openzaak-discuss December 2020

openzaak-discuss@lists.publiccode.net

1 participants
2 discussions

Open Zaak 1.3.3 and Open Notificaties 1.1.2 released (fixes CVE-2020-26251)

by Sergei Maertens

Today, a bugfix release of Open Zaak and broader support release of Open Notificaties have been issued. Open Zaak 1.3.3 fixes a number of bugs, including a fix for a CORS-related security vulnerability. You can find more details in the security advisory <https://github.com/open-zaak/open-zaak/security/advisories/GHSA-chhr-gxrg...>. We recommend that you update your installations as soon as possible. The full release notes can be found in the changelog <https://open-zaak.readthedocs.io/en/stable/development/changelog.html#id1>. Open Notificaties 1.1.2 changed the deployment tooling to more easily support different target platforms. Most notably, RHEL/CentOS are now explicitly supported. Open Notificaties itself (the application) has not changed. As always, images with the appropriate version tags are published on Docker Hub <https://hub.docker.com/u/openzaak>.

2 years, 5 months

Status update on CI migration & related issues

by Sergei Maertens

Hi all - this community update aims to give some insight in recent maintenance that was done to the Open Zaak projects on Github. We were forced to undertake a number of actions because of external influences, with the common theme of being "budget" related. Most notably, our Continuous Integration was affected by these items: - Travis CI is no longer as Open Source friendly as they used to be ( https://github.com/open-zaak/open-zaak/issues/773) - Docker Hub is aggressively applying rate limits and altered the retention conditions of container images ( https://github.com/open-zaak/open-zaak/issues/774) - Postman mock endpoint collections (hosted) are expensive ( https://github.com/open-zaak/open-zaak/issues/790) To resolve the CI situation, we've decided to migrate to Github Workflows/Actions. Github Workflows/Actions are free for public (open source) repositories, and have a budget of about 2000 minutes/month for private repositories, which serves our needs well. However, this migration required time (for free) from the community - all in all this cost about 10 hours to make the necessary changes. Additionally, Open Zaak has a test suite that verifies the compliance with the "API's voor Zaakgericht Werken" standard. This test suite used some mock endpoints hosted on postman.io which became unavailable due to lack of funding for that subscription. Since this is an extremely important step to have as part of our CI, it was decided to implement a non-subscription alternative ourselves, which cost another 2-3 hours to fully set in place. Of course the good news is that we're confident in the Github Actions approach, and we've been able to expand the build matrix to include explicit support for a range of PostgreSQL versions, Postgis versions and flavours of CMIS-adapter bindings. CI is also a bit more performant now, because we can reuse build artifacts in different build steps. We have some lingering issues to resolve - it appears that something in the test suite is not 100% deterministic, leading to erratic builds, but I'm sure that will be sorted out. Best, Sergei

2 years, 5 months

2023

2022

2021

2020

openzaak-discuss December 2020