Kodex EE Releases

This page contains information about Kodex releases.

v0.5.3-1 - May 30, 2023

This release fixes a problem with the previous release that cause the old database driver to be still used.

v0.5.3 - May 30, 2023

This release changes the Postgres driver from lib/pq to jackc/pgx as the former seems to have issues with the correct handling of Postgres transactions.

v0.5.2 - May 26, 2023

This release fixes several small issues and implements new features:

  • Add a "Streams" tab to the project view, showing all existing streams and stream configurations for a given project. This enables users to e.g. see the IDs of the stream configs and the associated API URLs.
  • Fix the merging of change requests, which was not properly implemented in previous releases.

v0.5.1 - May 24, 2023

This release adds administrative functionality, notably management of SSO access tokens.

v0.5.0-alpha.3 - May 23, 2023

This releases introduces various bugfixes and improvements:

  • Fix a problem with the rendering of form fields of type map[string]any without an accompanying form, which would result in a crash of the web application.
  • Add better UI navigation and a logout link to the menu bar.
  • Improve diffing of changes and remove unnecessary export data.
  • Reduce logging verbosity for the SSO provider to avoid overflowing logs.

v0.5.0-alpha.2 - May 17, 2023

This releases fixes a problem with single-sign-on (SSO) caused by SAML tokens that are too large and therefore cannot be stored in a cookie. This new release mitigates this problem by storing all SSO sessions inside the existing SSO access token. Another advantage of this approach is that all active SSO sessions can be more easily restricted, audited or deleted.

v0.5.0-alpha.1 - May 9, 2023

Please note, this is an alpha release of the new Kodex EE web UI and it still has several breaking bugs, use only for internal testing.

This release introduces a completely overhauled web UI implemented natively in Kodex, doing away with the existing single-page application (SPA) based frontend. The new frontend aims to be more stable and easier to maintain and provides better usability. It even works without Javascript enabled (though not all comfort features will be fully available). The following large changes were introduced with this new release

  • New Change Request Workflow: The existing change request system was again completely overhauled to accomodate more flexible workflows and ensure changes can be understood and merged more easily. The new mechanism records any user-made change to a project in a fine-grained way and creates a log of change records. These records can be individually audited and applied to a given project. Recording changes instead of project state also allows rebasing of change requests, which makes parallel change request workflows possible.
  • New Data Management Workflow (WIP): The data management system was completely overhauled and a new Dataset model was introduced to manage data for testing. This model allows attaching datasets to different objects like action configs, streams or projects, which in turn makes it easier to use this data for testing. The backend functionality for this feature is already implemented, but the user interface not yet.
  • New Action Editor: The action editor interface was completely overhauled. Some styling and edit functionalities are still being implemented and will be released with the next version.

Security Fixes

  • Risk of Empty Key When Using the Merengue Pseudonymization Method: Under certain circumstances it was possible that the merengue pseudonymization method was run without an action-specific key, relying only on the global salt value. This slightly reduces security and increases the risk or re-identification attacks. The parameter management mechanism was updated to avoid this kind of error, and the merengue pseudonymization code was updated to return with an error when used without a key.

v0.4.1 - February 21, 2023

  • Add new project roles: In addition to the generic reviewer role, new legal-reviewer and technical-reviewer roles is added to allow reviewing of change requests by legal & technical users.
  • Add change request reviews: Change requests can be reviewed by multiple users, and multiple reviews can be required to make a change request mergeable. This allows implementing a technical & legal review workflow on change requests.
  • Change Request UI: Add a user interface for managing change requests and working with them in the blueprint editor.

v0.4.0 - February 21, 2023

  • Add e-mail address to SSO user data: SSO login now requires that the SSO data constains an e-mail address attribute. By default, http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress is used, which can be overwritten through the SSO_ATTRIBUTE_EMAIL environment variable.
  • Add a user model: User data is persisted in the Kodex database in order to support the new change request functionality, which makes it necessary to associate requests with specific users. User data will be synced automatically from the SSO provider.
  • Extend the change request model: The change request model now includes several new fields & relationships, notably a creator field that references the user who created the request, as well as a reviewer field that references the user who reviewed the request. In addition, change requests have a status field that shows the life cycle status of the request. Requests start out in the draft state and can be set to ready by the creator. Alternatively, the creator can set the request to withdrawn. Reviewers can set the request to either approved or rejected. A new metadata field contains additional information about the request, e.g. conversation between reviewer and creator.

v0.3.9 - February 10, 2023

This is a feature release:

  • Add a way to run Kodex-EE with the inMemory user provider for testing. To enable this provider, simply set USER_PROVIDER=inMemory and ENABLED_APPS=[kodex, admin, simpleAuth] in your Docker environment. You will then be able to log in with the default token aabbccdd. This configuration should not be used for production settings, it is only for testing!

v0.3.8 - February 3, 2023

This is a bugfix release:

  • Fix a problem in the database administration view that would cause an unexpected error when toggling the database selection on the right.

v0.3.7 - February 3, 2023

This is a feature release:

  • Default roles are now applied to all newly created objects.
  • SSO group mappings are also performed for the SSO superuser group. I.e. if you are in the superuser group, you will nevertheless receive any additional organization roles defined for that group in the SSO group mapping. Before, members of the superuser group were excluded from this mapping process.

v0.3.6 - February 2, 2023

This is a bugfix release:

  • Fix a problem with the 0002 migration of the SSO plugin that tried to creat indices that already exist.

v0.3.2 - v0.3.5 - February 1, 2023

Release v0.3.4 requires a database migration.

These are bugfix releases:

  • Fix a problem with a missing settings entry for the SSO database, leading to the SSO database migrations not being shown in the web app.
  • Fix a problem with the object roles, which did not support the editor role.

v0.3.1 - January 31, 2023

This is a bugfix and feature release, adding the following functionality and fixes:

  • Migration Script Generation: It is possible to generate SQL migration scripts directly in the Kodex application, making it easier to manually run the required migrations.
  • Fixes in project roles: The project role generation now works as intended.
  • Fixed in default roles: The default role generation now works as intended.
  • UI improvements: The sidebar menu and navbar were improved.

v0.3.0 - January 27, 2023

This is a planned feature release, adding the following functionality to the Kodex application:

  • Role-based workflow management: Implements role-based workflow management for all projects. Users can define project roles based on organization roles, enabling e.g. validation workflows when defining new pseudonymization configurations. This change also introduces advanced versioning of data models, which is required to enable the workflow management.
  • Default role creation: Implements creation of default roles for specific object types in an organization. Superusers can define default object roles for specific object types that will be applied to all created objects of the type. This enables superusers to define standard roles e.g. for reviewers, which will be automatically assigned based on organization roles of specific users.

This release requires a database migration.

Data Model Changes

The following new data models were introduced with this release:

  • Change Requests: Change requests can be attached to any object in Kodex and describe a proposed change to that object. They are used in the role-based workflow management. Users without administrative privileges that cannot directly change specific objects (e.g. a blueprint) can instead propose a change. Users with the reviewer role (which includes administrators) can then review this change and approve or reject it.
  • Default Object Roles: As described above, default roles describe the set of object roles that will be attached to a newly created object in an organization. This allows us to define user roles on projects based on organization roles.

API Changes

The following new endpoints were introduced in the Kodex API with this release:

  • Change Requests: API endpoints to create, view, edit and delete change requests. Every object (project, stream, action) has a new set of URLs to work with change requests, e.g. GET /api/v1/projects/<project-id>/change-requests will return all change requests for the given project, POST /api/v1/projects/<project-id>/change-requests will create a new change request for a project, DELETE /api/v1/projects/<project-id>/change-requests/<request-id> will delete a change request.
  • Default Object Roles: API endpoints to create, view, edit and delete default object roles. GET /api/v1/orgs/<org-id>/default-roles will return all default object roles for an organization, POST /api/v1/orgs/<org-id>/default-roles/<object-type> will create a new object role for a given object type (e.g. project), DELETE /api/v1/orgs/<org-id>/default-roles/<role-id> will delete a default role.

UI Changes

The following changes were introduced in the Kodex user interface:

to be done, will be updated shortly

v0.2.17 - January 20, 2023

This is a bugfix release:

  • Fix the version of the go-helpers library, which was outdated in the 0.2.16 release causing an issue with environment variables when launching Kodex.

v0.2.16 - January 19, 2023

This is a bugfix release:

  • Fix a problem with single-sign-on (SSO) that caused an unmitigated error in the frontend:
    • Under some circumstances, the REST API returned two concatenated JSON responses containing error information, notably when a given SSO session expired. This led the response parsing to fail in the web application, which in turn caused the application to get stuck in the verification screen.
    • The backend code was fixed to only return a single JSON object with additional error information that can be properly parsed by the web application in these cases.
    • An expired SSO session will now properly trigger the web application to start the re-authentication workflow.