Added
- Normal users can now be added with the add-admin.py bootstrap script
Changed
- SECURITY - Invite and Password Reset tokens have moved from using JWT to database-backed stateful tokens. These tokens expire after a defined period of time, as well as if the token is successfully used.
- Various styling improvements for authentication pages
Fixed
- SECURITY - Invite and Password Reset flows have been updated to include an intermediary step that prevents the secret tokens from leaking to 3rd parties via the Referer header.
- SECURITY - Email validation is much stricter now, through the use of python-email-validator. This fixes problems where emails like
test@test.com@test.comortest @test.comcould have been treated as valid emails, causing unexpected behaviors. - New users are explicitly created with "is_admin" set to false, instead of the previous "None" that they would get in certain flows.
- The nginx deployment script now correctly recommends placing all logs in the same folder, instead of
/var/log/nginx/natlasand/var/log/nginx/natlas.io. - Fixed erroneous help string in search help modal that was a holdover from v0.5.x.
Removed
- Removed an unused css load from adobe for the NATLAS logo font. We previously settled on using the image, but had forgotten to remove the font stylesheet include.