Today, a bugfix release of Open Zaak and broader support release of Open
Notificaties have been issued.
Open Zaak 1.3.3 fixes a number of bugs, including a fix for a CORS-related
security vulnerability. You can find more details in the security advisory
<https://github.com/open-zaak/open-zaak/security/advisories/GHSA-chhr-gxrg...>.
We recommend that you update your installations as soon as possible. The
full release notes can be found in the changelog
<https://open-zaak.readthedocs.io/en/stable/development/changelog.html#id1>.
Open Notificaties 1.1.2 changed the deployment tooling to more easily
support different target platforms. Most notably, RHEL/CentOS are now
explicitly supported. Open Notificaties itself (the application) has not
changed.
As always, images with the appropriate version tags are published on Docker
Hub <https://hub.docker.com/u/openzaak>.
Hi all - this community update aims to give some insight in recent
maintenance that was done to the Open Zaak projects on Github.
We were forced to undertake a number of actions because of external
influences, with the common theme of being "budget" related. Most notably,
our Continuous Integration was affected by these items:
- Travis CI is no longer as Open Source friendly as they used to be (
https://github.com/open-zaak/open-zaak/issues/773)
- Docker Hub is aggressively applying rate limits and altered the
retention conditions of container images (
https://github.com/open-zaak/open-zaak/issues/774)
- Postman mock endpoint collections (hosted) are expensive (
https://github.com/open-zaak/open-zaak/issues/790)
To resolve the CI situation, we've decided to migrate to Github
Workflows/Actions. Github Workflows/Actions are free for public (open
source) repositories, and have a budget of about 2000 minutes/month for
private repositories, which serves our needs well. However, this migration
required time (for free) from the community - all in all this cost about 10
hours to make the necessary changes.
Additionally, Open Zaak has a test suite that verifies the compliance with
the "API's voor Zaakgericht Werken" standard. This test suite used some
mock endpoints hosted on postman.io which became unavailable due to lack of
funding for that subscription. Since this is an extremely important step to
have as part of our CI, it was decided to implement a non-subscription
alternative ourselves, which cost another 2-3 hours to fully set in place.
Of course the good news is that we're confident in the Github Actions
approach, and we've been able to expand the build matrix to include
explicit support for a range of PostgreSQL versions, Postgis versions and
flavours of CMIS-adapter bindings. CI is also a bit more performant now,
because we can reuse build artifacts in different build steps.
We have some lingering issues to resolve - it appears that something in the
test suite is not 100% deterministic, leading to erratic builds, but I'm
sure that will be sorted out.
Best,
Sergei