Version v1.0.46

• 9dd9b49: Version 1.0.46
• bbf7e8d: Initial Setup: HTTP Request Plugin: Add new idle_timeout and connect_timeout params, set all timeouts to number variants.
• d6118f2: Sample Config: Add satellite.config.graphics_enabled set to false (for future xySat use).
• 8ac3ec2: Quiet Modifier: For ephemeral mode, if job finishes with a non-zero code (i.e. error) remove ephemeral flag.
• f5ec5e2: Feature: Allow default max jobs per server to be set at the group level (individual servers can override).
• a98c557: Feature: New job server selection algorithms: prefer_first_natural, and prefer_last_natural.
• c0ba698: Feature: Optional job priority flag, to jump to the head of the queue.
• b5a28ec: Feature: Implement optional max jobs per server (server.maxJobs).
• a3c82d0: Bug Fix: Job Target Expressions: Ensure expression is re-evaluated when monitoring queued jobs.
• 5886190: Server UI: Fix race condition when sitting on server page while server disconnects / reconnects.
• d5d4609: Actions Doc: Added clarification about the "Suspend" action, which can only be used inside of a workflow.
• 4ca3e59: UI Fix: When clicking on an out-of-date conductor version to upgrade it, prevent the refresh from popping up the upgrade dialog again.
• 676ca53: Delete Job UI: When deleting a workflow sub-job, update the parent workflow so it shows a visual indication of the deleted job in the list. Fixes #243
• c08ce54: Log Viewer: Add Postgres and Redis logs to the menu.
• a4eb1de: Hot Keys: Add sanity check for event.key. Fixes #245.
• e93f14b: Installer Script: Change minimum supported Node.js version to v20.

Full Diff: v1.0.45...v1.0.46

Version v1.0.45

• 041c000: Version 1.0.45
  • Bump pixl-server-storage to v4.1.0 for new Postgres storage engine.
  • Add pg module for Postgres storage engine.
  • Add ioredis module for Redis storage engine.
  • Bump lodash (sub-dep of async) to v4.18.1 for another vuln fix.
• 715a640: Bug Fix: Custom sub-job labels were not visible on workflow job detail screen. Fixes #242.
• f946407: Sample Config: Add new default Postgres storage engine configuration.
• 6f863ba: Docs: Add new storage setup doc, and link it from existing docs.
• 46fc0be: UI Strings: Tweak limit and action table captions to be more clear about category and universal inheritance.
• 7f962c8: UI Tweak: Fix "Copy to Clipboard" button in code viewer dialog.
• dd937e6: Bug Fix: Upon job recovery after restart, unset job.remote flag in case job is dead (so it can abort after going stale). Fixes #240.
• 58be32f: Meta: Add local bin/release.sh script for automating releases.

Full Diff: v1.0.44...v1.0.45

Version v1.0.44

• bc2a0ea: Version 1.0.44
• ea357ff: Meta: Add release.yml to automatically generate release notes and a GH release via GH actions.
• e379951: Servers Doc: Fix tabs that snuck into docker-compose sample.
• e07bea5: UI Tweak: Job Details: When user content contains markdown, increase its body font size slightly.
• a97589d: Bug Fix: Ensure web hook headers are an array at the API level, and add extra safeguards. Fixes #238.
• 74d5778: Servers Doc: Updated automated docker workers section with new xysat configuration setup.
• 3124d5c: Security Overview Doc: Made a few minor corrections and wording adjustments.
• f4ba4f7: Multi/Satelite Release List APIs: Add optional verbose parameter, to include full response from GitHub.
• 018e43b: Add SECURITY_OVERVIEW.md document, to complement THREAT_MODEL.md.
• e8cf67b: Bulk Deletes: When internal deletion jobs complete, refresh applicable search results pages in case users are waiting. Fixes #236
• 4c0bf02: Admin Upgrade Conductors API: Default single server pre-delay time to 5 seconds to allow for job to complete before starting upgrade.
• 0ff5230: Workflows: Support event/job target expression in the multiplex controller, and do not abort the workflow if no servers match. Fixes #233
• 68972b9: Docs: Remove NFS as a recommended storage configuration.
• 888d1bf: System Diag Report: Small tweaks, trim load avg for display, add message for zero servers.

Full Diff: v1.0.43...v1.0.44

Version 1.0.43

• Bump pixl-server to v1.0.50 for more detailed crash logs.
• Override lodash (sub-dependency of async) to v4.17.23 for vuln fix.
• API Doc: Add docs for internal admin_upgrade_masters and admin_upgrade_workers APIs.
• API Doc: Add new multi section, with internal master_register, get_master_releases, and master_command APIs documented.
• API Doc: Clarify some admin API privs and rename satellite section.
• Hosting Doc: Added clarification on Docker configuration mount, as it needs to be unique per conductor.
• New Feature: Magic Link Form: Allow button text, icon, and custom faux response parameters.
• Docker Satellite Servers: Add default named volume mount for custom config dir (so containers survive upgrades).
• New Feature: Visually show conductors and satellite servers that have outdated versions. Click to popup upgrade dialog.
• CSS: Adjust scrollbar thumb color to better follow theme.
• Bug Fix: Ensure workflow decision and split nodes always have access to outer workflow object for use in expressions. Fixes #232.
• Satellite/Multi Release List APIs: Reduce requirement to any valid user or API key
  • (These are just proxies to the public GitHub API, so no special privs needed).
• Feature: Send xyops / xysat version information along with each job launch, in job.versions property.
• Behavior Change: For get_ APIs with v1 suffix, return HTTP 404 upon failure. Fixes #231.
• README: Remove quick-start docker run command, and instead direct people to the self-hosting guide.
• New Feature: Add "Diagnostic Report" button on System page, for generating report content for GitHub issues.
• README and Hosting Docs: Clarify Docker setup instructions, use XYOPS_masters environment variable even for single-conductor setups.
• Bug Fix: Auto-detect case where multiple hostnames resolve to same servers in masters.json, and shut down with loud error.

Version 1.0.42

• Remove jimp dependency, replace with in-house developed pixl-resize module.
• Config Editor: Perform basic validation pass on save. Fixes #224.
• Bug Fix: Crasher in monitoring subsystem when storage transactions are disabled. Fixes #220.
• Bug Fix: Magic Link: After creation, if user goes back into edit trigger dialog without saving first, magic link key is regenerated.
• Config Doc: Add note about leaving storage transactions enabled.
• Config Doc: Document the satellite docker image path.
• Cleanup: Remove unused avatar code in admin path.

Version 1.0.41

• Bump pixl-tools for upstream vuln fix in picomatch.
• Bump pixl-mail for upstream vuln fix in nodemailer.
• Marketplace UI: Lazy-load thumbnails from GitHub as to not exceed limits.
• Feature: Global "client.hide_sidebar_sections" will force-hide specific sidebar sections for all users, regardless of their prefs.
• Feature: Marketplace: Allow quick setup / editing of secret vaults for installed plugins.
• CSS UI Tweak: Adjust max select menu height slightly, as certain positions can cause it to extend beyond the screen bounds.
• UI Tweak: Sort secret vaults by title.
• CSS UI Tweak: Fix background color in plugin/event param select menus on light theme.
• README: Add bind mount for xyops config in docker example command.
• Hosting Doc: Add missing bind mount for config dir in quick-start docker run command.

Version 1.0.40

• SSO Doc: Fixed example command and added note about the xyOps AWS ALB SSO Plugin.
• Feature: Custom SSO Plugin command, to validate and transform request for prep for SSO login.
• Sample Config: Update stock tls.crt and tls.key files (self-signed).
• API Doc: Add docs on internal satellite install/upgrade/config endpoints.
• Hosting Doc: Add section on customizing satellite config managed keys.
• Servers Doc: Add details on docker workers, specifically around bind mounting the xysat config file.
• Workflow Behavior Change: Sub-job queuing now considers each workflow job to be its own queue "namespace". Fixes #218.
• Bug Fix: Crasher in workflow if job is aborted very early, before it goes into an active state.
• Security Hardening: Remove word boundary matching for scrubbing secrets from web hook diagnostic output.

Version 1.0.39

• Server Notifications: Improve notification text for server add/remove activity.
• Docs: Add ToS and Privacy Policy.
• Security Hardening: Redact secrets from web hook detail output log (best effort).
• Bug Fix: UI crash in getWFParamPreviewHTML for omitted optional number param values. Ref #175.
• Add THREAT_MODEL.md file for security audits.
• Typo fix in docs and sample config: outbound_blacklist and outbound_whitelist should be blacklist and whitelist, in the airgap config.
• Security Hardening: Secrets API: Ensure secret key names don't match any bad strings (i.e. proto and the like).
• Security Hardening: API handler: Disallow any params matching bad key names (i.e. proto and the like).
• Security Hardening: Remove macro substitution support from system hook shell exec command (was undocumented anyway).
• Security Hardening: Lock down more built-in plugin fields to administrator-only (HTTP URL, Docker Run Command, etc.).
• Security Hardening: Check secret variable key names for illegal strings (i.e. proto and the like).
• Security Hardening: Increase default secret key length to 32 chars in container-start.sh
• api_get_latest_monitor_data: Allow both GET and POST parameters. Fixes #214.

Version 1.0.38

• Server Monitor Alerts: Use correct server label and stripped hostname in notification text.

Version 1.0.37

• Feature: Customize sidebar section visibility in the user settings screen.
• Server Data Explorer: Add hover tooltips for all Plugin IDs, for easier identification. Fixes #211.
• Welcome Doc: Fix wording to properly describe when the guide auto-disappears. Fixes #212.
• CLI Doc: Remove unused section.