Kodex EE Releases

This page contains information about Kodex releases.

v0.5.46

This release adds support for the E.164 format when validating and normalizing phone numbers.

v0.5.45

This release introduces a new Map validator that allows mapping a single input value to multiple output values in the form of an associative map. For example, this allows running different normalization actions on a given input before pseudonymizing it, effectively producing multiple pseudonyms that can then be used for matching against external data. The validator accepts a map of keys and for each key a list of validators. The output will be an associative map with the given keys, where each value will correspond to the output of the keys list of validators when applied to the input value.

v0.5.36 - 0.5.44 - May - October, 2024

These releases include small bug fixes and improvements e.g. adding new validators (to normalize e-mails and phone numbers) and improving existing functionality e.g. for managing change requests.

v0.5.35 - May 24, 2024

This is a bugfix release.

• Fixes an issue with the action editor where adding a field to a IsStringMap field validator would add a field with the same name to all other open maps due to the form ID not being specific. This release fixes this by prefixing all forms with the fully qualified field name.
• Fixes an issue with the IsTime validator where the format parameter was incorrectly specified as form.

v0.5.34 - April 26, 2024

This is a feature release!

• Introduces object access tokens for stream configs, which allows users to define access tokens that are scoped for specific objects and can only perform specific actions on that object, such as transforming data for a stream config. This allows very fine-grained access control when defining these tokens, which strongly reduces the risk of sharing or using them for data transformation purposes. The new tokens are available directly in the "Access Tokens" tab of supported objects (currently only stream configs). Resulting tokens can still be managed through the SSO token menu.
• It is now possible to delete streams and stream configs through the web user interface.

v0.5.30 - 0.5.33 - February - March, 2024

These were small bugfix releases, fixing problems with SSO and UI issues.

v0.5.28 - January 23, 2024

This is a small bugfix release:

• Fixes an issue with the IsAction validator in the form config, which would produce an error when changing it to an action type that cannot be used within a form (e.g. the "Undo" action). Now it provides a proper error message instead of producing a .

v0.5.27 - January 22, 2024

This is a small debug release:

• Adds a new web view (/sso/user) that displays the SAML properties of the logged in user for debugging.
• Change the default SSLMode for Postgres from allow to prefer.

v0.5.26 - January 19, 2024

This is a small feature release with the following improvements:

• The SSO user provider will now look into the value set for the organization attribute (which can be defined by setting the SSO_ATTRIBUTE_ORGANIZATION environment variable). If the value is a schema (e.g. starting with the regular expression [a-z]+://) the provider will extract the organization name from the provided SAML attributes. If not, the SSO provider will treat the attributes as an organization name and set the user organization to it. This is useful if you e.g. want to map all users to the same organization even if they belong to different SSO organization. Warning: Please be aware that this could cause a security issue as all users that can log in via SSO will be able to access Kodex using the same organization.
• The Postgres connection string now supports a POSTGRES_SSLMODE parameter that can be set through an environment variable. This parameter controls how the client handles TLS when connecting to the database. The default parameter value is allow, which will use TLS if the server insists. To enforce TLS when connecting to a server, set it to require instead. See the Postgres documentation for more information about this parameter.

v0.5.25 - December 19, 2023

This is a large bugfix release with the following improvements:

• Form & action editor has been improved, all validator types can now be created from the UI.
• Errors in form configuration fields show up in the editor and can be easily debugged.
• Error log entries of the item processor now contain a reference to the transformation config and associated project, if given. This makes tracing errors to specific projects or config easier.
• The project list now contains the date when a given project was last updated, instead of its creation date.
• The "Create Project" and "Create Action" forms have a "Cancel" button that allows easy navigation back to the list views.
• Opening and closing of change requests is now more intuitive, explaining the process to the user and asking whether a request should only be closed for now or if it is ready for review.
• When downloading a blueprint, the resulting JSON is downloaded as an attachement / file instead of being opened in the browser directly.

v0.5.19 - v0.5.24 - November 2023

These are bugfix releases with minor updates and fixes.

v0.5.18 - October 20, 2023

This release brings more UI/UX improvements, fixes the mobile navigation and layout and simplifies the opening, closing and merging of change requests (please note that there are still more changes incoming).

v0.5.17 - October 13, 2023

This release brings many small improvements to the user interface and the change request workflow, making it easier to open change requests and merge them. The whole project layout is also less cluttered and the use of the sidebar reduced the amount of tabs on the right. Breadcrumbs have been moved to the navbar where they are better visible and take up less space. It is now possible to directly open a change request and start editing without navigating through multiple pages.

There are still a few UI/UX improvements that are pending and will be included in the next release. The underlying web framework now also supports reactive rendering, which will be used to e.g. improve the action test view.

v0.5.16 - September 15, 2023

This release improves the IsAction validator UI in the action editor. It enables changing of the action type and auto-generating configuration for most action types. Please note: Not all action types are supported yet, currently e.g. only the pseudonymize and drop actions have associated editors. The functionality for the other action types will be added in the upcoming releases.

v0.5.15 - September 12, 2023

This release fixes several small issues with the new action editor UI. Notably, forms were shown as editable even when a project was in read-only mode. This release fixes this behavior, ensuring action configuration can only be edited when a change request is open.

v0.5.14 - September 8, 2023

This release improves the usability of the action editor by enabling editing of all validator settings through the web user interface. The release also fixes a bug that would cause change requests to become invalid.

• All validators in the action editor now have UI widgets for editing. This means that non-technical users can easily change the properties of these validators, e.g. setting pseudonymization parameters or validation constraints.
• Changes are validated before being persisted in change requests. Prior to this release, a corrupt change could make it into a change request, corrupting the resulting project state and rendering the request unusable. Now, all changes are integrated into the project and verified before being persisted, making it impossible to corrupt a change request through a faulty change.

v0.5.13 - September 1, 2023

This is an internal release without user-facing changes.

v0.5.12 - August 29, 2023

This release fixes a few minor bugs and improves the usability of the action editor. This release also includes a change to the form validation logic that changes form behavior, please be aware of this.

• The root URL (/) returned a 404 page for v0.5.11, this is fixed in the new version.
• The action buttons of the "delete validator" dialog were not visible due to a CSS glitch, this is fixed now.
• It is now possible to toggle between the UI-based view of a given validator, and a source code view where the validator code can be edited directly.
• The Switch validator no longer returns the original data value when no switch case matches and no default case is defined. Instead, it returns an error. This is a safer behavior for sensitive data, as data belonging to an unknown switch case will not be passed through unmodified but rejected. It is possible to override this behavior by defining a default switch case.

v0.5.11 - August 25, 2023

This release again improves the usability of the action editor and other components:

• Several validator types like IsIn and IsAction have proper user interfaces, allowing their configuration without modifying the underlying JSON representation.
• The action editor tab is shown at the top level, reducing the overall complexity on the screen while editing actions.
• The test data view allows filtering and better comparison of test data to transformed data.

v0.5.10 - August 18, 2023

This release improves the usability of the action editor and other components:

• The action editor UI has been made more user-friendly, unneeded elements like deletion icons are only shown when hovering specific fields.
• Navigation within a complex form action is easier, with active fields and validators being highlighted for the user.
• Form-based actions for moving validators and changing test data are now also performed as XHR requests, not triggering a full page reload anymore.
• Scripts that are dynamically replaced during a form or link action are now correctly re-executed.

v0.5.9 - August 15, 2023

This release improves the usability of the Kodex web frontend by using asynchronous loading of resources:

• When clicking on a link, the page content will be loaded asynchronously by default, maintaining the page status (e.g. scroll position) whenever possible. This makes the app easier to navigate and use e.g. when adding or modifying validators.
• Form submissions will also happen asynchronously, with the same benefits as described for the link following above.

Please note: This functionality is still experimental and might cause issues.

v0.5.6 - v0.5.8 - July, 2023

These releases were bugfix releases and added only minor new features.

v0.5.5 - June 23, 2023

This release improves the action editor interface, adding support for all validator types. The UI is still incomplete as it's missing editors for the most common validator types (e.g. Switch), which will be implemented in the next release. The release also improves the access token UI and fixes several other UI issues.

v0.5.4 - June 16, 2023

This release fixes a problem with the SQL connection pool, that would cause conn busy errors when opening multiple transactions, which happens e.g. during the use of the Kodex web application. The new release ensures connections are not shared between different goroutines.

v0.5.3-1 - May 30, 2023

This release fixes a problem with the previous release that cause the old database driver to be still used.

v0.5.3 - May 30, 2023

This release changes the Postgres driver from lib/pq to jackc/pgx as the former seems to have issues with the correct handling of Postgres transactions.

v0.5.2 - May 26, 2023

This release fixes several small issues and implements new features:

• Add a "Streams" tab to the project view, showing all existing streams and stream configurations for a given project. This enables users to e.g. see the IDs of the stream configs and the associated API URLs.
• Fix the merging of change requests, which was not properly implemented in previous releases.

v0.5.1 - May 24, 2023

This release adds administrative functionality, notably management of SSO access tokens.

v0.5.0-alpha.3 - May 23, 2023

This releases introduces various bugfixes and improvements:

• Fix a problem with the rendering of form fields of type map[string]any without an accompanying form, which would result in a crash of the web application.
• Add better UI navigation and a logout link to the menu bar.
• Improve diffing of changes and remove unnecessary export data.
• Reduce logging verbosity for the SSO provider to avoid overflowing logs.

v0.5.0-alpha.2 - May 17, 2023

This releases fixes a problem with single-sign-on (SSO) caused by SAML tokens that are too large and therefore cannot be stored in a cookie. This new release mitigates this problem by storing all SSO sessions inside the existing SSO access token. Another advantage of this approach is that all active SSO sessions can be more easily restricted, audited or deleted.

v0.5.0-alpha.1 - May 9, 2023

Please note, this is an alpha release of the new Kodex EE web UI and it still has several breaking bugs, use only for internal testing.

This release introduces a completely overhauled web UI implemented natively in Kodex, doing away with the existing single-page application (SPA) based frontend. The new frontend aims to be more stable and easier to maintain and provides better usability. It even works without Javascript enabled (though not all comfort features will be fully available). The following large changes were introduced with this new release

• New Change Request Workflow: The existing change request system was again completely overhauled to accomodate more flexible workflows and ensure changes can be understood and merged more easily. The new mechanism records any user-made change to a project in a fine-grained way and creates a log of change records. These records can be individually audited and applied to a given project. Recording changes instead of project state also allows rebasing of change requests, which makes parallel change request workflows possible.
• New Data Management Workflow (WIP): The data management system was completely overhauled and a new Dataset model was introduced to manage data for testing. This model allows attaching datasets to different objects like action configs, streams or projects, which in turn makes it easier to use this data for testing. The backend functionality for this feature is already implemented, but the user interface not yet.
• New Action Editor: The action editor interface was completely overhauled. Some styling and edit functionalities are still being implemented and will be released with the next version.

Security Fixes

• Risk of Empty Key When Using the Merengue Pseudonymization Method: Under certain circumstances it was possible that the merengue pseudonymization method was run without an action-specific key, relying only on the global salt value. This slightly reduces security and increases the risk or re-identification attacks. The parameter management mechanism was updated to avoid this kind of error, and the merengue pseudonymization code was updated to return with an error when used without a key.

v0.4.1 - February 21, 2023

• Add new project roles: In addition to the generic reviewer role, new legal-reviewer and technical-reviewer roles is added to allow reviewing of change requests by legal & technical users.
• Add change request reviews: Change requests can be reviewed by multiple users, and multiple reviews can be required to make a change request mergeable. This allows implementing a technical & legal review workflow on change requests.
• Change Request UI: Add a user interface for managing change requests and working with them in the blueprint editor.

v0.4.0 - February 21, 2023

• Add e-mail address to SSO user data: SSO login now requires that the SSO data constains an e-mail address attribute. By default, http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress is used, which can be overwritten through the SSO_ATTRIBUTE_EMAIL environment variable.
• Add a user model: User data is persisted in the Kodex database in order to support the new change request functionality, which makes it necessary to associate requests with specific users. User data will be synced automatically from the SSO provider.
• Extend the change request model: The change request model now includes several new fields & relationships, notably a creator field that references the user who created the request, as well as a reviewer field that references the user who reviewed the request. In addition, change requests have a status field that shows the life cycle status of the request. Requests start out in the draft state and can be set to ready by the creator. Alternatively, the creator can set the request to withdrawn. Reviewers can set the request to either approved or rejected. A new metadata field contains additional information about the request, e.g. conversation between reviewer and creator.

v0.3.9 - February 10, 2023

This is a feature release:

• Add a way to run Kodex-EE with the inMemory user provider for testing. To enable this provider, simply set USER_PROVIDER=inMemory and ENABLED_APPS=[kodex, admin, simpleAuth] in your Docker environment. You will then be able to log in with the default token aabbccdd. This configuration should not be used for production settings, it is only for testing!

v0.3.8 - February 3, 2023

This is a bugfix release:

• Fix a problem in the database administration view that would cause an unexpected error when toggling the database selection on the right.

v0.3.7 - February 3, 2023

This is a feature release:

• Default roles are now applied to all newly created objects.
• SSO group mappings are also performed for the SSO superuser group. I.e. if you are in the superuser group, you will nevertheless receive any additional organization roles defined for that group in the SSO group mapping. Before, members of the superuser group were excluded from this mapping process.

v0.3.6 - February 2, 2023

This is a bugfix release:

• Fix a problem with the 0002 migration of the SSO plugin that tried to creat indices that already exist.

v0.3.2 - v0.3.5 - February 1, 2023

Release v0.3.4 requires a database migration.

These are bugfix releases:

• Fix a problem with a missing settings entry for the SSO database, leading to the SSO database migrations not being shown in the web app.
• Fix a problem with the object roles, which did not support the editor role.

v0.3.1 - January 31, 2023

This is a bugfix and feature release, adding the following functionality and fixes:

• Migration Script Generation: It is possible to generate SQL migration scripts directly in the Kodex application, making it easier to manually run the required migrations.
• Fixes in project roles: The project role generation now works as intended.
• Fixed in default roles: The default role generation now works as intended.
• UI improvements: The sidebar menu and navbar were improved.

v0.3.0 - January 27, 2023

This is a planned feature release, adding the following functionality to the Kodex application:

• Role-based workflow management: Implements role-based workflow management for all projects. Users can define project roles based on organization roles, enabling e.g. validation workflows when defining new pseudonymization configurations. This change also introduces advanced versioning of data models, which is required to enable the workflow management.
• Default role creation: Implements creation of default roles for specific object types in an organization. Superusers can define default object roles for specific object types that will be applied to all created objects of the type. This enables superusers to define standard roles e.g. for reviewers, which will be automatically assigned based on organization roles of specific users.

This release requires a database migration.

Data Model Changes

The following new data models were introduced with this release:

• Change Requests: Change requests can be attached to any object in Kodex and describe a proposed change to that object. They are used in the role-based workflow management. Users without administrative privileges that cannot directly change specific objects (e.g. a blueprint) can instead propose a change. Users with the reviewer role (which includes administrators) can then review this change and approve or reject it.
• Default Object Roles: As described above, default roles describe the set of object roles that will be attached to a newly created object in an organization. This allows us to define user roles on projects based on organization roles.

API Changes

The following new endpoints were introduced in the Kodex API with this release:

• Change Requests: API endpoints to create, view, edit and delete change requests. Every object (project, stream, action) has a new set of URLs to work with change requests, e.g. GET /api/v1/projects/<project-id>/change-requests will return all change requests for the given project, POST /api/v1/projects/<project-id>/change-requests will create a new change request for a project, DELETE /api/v1/projects/<project-id>/change-requests/<request-id> will delete a change request.
• Default Object Roles: API endpoints to create, view, edit and delete default object roles. GET /api/v1/orgs/<org-id>/default-roles will return all default object roles for an organization, POST /api/v1/orgs/<org-id>/default-roles/<object-type> will create a new object role for a given object type (e.g. project), DELETE /api/v1/orgs/<org-id>/default-roles/<role-id> will delete a default role.

UI Changes

The following changes were introduced in the Kodex user interface:

to be done, will be updated shortly

v0.2.17 - January 20, 2023

This is a bugfix release:

• Fix the version of the go-helpers library, which was outdated in the 0.2.16 release causing an issue with environment variables when launching Kodex.

v0.2.16 - January 19, 2023

This is a bugfix release:

• Fix a problem with single-sign-on (SSO) that caused an unmitigated error in the frontend:
  • Under some circumstances, the REST API returned two concatenated JSON responses containing error information, notably when a given SSO session expired. This led the response parsing to fail in the web application, which in turn caused the application to get stuck in the verification screen.
  • The backend code was fixed to only return a single JSON object with additional error information that can be properly parsed by the web application in these cases.
  • An expired SSO session will now properly trigger the web application to start the re-authentication workflow.