mwdb-core 2.9.0

v2.9.0

on Python PyPI

This release includes huge database migrations made for query optimization, which includes rewriting of object permission tables. Database backup is highly recommended before upgrade.

Also there is a long changelog ahead, so please read information about most important changes in What's changed section before upgrade.

Major changes:

• Huge improvements in Web part which includes:
  • Beautified login/registration pages (#726)
  • Usage of Vite and Rollup for building instead of Create React App and Webpack (#741). If you have in-house plugins, read the What's changed section in documentation.
  • Rewrite to TypeScript (#807, kudos @postrowinski!)
  • Closable error messages (#763)
• Search should be much much faster because of these changes:
  • Counting of all results before applying actual query is optional and disabled by default as it has huge impact on performance (#718)
  • When user has access_all_objects capability, exclusive object permissions are not even considered in query (#783). It also means that access_all_objects really gives access to all
    objects in system (it's not "autosharing" of all added objects as before), so everything group is effectively useless and is not created by default.
• Changes in shares representation, so it's more clear who is the actual uploader of the sample. It's better described here (#717)
• certpl/mwdb Docker image uses gunicorn instead of uwsgi, as uwsgi project was mostly abandoned (#735)
• v2.9.0 comes with additional small feature that enables you to ask your users for consent to share samples with 3rd party services (#801)
• Karton is bumped to v5.1.0 and its producer shows in services tab in Karton Dashboard
• Object listing endpoints are accepting count parameter, so you can load them in chunks bigger than 10 (#755)

Minor changes and improvements:

• Dedicated group is created for each OpenID Connect provider (#668)
• ssdeep is replaced with pure-Python implementation - ppdeep (#692)
• sharing_objects capability was renamed to sharing_with_all which better describes its real meaning (#696)
• Backslashes are better handled in configuration search (#690)
• Rich attributes: field can be rendered as search link using special {{@value}} syntax (#628)
• Sample preview downloads sample in obfuscated form (with negated bits) to not trigger EDR/AV solutions (#721, thanks @middleware99!)
• Added access_uploader_info capability to make users able to search for uploaders from the outside of our groups without giving powerful sharing_with_all capability (#705)
• Rich preview in AttributeAddModal (#724)
• Handle 'misc:' as a proper tag (#742, thanks @jasperla!)
• OAuth logout, so you can easily logout yourself from OAuth provider e.g. to switch accounts (#732)
• Configurable upload size (#756)
• Critical error in Web shows JS stack information (#790)
• Capabilities can be changed also in User/Group view instead of only Access control page (#770)
• User is warned in Relations tab when number of relations exceeds 1000 (#791)
• use_x_forwarded_for option in configuration to respect X-Forwarded-For header, enabled by default in Docker images (#845)

Bugfixes:

• NetworkError exceptions in Web are a bit better handled and they shouldn't crash whole application so often (#846)
• OpenID Connect: fixed provider registration (4e015b6, thanks @v-rzh!)

Special thanks to @yankovs for tracking some regressions during development!

And finally thanks to development team that worked on this release: @KWMORALE, @Repumba, @postrowinski, @olivergav, @nazywam.

Hopefully we'll be publishing stable releases a bit more often so the changelogs won't be that long 🥲