Skip to content

v1.4.0

Latest

Choose a tag to compare

@source-release-bot source-release-bot released this 02 Jul 18:04
5634cc9

1.4.0 (2026-07-01)

⚠ BREAKING CHANGES

  • require auth for restricted products (#284)

Features

  • add INI-style credentials format tab (2bcc3f1), closes #388
  • add INI-style credentials format tab (#389) (ebd4a1e)
  • add X-Robots-Tag header for non-production deployments (72249b9), closes #302
  • add X-Robots-Tag header for non-production deployments (#323) (4fa9f9d)
  • admin-ui: trust-policy sub-pattern preview on the federated connection edit page (#377) (ba82dc4)
  • admin: admin email-to-profile lookup view (#350) (a056a28)
  • admin: data connection management (CRUD, S3/Azure/GCP/R2, product mirrors) (#364) (9ca1f53)
  • authz: let product owners view their own deactivated products (#399) (09fd4d0)
  • data-connection: expose secret-less federated config; never return stored secrets (#376) (395b6c2)
  • data-connection: federated backend authentication (AWS web identity + GCP/Azure scaffold) (#332) (999a076)
  • data-connections: account-owned data connections (#383) (b04755b)
  • data-connections: expose secret-less federated config by connection visibility (#327) (#339) (43f1f63)
  • data-connections: link product-owned connections to admin form (#392) (c6e8f10)
  • data-connections: require unsigned connections to be read-only (#394) (c2af48b)
  • delete product feature with confirmation modal (#361) (0f68e47)
  • globe: render live activity per datacenter (#395) (d119935)
  • globe: tidy live-activity popup, per-product count on hover (#397) (1d92b1f)
  • object-browser: delete files and prefixes in edit mode (#403) (2b1426b)
  • OIDC auth (#283) (c40ec89)
  • products: choose a data connection and enforce its allowed visibilities (#338) (c40818f)
  • products: deactivate products — form toggle, admin-only viewing, API 404s others (#372) (77dc24b)
  • products: mark deactivated products in account product list (#385) (b8e6806)
  • profile: link to Ory settings from read-only email field (#349) (34a2244)
  • scripts: bulk-apply web-identity auth to opendata S3 connections (#398) (45e4133)
  • scripts: migrate restricted open-data products to unlisted (#343) (#371) (2977ee4)
  • uploads: route in-browser uploads through the data proxy (#391) (92f61ed)
  • viewer: Add PDF viewer, PNG bindings (#315) (7927431)
  • viewer: support ndjson/jsonl (3790a24), closes #390

Bug Fixes

  • api: return 200 on successful member invite (#381) (3be8e49)
  • auth: log out sessions stuck at AAL1 when whoami requires AAL2 (#396) (b9af694)
  • data-connection: enforce provider↔auth pairing, tighten ARN + GCP SA validation (#368) (4780089)
  • data-connections: admin form-reset, redirect, and prefix-template handling (#379) (963e7c8)
  • data-connections: correct trust-policy aud to sts.amazonaws.com (#382) (d53b894)
  • email-verification: reconcile Ory verification on every page load (#347) (e0a85c3)
  • forms: opt out of React's auto form-reset so controlled fields don't flash (#373) (0eb033f)
  • globe: fall back to static image when WebGL is disabled (#387) (eb5c9a6)
  • make full menu item area clickable (#295) (e27a3c2)
  • product: hide edit buttons when data connection is read-only (#353) (b57cfab)
  • products: degrade gracefully when a data-proxy read fails (#400) (3b5adb5)
  • re-render auth UI after form-submission redirects (#344) (a378ebc)
  • require auth for restricted products (#284) (112265a)
  • return user to current view after login (#346) (9dd6d5f)
  • show same-path re-uploads without a manual refresh (#409) (b878b68)
  • uploads: refresh STS credentials mid-upload (#401) (#402) (8da202d)
  • use [source-coop] as INI profile name (c06a5ac)
  • validate product DOI format (#319) (4727dec)

Performance Improvements

  • db: request-scoped memoization of DynamoDB reads (#320) (1f295cf)

Miscellaneous Chores