Skip to content

Release v0.2.0

Latest
Latest

Choose a tag to compare

View all tags
@github-actions github-actions released this 20 May 13:59
· 1061 commits to develop since this release
v0.2.0
067c329
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

What's Changed

🧹 Chores

  • chore(deps): bump urllib3 from 2.6.3 to 2.7.0 in /trust/trust-api by @dependabot[bot] in #470
  • chore(deps): bump urllib3 from 2.6.3 to 2.7.0 in /trust/imaging-api by @dependabot[bot] in #469

Other Changes

  • docs: fix outdated documentation, Makefile bug, and docstring mismatches by @atriaybagur in #230
  • fix: resolve dependabot security alerts (h11, Pygments, lodash, aws-sdk) by @garciadias in #240
  • fix: replace echo -e with printf for macOS compatibility by @atriaybagur in #244
  • refactor trust <> central hub communication to outbound-only by @atriaybagur in #192
  • Remove AWS secrets write access from EC2 IAM role (keep read) by @atriaybagur in #243
  • Develop by @atriaybagur in #245
  • Add least privilege permissions to GitHub Actions workflows by @atriaybagur in #246
  • Develop by @atriaybagur in #247
  • Consolidate model status update logic into private service by @atriaybagur in #236
  • migrate ec2 instances to private subnets by @atriaybagur in #251
  • docs: fix README/docstring drift surfaced by weekly audit by @atriaybagur in #254
  • Security Fix: alert-143-axios by @garciadias in #264
  • Security Fix: alert-141-axios by @garciadias in #261
  • Security Fix: alert-132-vite by @garciadias in #256
  • Security Fix: alert-130-vite by @garciadias in #258
  • Security Fix: alert-131-vite by @garciadias in #257
  • Security Fix: alert-135-vite by @garciadias in #255
  • Security Fix: alert-55-esbuild by @garciadias in #266
  • 224 ssh over ssm suggestions by @atriaybagur in #267
  • Security Fix: alert-136-cryptography by @garciadias in #259
  • Security Fix: alert-137-cryptography by @garciadias in #260
  • Security Fix: alert-142-cryptography by @garciadias in #263
  • Security Fix: alert-66-aws-sdk by @garciadias in #265
  • Security Fix: alert-144-pytest by @garciadias in #271
  • Security Fix: alert-147-pytest by @garciadias in #274
  • Security Fix: alert-145-pytest by @garciadias in #272
  • Security Fix: alert-146-pytest by @garciadias in #273
  • Security Fix: alert-139-cryptography by @garciadias in #262
  • Develop by @atriaybagur in #270
  • fix: resolve Dependabot security vulnerabilities by @garciadias in #275
  • Add TRE deployment guide documentation by @atriaybagur in #204
  • Remove leftover create_backend.sh at old path by @atriaybagur in #277
  • fix: remove esbuild dependency to resolve UI breakage by @atriaybagur in #284
  • Develop by @atriaybagur in #285
  • 279 bug no email title in light mode by @atriaybagur in #280
  • docs: drop reference to deleted MIGRATION_SSH_TO_SSM.md by @garciadias in #289
  • feat(infra): replace SSH with SSM Session Manager for secure remote access by @garciadias in #253
  • feat(infra): add AWS dev Terraform stack for Cognito/SES by @atriaybagur in #276
  • fix(ui): stabilize Vite 8 Docker startup in dev by @garciadias in #295
  • fix(ui): upgrade vite to 7.x by @atriaybagur in #286
  • fix(security): remediate code scanning alerts — script injection (CWE-78) and path traversal (CWE-22/23) by @garciadias in #278
  • Host flip-ui on S3 + CloudFront by @atriaybagur in #291
  • docs: update outdated PostgreSQL versions and fix missing type annotations by @atriaybagur in #292
  • Add comprehensive docstrings to functions across codebase by @atriaybagur in #299
  • 182 feature deploy flower federation to aws by @atriaybagur in #186
  • Fix branch validation workflow to handle PR target changes by @atriaybagur in #252
  • refactor(deploy): derive FL_PROVISIONED_DIR from FL_BACKEND by @atriaybagur in #303
  • Remove development target from flip-ui Docker build by @atriaybagur in #304
  • fix(deploy): pin omop-db production image to :latest by @atriaybagur in #305
  • fix(cohort): return 202 while cohort query is pending, 404 only when unknown by @atriaybagur in #306
  • docs: add security vulnerability disclosure workflow guide by @atriaybagur in #311
  • Consolidate codecov configuration and add license header by @atriaybagur in #310
  • fix(local-trust): create /opt/flip/xnat/xnat-db-data during provisioning by @atriaybagur in #307
  • Develop by @atriaybagur in #312
  • fix(data-access-api): parameterize cohort SQL queries (P1-02) by @atriaybagur in #298
  • fix(xnat): make configure-xnat.sh idempotent on re-runs by @atriaybagur in #308
  • feat(trust): local-trust coexists with dev trust1/trust2 on one host by @atriaybagur in #309
  • Split FLIP_API_INTERNAL_URL for hub-internal fl-server calls by @atriaybagur in #317
  • docs: fix broken README links and align Makefile/port tables with code by @atriaybagur in #322
  • fix(imaging-api): distinguish local-storage failures from XNAT 404s by @atriaybagur in #318
  • chore(data-access-api): bump version to 0.1.1 by @garciadias in #323
  • chore(release): merge develop to main by @garciadias in #324
  • chore: optimise Claude Code configuration for token efficiency by @garciadias in #338
  • Automate Orthanc mock data management with versioning by @atriaybagur in #348
  • Add TOTP-based multi-factor authentication (MFA) support by @atriaybagur in #269
  • Optimize config.json polling to prevent unnecessary re-fetches by @atriaybagur in #313
  • feat(connection-status): expose fl_backend in net status response by @atriaybagur in #320
  • refactor(trust): consolidate ORTHANC_STORAGE into ORTHANC_STORAGE_DIR by @atriaybagur in #325
  • Add authorization check to process-scanned-file endpoint (P1-04) by @atriaybagur in #327
  • Improve logging privacy in access request handler (P2-06) by @atriaybagur in #336
  • Add access control to file retrieval endpoints (P1-05) by @atriaybagur in #332
  • docs: improve environment variable documentation and security (P2-08) by @atriaybagur in #339
  • fix(flip-ui): remove v-html XSS sinks from AiAlert and AiConfirmModal (P2-05) by @atriaybagur in #337
  • chore(deps): bump python-multipart to >=0.0.26 (CVE fix) by @atriaybagur in #347
  • fix: bump fast-xml-parser to >=5.7.0 (XMLBuilder injection) by @atriaybagur in #354
  • Fail fast on missing Cognito environment variables by @atriaybagur in #314
  • fix(auth): validate iss and aud/client_id on Cognito JWTs (P2-01) by @atriaybagur in #343
  • fix: override placeholder AES_KEY_BASE64 in trust test conftests by @atriaybagur in #351
  • Refactor database session calls to use SQLModel exec() for SELECT statements by @atriaybagur in #371
  • Fix broken UI lint: Migrate to ESLint flat config and apply formatting rules by @atriaybagur in #341
  • Improve user role update feedback with async/await and success message by @atriaybagur in #363
  • chore(deps): upgrade python-dotenv to 1.2.2 by @atriaybagur in #352
  • Upgrade uuid dependency from v8 to v14 by @atriaybagur in #353
  • Implement least-privilege IAM policies and S3 security hardening (P2-02) by @atriaybagur in #331
  • Scope imaging-api cohort fetch to accession_id only (P1-01) by @atriaybagur in #362
  • Revive Cypress E2E test suite with CI integration by @atriaybagur in #372
  • chore(iam): scope Trust EC2 instance role to least privilege (P1-08) by @atriaybagur in #335
  • ci: bump checkout/setup-node/codecov-action off Node.js 20 by @atriaybagur in #375
  • Replace CORS wildcard with Cognito-derived allowlist (P1-06) by @atriaybagur in #334
  • Fix issue #358: Separate project creation from admin management permissions by @atriaybagur in #359
  • fix(security): remediate CWE-22 zip slip — use individual extract() per member (py/zipslip) by @garciadias in #357
  • Add environment-based RDS hardening for production deployments (P2-03) by @atriaybagur in #355
  • Add DICOM anonymization script validation tests (P2-07) by @atriaybagur in #346
  • Add Flower app walkthrough documentation for FLIP integration by @atriaybagur in #315
  • Add trust-internal service authentication (P1-01, P1-03) by @atriaybagur in #333
  • Clarify test placement rules and remove non-integration tests (A1) by @atriaybagur in #405
  • Develop by @atriaybagur in #404
  • Add trust integration test scaffolds by @alceops in #395
  • test(flip-api): real-Postgres integration tests via Testcontainers (B1, #367) by @atriaybagur in #406
  • test(flip-api): real-Postgres integration test suite via Testcontainers by @atriaybagur in #407
  • feat(infra): ECS foundation for Central Hub migration (PR 1/3) by @garciadias in #401
  • test(flip-api): moto-backed S3, Cognito and SES integration tests (B2) by @atriaybagur in #411
  • Add GitHub issue reference to CSP policy comment by @atriaybagur in #418
  • docs: trust-internal service keys, ECS migration foundation, AWS troubleshooting by @atriaybagur in #414
  • feat(flip-api): allow Researcher project members to contribute their own models by @atriaybagur in #413
  • test(trust): real-stack cohort query integration tests (B3, #369) by @atriaybagur in #412
  • fix(security): remediate code scanning alerts — CWE-78, CWE-89, CWE-601 by @garciadias in #415
  • docs: align Read the Docs styling with FLIP Design System by @atriaybagur in #425
  • Strengthen SQL query validation with AST parsing and literal LIMIT/OFFSET checks by @atriaybagur in #419
  • FLIP-PT-080: disable SQLAlchemy engine echo on data-access-api by @atriaybagur in #431
  • [codex] Fix Codecov coverage report overwrites by @atriaybagur in #432
  • ci: restore deleted Run tests step in trust imaging-api workflow by @atriaybagur in #437
  • Add comprehensive UI unit tests for service layer by @atriaybagur in #433
  • FLIP-PT-013: remove dead HS256 JWT fallback from auth_utils by @atriaybagur in #435
  • Drop ID token support, require access tokens only (#344) by @atriaybagur in #430
  • FLIP-PT-006: Disable Swagger/OpenAPI/ReDoc in production by @atriaybagur in #428
  • FLIP-PT-082: build XNAT projectData XML with ElementTree (XML injection fix) by @atriaybagur in #427
  • fix: resolve Dependabot security vulnerabilities by @garciadias in #421
  • FLIP-PT-045: refuse production flip-ui builds when VITE_LOCAL=true by @atriaybagur in #434
  • fix(docs): improve contrast of version dropdown in sidebar by @atriaybagur in #450
  • FLIP-PT-014: validate Cognito ListUsers filter inputs in cognito_helpers by @atriaybagur in #436
  • FLIP-PT-015: Move query validation error handling to validate_query function by @atriaybagur in #440
  • FLIP-PT-034: Document flip-ui Dockerfile security rationale and constraints by @atriaybagur in #445
  • FLIP-PT-083: gate flip-api logger on Settings.LOG_LEVEL (default INFO) by @atriaybagur in #443
  • fix(security): SRP sign-in (FLIP-PT-052) + Cognito source of truth by @atriaybagur in #442
  • FLIP-PT-003: stop leaking S3 pre-signed URLs into app logs by @atriaybagur in #426
  • test(flip-api): add e2e_smoke for the central-hub PR sanity loop by @atriaybagur in #454
  • Fix select element styling and update copyright year to 2026 by @atriaybagur in #459
  • docs: trust-api README + return type annotations on flip-api / imaging-api by @atriaybagur in #456
  • fix(security): remediate code scanning alerts — CWE-22 zip slip, CWE-78 script injection by @garciadias in #458
  • Develop by @atriaybagur in #460
  • feat(flip-ui): add Status column to project Models list by @atriaybagur in #453
  • docs: restructure top-level pages and toctree by @atriaybagur in #463
  • fix(flip-ui): Resolve dependabot security vulnerabilities by @garciadias in #457
  • docs: fix broken trust deployment link and clarify Security/Networking on Platform Support page by @atriaybagur in #464
  • feat(infra): cutover Central Hub + FL stack to ECS Fargate (PR 2/3) by @garciadias in #452
  • feat(deploy/aws): split FLIP S3 bucket into 3 purpose-built buckets by @atriaybagur in #465
  • fix(flip-api): use job_id column name in scheduler atomic UPDATE by @atriaybagur in #474
  • fix(flip-api): upsert FL nets from NET_ENDPOINTS instead of skip-on-conflict by @atriaybagur in #483
  • Revert "fix: prevent fl-server crash loop with entryPoint override" by @atriaybagur in #486
  • e2e_smoke to also work with Flower (use FL_BACKEND) by @atriaybagur in #468
  • docs(AWS): align README with current Terraform topology by @atriaybagur in #489
  • fix(flip-api): add db/seed/seed_logger.py and use it across the seed pipeline by @atriaybagur in #484
  • Merge pull request #460 from londonaicentre/develop by @atriaybagur in #502
  • chore(ansible): drop dead central_hub kit-sync plays by @garciadias in #451
  • fix: bump urllib3 to 2.7.0 to resolve 8 dependabot alerts by @garciadias in #497
  • fix(flip-api): consume normalized FL job-metadata contract, fix stop-training (#490) by @atriaybagur in #494
  • docs: sync READMEs and ReadTheDocs with code; tighten Python type hints by @atriaybagur in #507
  • infra(aws): move ALB into private subnets via CloudFront VPC origin by @atriaybagur in #473
  • refactor(trust): relocate compose stack to trust/deploy/ by @atriaybagur in #513
  • fix: resolve 3 open CodeQL code scanning alerts by @garciadias in #496
  • fix(docs-gifs): make admin docs Cypress recording pipeline runnable by @atriaybagur in #511
  • FLIP-PT-092: bound presigned model-file uploads with size + content-type policy by @atriaybagur in #438
  • feat(deploy/aws): publish FLIP-Prod VPC + subnet IDs to SSM by @atriaybagur in #467
  • docs: add release and versioning procedures to CONTRIBUTING.md by @atriaybagur in #520
  • feat: ECS Migration PR 3 — Security Hardening (KMS, SG drift, ECS Exec, tag validation) by @garciadias in #491
  • Release v0.2.0 by @atriaybagur in #526
  • Develop by @atriaybagur in #531

New Contributors

Full Changelog: v0.1.3...v0.2.0

Contributors

garciadias, dependabot, and 2 other contributors
Assets 2
Loading