Veneentekijän(tie|kuja|kaari) +1

Fixes

• Attachment uploading resulted in broken or empty files due to improper stream handling, this behaviour is now fixed. (#2786)

Veneentekijän(tie|kuja|kaari)

NB: This release contains migrations!

Breaking changes

• Application attachment file size can now be limited with configuration option :attachment-max-size. Configuration default size per attachment is 10MB. (#2715)
• REMS standalone CLI no longer starts the server if unrecognized command is passed, and will print help instead. (#2518 #2738)

Additions

• "More info" support for DOI style resources (when :enable-doi flag is set) (#2701)
• There is a new v2 push API to sync entitlements outside of REMS. So far the only supported type is :ega. See configuration.md for more details. (#2466)
• Handlers can be invited to a workflow by email using the API (#2650)
• Entitlement expiration field in application actions will now accept only future dates (#2674)
• Applications can now be removed automatically after an expiration threshold is exceeded, using configuration option :application-expiration. This feature is disabled by default. (#2665)

Changes

• Reviewers are no longer able to see private field questions in generated application pdf. Forms are also no longer rendered in application page if they contain only private fields (#2161)

Vattuniemenkatu

Fixes

• Show the selected but disabled resources in Change resources autocomplete (#2702, #2693)

Nahkahousuntie

Fixes

• Pdf generation failed for applications that had table fields with no rows. Now fixed.
• Fix for missing notification-email from user settings

Additions

• Pdf applications now contain license text (for inline licenses), url (for link licenses) or attachment name (for attachment licenses), and license acceptance status for applicant and members. (#2688)

Särkiniemientie

Changes

• The "Attachments (zip)" button in the UI now only downloads the current application attachments. Event attachments and previous versions of application attachments are left out. The full zip is still available via the API. (#2453)
• Changes to theming: (#2588)
  • Theme variables are now documented in resources/config-defaults.edn.
  • The :nav-color now simply defaults to :link-color. Previously, it defaulted to :color3 if :link-color is unset.
  • The theme variables :danger-color (didn't really affect anything) and :phase-background-active (wasn't used, overlaps with :phase-bgcolor-active) have been removed.
  • The default theme has minor visual changes:
    • color2 is lighter
    • table hover highlight is now dark-on-light instead of light-on-dark
    • link color used in nav bar
  • Some theme-related code was rewritten. There should be no changes to appearance, but bugs are possible.
• Setting :log-authentication-details now prints out details for failed OIDC HTTP requests.
• More validations in the API:
  • the values of multiselect fields (/api/applications/save-draft)
  • option and column keys (/api/forms/create, /api/forms/edit)

Fixes

• Errors for invalid inputs (field values that are too long, invalid email addresses, etc.) are now rendered nicely. Previously the applicant just saw a "Save draft: Failed" message. (#2611)
• The application page no longer jumps to the top after adding an attachment. (#2616)
• Deleting drafts with attachments now works.
• A handler is now considered a handler even before first application comes in.

Additions

• REMS now supports PostgreSQL version 13. (#2642)
• Experimental GA4GH Permissions API now allows users to query their own permissions via /api/permissions/:user. (#2631)
• The handler can now change the applicant of a submitted application. (#2581)
  • This feature can be disabled by adding :application.command/change-applicant to :disable-commands.
• Multiselect fields can now be used to control visibility of other fields. (#1947)

Isokaari

NB: This release contains migrations!

Breaking changes

• A new form field type "table" is now available. A table has a predefined set of columns, and applicants can fill in as many rows as they wish. You can not roll back to an earlier release once your database contains applications with filled-in table fields. You will need to fix the database manually. (#2551)

Changes

• Forms now have both an internal name as well as a localized title instead of the non-localized title. (#2066)
  • The old style form titles are now deprecated in the API and a migration copies the title to the internal name. Please, check and optionally change the form titles after the migration!
  • Prefer the new internal-name or external-title fields instead.
  • The external title is shown to applicants in the application and internal name used throughout the administration.
  • The API supports the old style for now.
• Answers to conditional fields that are not visible are no longer stored by REMS. The API accepts answers for invisible fields but drops them. The UI does not send answers to invisible fields. (#2574)
• The "Assign external id" action now shows the previous assigned external id. (#2530)
• The form editor UI was reworked to look less cluttered. Many inputs are now hidden behind "Show" buttons by default. (#1899)
• It is now possible to create catalogue items without a form via both the API and the UI. (#2603)

Fixes

• Searching for applications by the original REMS generated id works, even if another id has been assigned. (#2564)
• GA4GH Visa (output by the experimental /api/permissions API) timestamps are now in seconds, instead of milliseconds. (#2554)
• The REMS reset command line command now works even when you have duplicate resource ids in the database. (#2557)
  • In practice, this means that REMS will not recreate the unique constraint on resource ids, even when rolling back to old database schema versions.
• The form editor now checks that table, option and multiselect fields are created with at least one column/option. (#2564)
• The multiselect field label wasn't being bolded.
• Info text icon could appear even though the field description was empty.
• Changes to the default translation for the required form field: does not include an asterisk sign anymore.
• Fixed occasional "Invalid path whitelist entry" error when adding/updating api keys.

Additions

• The example-theme now uses the Lato font.
• The field id can now be changed in the form editor. (#1804)
• "More info" support for EGA style resources (when :enable-ega flag is set) (#2466)
• Add phone number to field types in the form. (#2552)

Länsiväylä

Changes

• REMS no longer sends the Server: HTTP header to avoid leaking version information. (#2216)
• Text descriptions of some events in the log were phrased better. The created event also shows the original external id. (#2614)
• REMS now consistently uses the application server clock when creating timestamps. Previously, database time was used in some situations, leading to minor inconsistencies. Requires migration, but does not change visible behaviour. (#2540)

Fixes

• CSS files are now marked as cacheable by browsers. In v2.15 they were mistakenly marked as uncacheable. (#2484)
• OIDC signing keys are now always fetched on login, fixing issues with OIDC key rotation requiring a REMS restart. (#2497)
• /api/resource/, /api/license/ and /api/organization/ now return HTTP 404 responses if id is not found.

Additions

• The browser tests will now fail if there are any accessibility violations. (#2463)
• The OIDC configuration is now validated, and REMS refuses to start without a valid OIDC configuration. See the :oidc-metadata-url configuration variable and configuration.md. (#2519)
• The handler can be shown both the assigned external id and the original REMS generated external id. This behavior can be enabled by changing the :application-id-column config to :generated-and-assigned-external-id. These have also been added as new values to the data model and the original :application/external-id kept as it is. (#2614)
• The navbar can be configured to show a logo image. When the :navbar-logo-name config is provided, the logo is shown in the navbar (top navigation menu). This logo also can be customized per language like the regular logo. (#2363)

Tapiolantie

Changes

• The actions area has been adjusted to work better on small screens. (#2501)
• Copying a draft application will now create a new draft but without a link to the previous (draft) application. (#2496)

Fixes

• Various HTTP caching issues resolved. Users should no longer get an old app.js from their browser cache. (#2484)
• Fixed link in the "You will need to add an email address to your settings" notification. (#2503)
• Previous application history shown to the handler is now correctly limited to the members of the application. (#2470)

Additions

• Workflow organization can now be edited. (#2333)

Itätuulentie 2

This is a bugfix release for v2.14.

Change since v2.14

Fixes

• Fixed small issues in the form editor regarding validating empty values and field description (#2399)
• Reading of :oidc-domain config option was broken in v2.14, now fixed. (#2489)
• Hide decider/reviewer invitation events from applicant. (#2485)

Itätuulentie

Changes since v2.13

Breaking changes

• Dropped support for shibboleth authentication. (#1235)
• Dropped support for running REMS under tomcat. Dropped support for building the rems.war uberwar. (#1235)

Changes

• The development login page now uses the actual app styles.
• Changed the translations of the request recipients (now accounts for the singular or plural depending on the request type).
• Drafts can now be submitted for disabled catalogue items. A warning is shown for handlers when viewing an application for a disabled catalogue item. (#2436)
• New drafts can no longer be created for disabled catalogue items. (#2436)
• Empty reviews and remarks can't be sent via the UI anymore. Either a comment or an attachment must be provided. (#2433)
• Application members are sorted by name
• New :oidc-metadata-url config option replaces :oidc-domain. The old :oidc-domain option is still supported for now but will emit a warning. See docs/configuration.md. (#2462)

Fixes

• New organizations can be immediately used for creating resources etc. Previously a reload of the page was needed. (#2359)
• Catalogue item editor didn't properly show forms, resources or workflows if they were disabled or archived (#2335)
• Add vertical margins around search field for better readability (#2330)
• Workflow editor didn't properly show forms that were disabled or archived (#2335)
• Check file extensions ignoring case (#2392)
• Fixed java -jar rems.jar help. See docs/installing-upgrading.md
• Inconsistencies organization owner logic. (#2441)
• Fix accessibility problems with aria-required attribute placement and increase default link contrast (#2431)
• Small navbar is now properly closed after a link is clicked (#1194)
• Fixed an issue where changing field type to label after entering field description crashes form editor (#2399)
• Catalogue item organization can be edited (#2333)
• Catalogue item editor now starts empty when creating a new item after editing. (#2333)
• Hide organization creation button from non-owners who don't have the right to create organizations
• Fixed exporting an application to PDF when there are multiple attachments in one field. (#2469)

Additions

• All fields can have an info text, shown if the small icon is clicked. (#1863)
• Experimental permissions API that produces GA4GH Visas is now documented in docs/ga4gh-visas.md
• OIDC scopes are configurable via :oidc-scopes. See docs/configuration.md.
• REMS now reads GA4GH Passports on login and stores the ResearcherStatus of the user. See docs/ga4gh-visas.md. (#2124)
• Automated accessibility test report using axe (#2263)
• Settings page renamed to Profile, now also contains info about user attributes.
• In docker-entrypoint script CMD environment variable may be used instead of COMMANDS. CMD allows REMS commands with arguments to be used. See docs/installing-upgrading.md.
• Deciders and reviewers can now be invited via email. (#2040)
  • New invite-decider and invite-reviewer commands in the API & UI
  • Commands are available to the handler on submitted applications. See permission table.
• The first version of REMS user manual
• Experimental bona fide bot for granting peer-verified ResearcherStatus visas. See docs/bots.md.
• Assign external id button can now be shown for handlers with the :enable-assign-external-ui config flag (defaults to false). See resources/config-defaults.edn. (#2476)
• The :oidc-userid-attribute configuration option can now contain a list of attributes to try in order. See docs/configuration.md. (#2366)