Part-DB 2.12.1

Security fixes

• CRITICAL: Fixed issue that users with editing rights could execute arbitary php code in the docker installations by uploading phar files
• MEDIUM: Fixed XSS issue in unsanatized log entry extra. Due to the Content-Security-Policy this has limited impact, as no arbitrary javascript can be executed.
• MEDIUM: The APP_SECRET env must be changed to prevent forgery of REMEMBERME tokens. To be doable an attacker requires to know the secret password hash of a user, which is not obtainable without another security issue. Administrators will see an warning banner on the homepage, asking to change the APP_SECRET.

Generate an new random 32 character string with openssl rand -hex 32 and put the value for APP_SECRET into your .env.local or the environment section of the docker-compose.yaml.

Other changes

• Updated dependencies to fix known security issues in symfony and twig
• Updated KiCad symbol and footprint lists

Bug fixes

• update gomodule imports to /v2(6cb4913 by @kmendell)
• decrypting of notification tokens failing (#2850 by @kmendell)

Dependencies

• bump updater module to new module name(50c0847 by @kmendell)

Full Changelog: v2.0.0...v2.0.1

2.0.1

2.0.1

2.0.1

New features

• use DHI images for base docker image (b73eb4c by @wrycu)
• full rbac permissions (1500646 by @kmendell)
• full background activity tasks (3d2c9ef by @kmendell)
• new account page and small ui tweaks and fixes (526e6d6 by @kmendell)
• better universal dashboard ui tweaks (986333b by @kmendell)
• support for federated credentials for workflow automation (818d306 by @kmendell)
• icon catalog and passthrough (72c6f23 by @kmendell)
• customizable font size per user (#2848 by @kmendell)

Bug fixes

• decouple context for activities (2afd24a by @kmendell)
• add the ability to cancel ongoing activities (fb11a53 by @kmendell)
• show all environment activities (0a6be65 by @kmendell)
• trivy scans not using arcane registries credentials (5d29ce3 by @kmendell)
• make updater service skip swarm containers and make checks more robust (ef0cec6 by @kmendell)
• incorrect paths for activity syncing(9d06074 by @kmendell)
• add global csrf middleware (c922327 by @kmendell)
• better rbac frontend UX for selecting permissions (23e24b6 by @kmendell)
• project auto update not updating container properly (a6a106a by @kmendell)
• diagnostic logs not formatted correctly(eed265c by @kmendell)
• image update checks timeout for no reason (45e229c by @kmendell)
• fix project update order and authentication (793ae89 by @kmendell)
• events create rbac role removed cause its pointless (864a581 by @kmendell)
• validate claim value and role ID in OIDC mapping functions (fa0c147 by @kmendell)
• annotate jwt placeholder secret(bfec449 by @kmendell)
• prune long running stuck jobs (9dbf241 by @kmendell)
• project sync depth not respected during FS sync (09737ce by @kmendell)
• skip checking for updates on pinned digests (760a88d by @kmendell)

Dependencies

• use node version 26.x.x(7b0c9c0 by @kmendell)
• bump pnpm to v11.5.2(d236ee9 by @kmendell)
• upgrade to sveltekit v3 (2709b6b by @kmendell)
• upgrade to tanstack-table v9 (d81c19e by @kmendell)

Other

• remove deprecated services and logic (576865d by @kmendell)
• consolidate frontend types and utils(0d579fa by @kmendell)
• use distroless images over DHI to support all platforms(86b7f60 by @kmendell)
• updated tab bar design(f621fe4 by @kmendell)
• consolidate frontend logic / components (538465a by @kmendell)
• modernize and refactor deduped logic (22e7336 by @kmendell)
• modernize backend code (6e89cff by @kmendell)
• add new go linters and refactor functions (93eefa2 by @kmendell)
• generate services and jobs from google/wire (aa5f767 by @kmendell)
• better RBAC layout filters and catalog (da70b3f by @kmendell)
• use getarcaneapp/updater module (35a0f2b by @kmendell)
• register each gitsync job individually (f1e9f44 by @kmendell)
• enhance updater functionality with restart status and options handling (c8dd0ce by @kmendell)
• migrate from golang-migrate to goose for database (3cdc8a4 by @kmendell)
• cleanup duplicated frontend code (2b68577 by @kmendell)
• update email template design(#2841 by @kmendell)

Full Changelog: v1.20.0...v2.0.0

2.0.0

2.0.0

2.0.0