Skip to content

4.6.0.14

Choose a tag to compare

View all tags
@cccs-nr cccs-nr released this 18 Sep 15:11
· 70 commits to master since this release
v4.6.0.stable14
1116f46
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

What's Changed?

This release introduces new components, improved navigation and search handling, workflow validation, and important bug fixes.

  • Time range selection: The new DateTimeRangePicker lets users on Alerts and Error Viewer pages define precise time ranges instead of relying on manual filters.
  • Hash tagging: Hashes like sha256 are now consistently tagged in code snippets, making it easier to investigate suspicious strings across different pages.
  • Search state handling: Users can now navigate back and forth without losing search parameters that aren’t shown in the URL (e.g., current page position).
  • Better contrast visibility: Quota indicators on the Account page and values in Badlist and Safelist pages now use higher-contrast colors, making them clearer and easier to read.
  • Image display: The Borealis Image Fetcher now enforces proper image sizing on detail pages (Alerts, Submissions, Reports), fixing stretched or misaligned images.
  • Workflows page:
    • The workflow query input now supports multi-line editing and automatically grows with content, making long queries easier to read and edit.
    • Queries are validated by the backend before being saved, preventing invalid workflows and reducing errors later on.
  • Service validation: Entering a non-existent service name now clearly returns a 404 Not Found instead of crashing with a 500 Internal Server Error. #360
  • File submissions: Uploaded files now keep their provided filenames (e.g., "./filename.pdf"), preserving the original format from CLI or scripts.
  • SAML authentication: Logins are now more reliable, with replay protection kept intact while removing unnecessary session requirements. #365
  • User data persistence: Fixed an issue that prevented some user data from saving correctly. Updates now persist as expected.
  • Service Updaters support automatic unpacking of tar.gz files for Source Updates

Added

  • ForbiddenRedirect: New <ForbiddenRedirect /> wrapper component that automatically redirects users to the Forbidden page if they lack privileges. This avoids the need for individual pages to implement their own guards.
  • DateTimeRangePicker: A new component for selecting time ranges, used in Alerts and Error Viewer pages, providing more precise control.
  • Hash tagging: Introduced a dedicated tag for code snippet hashes. Ensures consistency with other data models by providing a clear mapping of sha256 to suspicious strings.

Changed

  • Search Params Provider:
    • Now leverages location.state alongside location.search and local state.
    • Improves navigation history by restoring previous search states, even for parameters not shown in the URL.
  • User Page (API quota): Updated color scheme of API quota properties from muted/disabled to secondary colors for better visibility.
  • Borealis Fetcher: Fixed image sizing across Alerts Detail, Submission Detail and Report pages.
  • Workflows page:
    • Migrated to use the new useAPIQuery hook (replacing apiCall).
    • TextAreaInput now supports minRows and maxRows; applied to the Workflow Detail query input for better multi-line display.
    • Added backend validation for workflow queries — waits for validation before confirming input format.
    • Add automatic unpacking of tar.gz files for Source Updates

Fixed

  • Service validation: get-service and other service endpoints now properly validate service names before updating configs. #360
    • Prevents 500 Internal Server Error responses and instead returns the expected 404 Not Found when a service does not exist.
  • File submission: Explicitly provided filenames (e.g., "./filename.pdf") now retain their original format rather than stripping the ./ prefix.
  • SAML authentication: #365
    • ACS no longer requires a AuthNRequestID session variable to succeed.
    • Now uses the last message ID from ACS (auth.get_last_message_id()) to generate saml_token_id, preserving replay protection.
  • User data persistence: Fixed bug preventing user data from saving correctly.

Dependencies

  • Borealis UI → v0.14.3 (from v0.14.0)
    • Updated and pinned markdown-related dependencies.
    • Fixed classification usage in useAnnotations.
    • Fixed bulkUpsert error with proper test coverage.
  • Vite → 6.3.6 (from 6.3.4)
    • Fixed server.fs settings not applying to HTML files.
    • Fixed middleware serving incorrect public files with overlapping names.
Assets 2
Loading