes in version 2.60.71 - 2015-05-27 o Minor UI fixes Changes in version 2.60.70 - 2015-05-25 o Packaging fixes o Improved cross-browser compatibility testing by means of Saucelabs integration with Protractor tests The following is the comprehensive list of closed tickets: - - - - - - - - Changes in version 2.60.69 - 2015-05-02 o Packaging fixes o RTL fixes Changes in version 2.60.68 - 2015-04-29 o Updated translations o Minor UI fixes The following is the comprehensive list of closed tickets: - - - - - - - Changes in version 2.60.67 - 2015-04-21 o Updated translations o Minor UI fixes Changes in version 2.60.66 - 2015-04-15 o Updated translations o Minor UI fixes Changes in version 2.60.65 - 2015-04-10 o Updated translations o Packaging fixes Changes in version 2.60.64 - 2015-04-09 o Revision of the entire application texts o Completion of included translations o Add translations for Albanian, Bulgarian, Bosnian, Welsh, Persian, Kurdish, Slovenian, Russian o Improved File Uploader by means of Flow.js o Implement Submission flood protection based on human Captchas o Improve anomaly detection and admin notification o Implement Tips expiration notification for Receivers o Disable SSL in favor of TLS on SMTP notifications o Minor UI Fixes o Apply bulk code and API cleanup The following is the comprehensive list of closed tickets: - - - - - - - - - - - - - - - - - - - - - Changes in version 2.60.63 - 2015-02-20 o Add Catalan (100%) o Minor UI fixes Changes in version 2.60.62 - 2015-02-16 o Fix a directory traversal issue introduced in 2.60.54 o Minor UI fixes Changes in version 2.60.61 - 2015-02-12 o Minor UI fixes Changes in version 2.60.60 - 2015-02-10 o Minor UI fixes Changes in version 2.60.59 - 2015-02-10 o Implement initial support for embeddably interfaces o Apply fixes for RTL internationalization o Minor UI fixes Changes in version 2.60.58 - 2015-02-04 o Fix validation of keys with no expiration set o Fix alignment of Urdu as RTL language o Improve resiliency of installation script Changes in version 2.60.57 - 2015-02-03 o Migration script fixes Changes in version 2.60.56 - 2015-02-03 o Added PGP expiration checks Changes in version 2.60.55 - 2015-01-29 o Minor UI fixes Changes in version 2.60.54 - 2015-01-28 o Fixed custom CSS flickering Changes in version 2.60.53 - 2015-01-26 o Minor UI fixes Changes in version 2.60.52 - 2015-01-23 o Minor UI fixes Changes in version 2.60.51 - 2015-01-22 o Various migration fixes o Minor UI fixes Changes in version 2.60.50 - 2015-01-21 o Enabled GZIP compression o Minor UI fixes Changes in version 2.60.49 - 2015-01-18 o Implemented file upload preview o Implemented simplified vertical submission template o Various Bugfixing Changes in version 2.60.48 - 2015-01-13 o Various Bugfixing Changes in version 2.60.47 - 2015-01-12 o Addressed Clientside Performance Issues o Added Finnish (75) Changes in version 2.60.46 - 2015-01-06 o Minor Bugfixing Changes in version 2.60.45 - 2014-12-30 o Added Hebrew (95%) o Minor Bugfixing Changes in version 2.60.44 - 2014-12-25 o Packaging Fixes Changes in version 2.60.43 - 2014-12-22 o Updated Translations Changes in version 2.60.42 - 2014-12-22 o Added support for Field Templates configuration o Added support for Context Steps configuration o Implemented caching for API o Added Support for Stats Tracking and Visualization o Properly packaged as debian package o Removed Pickles in favour of JSON data structures o Implemented basic scripts for ready-to-use globaleaks vagrant machines o Added support of Debian Jessie and Debian 7 o Added translation for: Japanese, Ukrainian The following is the comprehensive list of closed tickets: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Changes in version 2.60.22 - 2014-10-22 The following is the comprehensive list of closed tickets: - - - - - - - Changes in version 2.60.16 - 2014-09-25 This release includes the following new translations: Chinese, Greek, Latvian, Polish, Thai, Turkish The following is the comprehensive list of closed tickets: - - - - - - - - - - - - - - - - - - - - - - - Changes in version 2.60 - 2014-04-22 This release solve thes issues spotted by [LeastAuthority code audit: o implemented a JSON API for []( o o implemented a simplified first-setup wizard o added translations: Croatian (Croatia), Slovak, Norwegian Bokmål (Norway), Portuguese (Portugal), Swedish The following is the comprehensive list of closed tickets: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Changes in version 2.52 - 2014-01-24 The following is the comprehensive list of closed tickets: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Changes in version 2.30 - 2013-12-05 o added capability for configuring custom CSS from admin panel o added capability for configuring custom translations from admin panel o added capability for uploading/deleting custom files from admin panel o added capability for deleting submission and postponing their expiry time o UI for submission status page restyled to achieve better user experience o UI for submission tip list restyled to achieve better user experience The following is the comprehensive list of closed tickets: - - - - - - - Changes in version 2.29 - 2013-12-05 o updated to Angular 1.2.0, js codebase reduced (~700~ -> ~400k) o implemented UI to view/delete custom uploaded files. o added authentication over file download and collection download Changes in version 2.28 - 2013-11-05 o added new translations (Serbian, Serbian@latin, German Czech) The following is the comprehensive list of closed tickets: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Changes in version 2.26 - 2013-09-09 The following is the comprehensive list of closed tickets: - - Changes in version 2.25 - 2013-09-08 The following is the comprehensive list of closed tickets: - - Changes in version 2.24.15 - 2013-09-08 The following is the comprehensive list of closed tickets: - - - - Changes in version 2.24.13 - 2013-09-08 The following is the comprehensive list of closed tickets: - - - - - - - - Changes in version 2.24.10 - 2013-08-30 The following is the comprehensive list of closed tickets: - - - - - - - - - - - - Changes in version 2.24.9 - 2013-08-18 The following is the comprehensive list of closed tickets: - - - - - - - - Changes in version 2.24.3 - 2013-08-14 o updated translations The following is the comprehensive list of closed tickets: - - Changes in version 2.24.2 - 2013-08-11 o updated translations o Fix typo in download counter o restored exception email o implemented o fixed two minor elements (unit conversion, http error code) Changes in version - 2013-08-11 o Fixed bug in migrating users from 4-5 Changes in version - 2013-08-11 o Always replenish our RNG before we call it. Changes in version 2.24.1 - 2013-08-11 o Update Translations o Disable "Blow the whistle" button if the node does not support not anonymous submissions and we are not anon. o Disable submit button if not anonymous o implemeented pretty date where has been forgotten o Add some extra strings to be translated o After we fork we shall re-initialize the RNG. o fixed sessions bug, user table bug, and o Add script for resetting the GLBackend password o Fix bug in updating of User table. Changes in version 2.24.0 - 2013-08-11 o Disable "Add comment" button when no comment is present. o Fix typo o Stop using angular-cookies and just use jquery. o Move the setting of the rootScope whistleblower_id value up o Update Translations o Add support for handling Source Name and Source Email o grunt updateTranslations o Add some basic end to end tests o Disable file download button if the limit is reached o Fix visualization of receivers with long name. o fixed bug in previosu commits o fixed a wrong english sentence o In creation of a Context select all receivers by default o Properly visualize the multi select options o Fix some bugs in the submission form. o Add support for configuring from admin panel o Add support for having all receivers deselected by default o implemented issue o Update some buggy translations. Thnx alx o Make requests timeout after 30 seconds and stop displaying progress bar o Make sure the images in the receiver selection page are always reloaded o all unitTest fixed runnedgit status1 o review Form: format, opened o fixed unitTest in notification o fixed unitTest in sendmail o extended From: manipoulation with name and email fields o Fix the unittests related to last Context edits o Fix the unittests for authentication o implemented source_from in Notification o fixed migration bugs and implemented migration for o Serve end-to-end tests if debug mode enabled o fix to really catch all scattered exceptions o Initialize the mail templates to not include the date timestamp o o splitted ambiguous errors code, and fixed spare bugs o Make the unittests pass o Fix serving of decoy traffic generating widget. o Add support for having all receivers deselected by default o implemented issue Changes in version 2.23.13 - 2013-08-09 o Copy decoy to build dir o Move index.html to decoy.html o Move everything into the index.html file o Add support for accepting decoy traffic o fixed postrm script Changes in version - 2013-08-09 o removed some commands from postinst now overridden by dh_apparmor o added #DEBHELPER# token to debian preinst script o added #DEBHELPER# token to debian postinst and postrm scripts Changes in version - 2013-08-09 o Use the custom glclient build from /var/globaleaks/ o Add the glclient-build script to the scripts installed by o Add script to build custom glclient (imported from GlobaLeaks repo) Changes in version - 2013-08-09 o Make the Error become a warning. o Merge branch 'devel', remote-tracking branch 'origin' o fixed tranlation fallback in case of missing default language o added french language Changes in version 2.23.12 - 2013-07-27 o fixed two logs entry, and GPG stdout disabled, but helpful in future GPG optimization o fixed bug o fixed some issues introduced in commit o fix against latest merges o changed default of expiration key checks o completed and tested key expiration scheduler, part of o approached GPG expiration scheduled check o Fix apparmor recache on installation/upgrade o migration scripts fixes o fixed localization of context_name in admin tip overview o fixed test_gpg unit test o aligned migration script with o fixed some bugs related to PGP notifications and files encryption o fixed a bug present introduced by commit o fixed a bug spotted debugging issue o fixed mail notification (unicode values prevented exceptions notifications) o enabled Storm debugging (it was never been used up to now) o fixed checksum unitTest o fixed translation in receiver desc in tip o added apparmor rules for gpg o fixed permissions on /var/globaleaks/torhs o renamed db backup extension from .olddb to .bak o receipt regexp validation o updated default presentation value: Welcome to GlobaLeaks™ o fixed a bug related to the new node variable presentation o enhanced and refactored a core part of migration script: o supported encrypted file status and download: o implemented shm/ramdisk supports for GPG ops o fixed a localization bug in submission o extended DB, admin, UT and migration to supports default_lang o restored mail initialization with our defaults (errors and notification) o fixed unitTest for o o .travis.yml aligned to GlobaLeaks repository o globaleaks DB version 4 o fixed a bug in db conversion script o implemented GPG sanitization: o completed o corrected boolean acquire for PGP preferences o start refactor of GPG, now supported o completed exception things: o removed node email UI, added GPG pref in admin: o Update translations o Fix some bugs in the progress bar visualization o fixed a typ0 in translatable sentence o Improve the behavior of the Reciever and node logo file upload o o Make the submission steps translatable o Add support for picking the default language from the admin interface o Only display language selector if more than 1 language is available o Fix styling bugs introduced in previous commits o fixed PGP receiver preferences view o english sentence corrected o removed multipart encoding from form configuration o fixed a bug related to checkbox in receiver preferences o Fix bug in language selection switching o .travis.yml aligned to GlobaLeaks repository o fixed tor2web security settings configuration o Fix bug in language selection switching o fixed regexp_receipt (missing escape for backslash) o enhanced admin view for o completed Admin UI for o .travis.yml aligned to GlobaLeaks repository o modify starting page with o customization message o added the default value for receipt_regexp=[A-Z]{4}\+[0-9]{5} o restored GPG in GLClient: The following is the comprehensive list of closed tickets: - - - - - - - - Changes in version 2.23.11 - 2013-07-14 o fixed test_models and made timetolive test more reliable o restored globaleaks exception email o solved a couple of FIXME related timetolive o forgotten update 2 to 3 DB version module Changes in version 2.23.10 - 2013-07-13 o Backend translation support in GLClient: reload the page when language changes o Use the GL-Language header to keep track of current locale o added globaleaks favicon.ico and package aligned o unit tests fixed and aligned to latest localization changes o fixed some bugs related to localization updates o fixed some bugs related on fields validation o sanity check in l10 function o updated DB to version 3 (fields translation supports) o localization fixes o Outline algorithm for migrating form fields from OLD to NEW o Add method for logging exceptions o Bugfix in: o submission creation. o node serialization o creation of receivers o Set the key value to be the name of the field o Comment out the stuff related to setting tip and submission expiration configuration o Remove reference to system_default_lang() o Remove unneeded imports o Major refactoring on multi language support in backend o Use a smarter pattern for nesting values inside the lang code key o Uniform the arguments that transact decorated functions take and pass a default argument to them o Fix unittests to work with the new code o Refactor defaults to not have a hardcoded language o Add default_language to GLSetting o Add languages_enabled to GLSetting o Reference GLSetting.error_reporting_ o instead of using a hardcoded value o Place the sample submission fields in o o implemented acquire_localized text function o fixed a typo in mail template (%NoneName% -> %NodeName%) o implemented request o improved login/logout unit testing o debian/globaleaks.apparmor-profile corrected (added some needed capabilities) o fixed a bug related to apparmor and default sys.excepthook o Fix group permissions on /var/run/globaleaks back to globaleaks o Fields now handle GL-Language o Completed + all UT broken Changes in version 2.23.8 - 2013-07-08 o fixed permissions to /var/globaleaks/torhs Changes in version 2.23.7 - 2013-07-08 o various bugfix (421, 436, 425) o vietnamese language added Changes in version 2.23.4 - 2013-07-05 o pip packages naming and version fixes Changes in version 2.23.3 - 2013-07-05 o pip packages naming and version fixes Changes in version 2.23.2 - 2013-07-05 o fixed issues 390, 389, 398, 229, 86, 153, 396, 412, 298, 303, 396 o implemented a GLClient password suggestions both on admin admin and receivers o implemented a minimal GLBackend password validation o better implementation of HTTP Exception handling o fixed a bug related to keep-alive connections and protocol status variables. Changes in version 2.23.1 - 2013-06-30 o insert a timebuffer to avoid Travis false negative o Review of text strings o updateTranslations Changes in version 2.23 - 2013-06-28 o authentication credentials and tokens are no more written into log files; enhanced login accountability/debug lines ( o implemented scheduled session cleaner ( o removed Pillow: + added a tribute for all the journalists (due to pillow removal, receivers' pictures may not resize correctly) o fixed bug in database migration, when more versions are upgraded at once ( o Started support for configuring descriptive text, context related text and submission fields in multiple language ( o Do dh_apparmor before dh_install o completed db migration 0 to 2 (languages) o Debian package override Tor files is solved ( o Change version to be >= o added conditional check to avoid duplicate edits of apparmor local system_tor file o fixed unitTest with languages: [] o fixed session expiration: o fixed migration bug o fixed two bugs spotted in testing o Fix bug in context serialization. o Add script for generating error code handling in GLCLient o extended error communication with variable arguments o completed notification selection: o added storm >= 0.20 to requirements. removed strorm monkey patching related to "foreign keys" o removed from GLB relative date: o Added little explanation about what's is done by the script o removed libjpeg-dev from the dependencies list o removed Pillow: o o o Disable switching step when file upload is in progress. o status view, checksum display, updated o minor UI fixes o Refactoring of fileuploader o Implement cancel all uploads button o Don't change step while upload is in progress. o Move themes to themes script o Make the version of gettext be more flexible o Add marks for inserting glclient custom build styles o Using build keyword makes grunt a sad pig :( o Go for other route o Fix typo o Improve receipt acceptance page. Changes in version - 2013-06-24 o receiver view updated with AdvSett o solved critical security flaw in Receiver auth o updated init guide examples related to network sandboxing o apparmor and a globaleaks profile is now installed automagically o fixed UT and updated DB with 283 and notification/files o globaleaks/plugins/ o feat and test of o session expire (for admin, Receivers and Whistleblowers) when used after the default lifetime o enhanced unitTest helpers o Implemented migration system o better support for iptables ( o default init.d script variables values moved to /etc/default/globaleaks o added globaleaks.default file used during packaging and setupped as /etc/default/globaleaks o enhanced status checker o Continous integration with Travis improved o changed pip usage in package install procedure o added debian postinst test for /etc/apparmor.d/usr.sbin.tor existance o return code correct when quitting o updated .travis.yml with permissions corrections o clean the previous DB state o edited scripts to permit fine selection of branches/tags/commits o fixed/supported receiver notification preferences o Forcing headers: "Server:globaleaks", "X-Content-Type-Options:nosniff" o Forced header: "X-Download-Options:noopen" on Downloaded files o added some mitigation to information leakage on Browser/Proxy Cache o added mitigation to clickjacking attacks on iframes o implemented file/notification settings options o added conditional apparmor sandboxing based on a default config variable (currently set to disabled) o fixed the check to see if need to use a local glclient o init script fixed o extended -z option (devel mode) o updated with respect to actual master o updated requirements.txt o removed -shutil.rmtree(glclient_path) from o Fix globaleaks URL in notification o fixed title import bug: o fixed an exception triggered when an email fail o Update simplified and unified to GLClient o fixed apparmor profile for tor o corrected to include translations.js (temporary fix before minification) o corrected to include translations.js (temporary fix before minification) o updated hardcoded email/password used for development purpose o fixed credential + o fixed -j (cyclone debug) bug o two cmdline arguments separated: --devel-mode(false/true), --glc_path(none/path) o minor fix to output formatting o fixed a mistakeable naming o fixed bool import for receiver preferences o submission and tip in context, expect hours and days, no more seconds o finally fixed jsondump -j/--io o partial supports of advanced settings context+main o o works continue in receiver preferences o Fix configuration settings to work properly. o completed and cleaned context advaced settings o cleaned submission main o Make the templates a variable. o Add script that outputs javascript file of translations o add main controller to handle template loading o Add MD5 library. o improved and completed receiver prefs and delete/update key o enhanced Admin receiver interface with GPG I/O o Add support for language switching in GlobaLeaks UI. o Default to english language o Add built translation script o Add node-gettext as a development dependency o fixed view bugs and aligned new REST for admin o Revert "Add node-gettext as a development dependency" o added node-gettext 0.2.1 to grunt requirements o updated node-gettext requirement to version 0.2.11 o added .travis.yml equal to GLBackend one with minor adaptations) o fixed/supported receiver notification preferences o cleared GPG interface and fixed checkboxes behavior o supported mail subject modification by Admin o added translation of receiver prefs+GPG. o update localization o fixed two typos o dirty hack to make translations.js in index.html o fixed tor2web checkboxes for admin UI o corrected some url from /img/ to /images/ o enhanced Tor2Web UI o fixed Gruntfile o changed receiver preferences checkbox and resumed button o Fix translation generator to be a module o Delete deprecated python script for generating translations o Update Gruntfile to support extracting strings to localize o Fix some bugs in gruntfile o reverted a change of 12f4b66a0a8cd6fc057ed3d9f7d226a2c3973d19 o simplified and unified to GLBackend o Add functions for pushing and pulling source language file o Add support for fetching translations and importing them into GLClient o Improve gruntfile o Update all translation files with latest. o running successfully grunt makeTranslations o removed tag from UI, restored translation in advanced settings o integrated new advanced settings strings o Fix bug with travis. Changes in version - 2013-05-31 o updated SQL schema in order to supports advanced settings o update settings in order to keep default separated from runtime variables o updated serialization and REST to supports advanced settings o logging fixes o merged master & solved conflict o updated GLSettings.memory_copy and .defaults o updated notification table with Title template o minor fixes o updated models, SQL, admin, anon, REST on new vars o fixed unitTest with new UI vars supports o fixed submission_abuses o fixed UT in test_models o minor fixes in unitTest (jobs, notification, tip) o fixed a debian postinst bug related to python code compiling. o fixed a logical bug in tor2web update o unicode with 'true' 'false' accepted as bool o added apparmor configuration made by Anatole o updated init.d script by Anatole o added apparmor configuration o updated init.d script o added Tor apparmor o made silent python errors o restored default receipt regexp: o globaleaks version (packaging fixed) o show version of GL system in admin Content Setting o Fix bug in receiver selection and submission o Properly visualize also special text fields. o updated Receiver,Node and Context to supports advanced conf o Update bootstrap version o Set the receivers of the selected context before creating submission o Implement comfort loader in all HTTP requests o Style the comfort loader o Change loader to be a spinner. o Display information on the fact that a tip does not exist of has expired o fix #50 o Implement translation of texts support. o Add script for generating pot files Changes in version - 2013-05-24 o minor tweaking o fixed error reporting o public API receivers and contexts return only usable data o solved an exception triggered by exception notification. 'recursion: see recursion.' o updated tip REST to easily discern if WB or receiver has the data o made version reserved information o handled group/user/both specification o added info messages and clean exits for db related errors in reference to: o debian postinst updated to set correct home directory and shell for user globaleaks o Node logo reloaded runtime: o cleaned discrimination between WB and receiver identification in status page o solved slow loading wrong message: o submission do not make mistakes anymore about being configured or not, within Tor delay Changes in version - 2013-05-23 o minor tweaking o fixed inclusions in o added empty setup.cfg o trying to fix debian packaging o added support for notification errors logging (detected error + verbose traceback) o added an exception raise if db schema file is not accessible. this check is needed and does also avoid creation of empy db file o removed torrc from staticdata o fixed test_notification (added the sendmail_mock event argument) o removed torrc from files to be installed Changes in version - 2013-05-22 o added requirements.txt to o addedd versioning in exception mail o password strength checker: Changes in version - 2013-05-21 o fixed cleaning when internalfile.file_path equals a corresponding receiverfile.file_path. o some cleaning in file import, logs and verbosity o aligned with requirements.txt (the first now uses the latter) o notification fixes as per o fixed unitTest of hidden service format o new password asked twice for Admin and Receiver o notification fixes in reference to o solved a bug that prevented selection of contexts on submission page o fixed public site regexp: T2W suggested but not enforced Changes in version - 2013-05-17 o receiverfiles are now correctly marked as notified. o Fixed readme warning o Configuration check moved to GLB (as per o added tests for storm foreign keys support on delete on cascade. fixed some tests. o disable WAL that seems to not work over openvz (simfs) o moved to GLB the configuration check o a link to the login page is needed from the homepage o approached issue with ng-cloak o approached and cleanings Changes in version - 2013-05-15 o add glclient hash Changes in version - 2013-05-15 o removed a testing line Changes in version - 2013-05-15 o glbackend version is now written into and imported from other python scripts. o patch to zstorm to enable foreign keys and wal ( o ESMTP Errors are now logged using log.err() o minor safety corrections to debian postinst o Update home.html o Update privacybox.html o Delete cookies using $.removeCookie() Changes in version - 2013-05-15 o Fixed reciver-> receiver issue o Debug log more readable o Fixed bug in admin file upload o Fixed public site notification o Fixed unhandled exception ( o Fixed versions in, changelog and init Changes in version 0.2.0 - 2013-05-09 First release of GlobaLeaks 0.2 Alpha. o Whistleblowing - Secure submission of files and form fields - Whistleblower can log-in with Submission's Receipt at a later stage to add new material - Receivers get notification of new tip available and access them securely - Multiple Context support to collect Tips on different topic - Multiple and Selectable Receivers to let Whistleblower choose to who submit to o Security and Anonymity - Secure Linux Installation - Anonymous publishing communications over Tor Hidden Service with no ability to know Whistleblower's IP - Outbound communications anonymized trough Tor - Prevent leaks with strict network sandboxing - Strict data-retention policy with self-cleaning of submission data at expiry - Privacy enforced logging (no ip address or sensitive data) o Management - Web Administration interface over Tor Hidden Service - Add/Modify/Remove/Assign Multiple Context - Add/Modify/Remove Multiple Receiver - Configure Tor Hidden Service - User, System, Tip Overview to check operation status - Configure email account to be used for notification - Customize email notification templates o Misc - Distributed as a Debian package (Easier installation / maintenance) - Advanced configurations on settings file - Notification of receiver of new tip/comment via email - Whistleblower and Receivers can see all receiver's activity (access/download of tip) - Whistleblower can send submission to a specific receiver - Unhanded Stack exception are sent via email to Node Admin (as an automatic error reporting system) o Limitations - User interface need graphical improvements and usability review - User interface customization need to be improved to support "upgrade" without manual procedures - Interface is english language only (internationalization is upcoming in beta) - The maximum file size that can be uploaded is limited by the server RAM size (need optimization) - Not all the "Security Features" (described in Threat model) are still implemented (expected for Beta) - Email notifications and files are not PGP encrypted - Source code audit still not done (upcoming for beta) - Some settings have still to be tweaked modifying python file ( and not trough UI