Skip to content

Releases: on-prem/jidoteki-admin-api

Minor fixes

01 Nov 05:54
@aw aw
v1.18.1
c957b0d
This commit was signed with the committer’s verified signature.
aw Alex Williams
GPG key ID: 19EE4AAA361A7E2C
Learn about vigilant mode.
Compare
Choose a tag to compare
Minor fixes
  • [dashboard] Ensure Backup/Restore section displays the alert and status panel when needed
  • [dashboard] Set autocomplete=off on login/token page, instead of autocomplete=false
Assets 2
Loading

Security improvements

25 Oct 12:15
@aw aw
v1.18.0
93170f6
This commit was signed with the committer’s verified signature.
aw Alex Williams
GPG key ID: 19EE4AAA361A7E2C
Learn about vigilant mode.
Compare
Choose a tag to compare
Security improvements

Bug fixes

  • [api/dashboard] Jidoteki issue #416 - Authenticated API endpoint validation
    Certain authenticated API endpoints are not validating the length of strings,
    or the type of data which can be submitted. This could lead to unexpected
    behaviour or XSS script injection.
    All API endpoints and dashboard forms are correctly validated and escaped as of v1.18.0

New features

  • [api] Add /backup endpoints to create/delete/restore a backup
  • [api] Add /endpoints endpoint to list all API endpoints
  • [api] Add the ability to disable "optional" API endpoints (ex: /backup)
  • [api] Add audit-logging to authentication and new API calls

Minor fixes

  • [api] Ensure /health endpoint is not cached
  • [api] Refactor redundant functions
  • [api] Add regression tests for new features and validations
  • [api] Remove PicoLisp namespaces/symbols in unit tests
  • [dashboard] Update Fontello fonts
  • [dashboard] Standardize the look and feel of each section
  • [dashboard] Add Jidoteki footer to bottom of Dashboard UI
  • [dashboard] Split API documentation into two main sections: default and optional endpoints
  • [deps] Update picolisp-json, picolisp-semver, and picolisp-unit dependencies

Potentially breaking changes

HTTP security headers are included in every HTTPS request:

  • Strict-Transport-Security: max-age=31536000 ; includeSubDomains
  • X-Frame-Options: deny
  • X-XSS-Protection: 1
  • X-Content-Type-Options: nosniff

All authenticated API endpoints are now validated, and will not accept missing or invalid data:

  • POST /setup: newtoken parameter only accepts printable ASCII characters (ASCII codes 33-126, no spaces)
    This change does not affect existing tokens which may contain non-printable characters
  • POST /settings: settings parameter validates each network value:
    • interface (required): a-zA-Z0-9 (alphanumeric), between 3 and 14 characters
      (Not required prior to v1.18.0)
    • hostname (required): a-zA-Z0-9 (alphanumeric) + .-, between 3 and 255 characters
      (Not required prior to v1.18.0)
    • ip_address: abcdef0123456789ABCDEF.:, between 3 and 45 characters
    • netmask: abcdef0123456789ABCDEF.:, between 3 and 45 characters
    • gateway: abcdef0123456789ABCDEF.:, between 3 and 45 characters
    • dns1: abcdef0123456789ABCDEF.:, between 3 and 45 characters
    • dns2: abcdef0123456789ABCDEF.:, between 3 and 45 characters
    • ntpserver: a-zA-Z0-9 (alphanumeric) + .-:, between 3 and 255 characters
  • POST /storage: settings parameter validates each storage value:
    • [nfs] mount_options (required): a-zA-Z0-9 (alphanumeric) + .-=,, between 3 and 255 characters
    • [nfs] ip (required): abcdef0123456789ABCDEF.:, between 3 and 45 characters
    • [nfs] share (required): a-zA-Z0-9 (alphanumeric) + .-_/, between 3 and 255 characters
    • [aoe] device (required): a-zA-Z0-9 (alphanumeric) + .-, between 3 and 255 characters
    • [iscsi] target (required): a-zA-Z0-9 (alphanumeric) + .-_:, between 3 and 255 characters
    • [iscsi] ip (required): abcdef0123456789ABCDEF.:, between 3 and 45 characters
    • [iscsi] username (required): printable ASCII characters (ASCII codes 33-126, no spaces), between 3 and 255 characters
    • [iscsi] password (required): printable ASCII characters (ASCII codes 33-126, no spaces), between 3 and 255 characters
    • [nbd] export_name (required): a-zA-Z0-9 (alphanumeric) + .-_/, between 3 and 255 characters
    • [nbd] ip (required): abcdef0123456789ABCDEF.:, between 3 and 45 characters
    • [nbd] port (required): 0-9 (numeric) + .-_/, between 1 and 5 characters

All "optional" endpoints are disabled by default:

  • Configure the /usr/local/etc/jidoteki-admin-api.json file to enable the endpoints
    (network settings, certs, license, storage, backup)

"400 Bad Request" responses are descriptive:

  • Many (not all) 400 Bad Request responses now contain an Error-Message string and HTTP header
Assets 2
Loading

NTP fixes

25 Oct 11:22
@aw aw
v1.17.0
2483b2d
This commit was signed with the committer’s verified signature.
aw Alex Williams
GPG key ID: 19EE4AAA361A7E2C
Learn about vigilant mode.
Compare
Choose a tag to compare
NTP fixes
  • Ensure NTP server is configurable and displayed correctly. #20
Assets 2
Loading

Minor fixes

27 Jul 00:58
@aw aw
v1.16.0
8bfde39
This commit was signed with the committer’s verified signature.
aw Alex Williams
GPG key ID: 19EE4AAA361A7E2C
Learn about vigilant mode.
Compare
Choose a tag to compare
Minor fixes
  • Ensure '/changelog' returns a no-cache header
  • Ensure '/build' returns a no-cache header
  • Fix parsing of '/services' with capital T. #30
  • Disable all versions of TLS/SSL except TLSv1.2
  • Disable form autocomplete on login/token page
Assets 2
Loading

Add '/health' endpoint

15 Apr 08:35
@aw aw
v1.15.0
9c7f6a4
This commit was signed with the committer’s verified signature.
aw Alex Williams
GPG key ID: 19EE4AAA361A7E2C
Learn about vigilant mode.
Compare
Choose a tag to compare
Add '/health' endpoint
  • Add '/health' endpoint to retrieve information about appliance health
  • Add 'picolisp-semver' module dependency
  • Display health status at top Admin Dashboard
  • Return jqXHR on API call errors for easier debugging
  • Fix disk usage graph display. #26
Assets 2
Loading

Add '/build' endpoint

12 Feb 04:15
@aw aw
v1.14.0
726578b
This commit was signed with the committer’s verified signature.
aw Alex Williams
GPG key ID: 19EE4AAA361A7E2C
Learn about vigilant mode.
Compare
Choose a tag to compare
Add '/build' endpoint
  • Add '/build' endpoint to retrieve information about the specific build. #28
  • Make storage options "optional". #27
  • Add extra Storage options, such as NBD, AoE, iSCSI
  • Fix short API token issue. #25
Assets 2
Loading

Add 'storage' endpoint

12 Jan 02:54
@aw aw
v1.13.0
b0502e7
This commit was signed with the committer’s verified signature.
aw Alex Williams
GPG key ID: 19EE4AAA361A7E2C
Learn about vigilant mode.
Compare
Choose a tag to compare
Add 'storage' endpoint
  • Add endpoint to upload and update persistent Storage options
Assets 2
Loading

Add '/services' endpoint and RRD graphs

23 Nov 03:30
@aw aw
v1.12.0
751620e
Compare
Choose a tag to compare
Add '/services' endpoint and RRD graphs
  • Display RRD graphs in 'Monitor' (new) section
  • Fix '/certs' validation bypass. #22
  • Add '/services' endpoint. #11
  • Add 'error-message' and 'error-code' to update status responses. #23
Assets 2
Loading

Update to support custom code

12 Sep 05:51
@aw aw
v1.11.0
b5165c1
This commit was signed with the committer’s verified signature.
aw Alex Williams
GPG key ID: 19EE4AAA361A7E2C
Learn about vigilant mode.
Compare
Choose a tag to compare
Update to support custom code
  • Add 'JIDO_API_CUSTOM' env variable for loading custom API code, docs, html
Assets 2
Loading

Update API documentation

17 May 16:12
@aw aw
v1.10.2
f5c6aed
This commit was signed with the committer’s verified signature.
aw Alex Williams
GPG key ID: 19EE4AAA361A7E2C
Learn about vigilant mode.
Compare
Choose a tag to compare
Update API documentation
  • Update API Documentation to be much more clear and better organized
Assets 2
Loading