This release is built on the https://github.com/uselagoon/lagoon-images/releases/tag/21.9.0 images
Security Advisories
There were two security advisories resolved as part of this release
-
Lagoon audit logs expose bearer tokens for transactions
The audit logs in the lagoon-logs message exchange contained the bearer tokens used to authenticate actions undertaken. In this release, the logging output to this exchange has been sanitised to remove these tokens, and also any private keys -
Credentials stored in lagoon API environment variables exposed in logs
A couple of the stages undertaken in a Lagoon Build could output the contents of Lagoon variables into the build logs, where they are visible to anyone with view access. In this release, these stages now no longer print these variables into the logs. Thanks to @mxr576 for the responsible disclosure.
Please refer to https://github.com/uselagoon/lagoon/blob/main/SECURITY.md for more information on how to responsibly disclose potential security issues.
Other Changes in this release
Custom Backup and Restore location support (#2820) allows projects to define their own S3-compatible buckets for backups and restores - please make sure to read the documentation - as there are some caveats!
Lagoon UI customisation (#2843) allows users to customise how many results are returned in the UI - previously this was limited to 25, but can now be controlled by the user.
Changelog
- Add update_openshift_varchar_length procedure to migration script @shreddedbacon (#2840)
- correctly fix permissions for my_query-cache.cnf @Schnitzel (#2822)
- update project fact filter to query 'like' instead of 'equal to' value @timclifford (#2834)
- Custom Backup and Restore Location Support @cdchris12 (#2820)
- Add a message for truncated results in the UI and allow users to select displayed number @shreddedbacon (#2843)
- Allow pseudo-random cronjobs to schedule on minute 59, and hour 23. @seanhamlin (#2833)
- Upgrade fluentd and enforce Opensearch compatibility in logs-concentrator @smlx (#2821)
- Improve logs-tee performance and documentation @smlx (#2818)
Documentation
- mutation typo @timclifford (#2814)
- Add drupal/purge to suggested Composer command @mglaman (#2849)
Local development and Testing
- Changed tasks retry logic and refresh token permissions @bomoko (#2828)
- reenable SKIP_IMAGE_PUBLISH routine @tobybellwood (#2839)
- Reduce test parallelisation, and increase log debuggability @tobybellwood (#2825)
- add docker_pull routine to makefile @tobybellwood (#2824)
Full Changelog: v2.0.0-rc.9...v2.0.0