Release Notes

For: uc-cdis/fence
Notes since tag: 11.2.1
Notes to tag/commit: cb515dd
Generated: 2025-05-27

Bug Fixes

• Ensure prometheus env var and directory exist by adding to Dockerfile
  (eventually we should do this in the base image) (#1259)

Improvements

• Clear out old, unused files and code (#1259)
• When a bucket is missing from the S3_BUCKET configuration, print an info
  log instead of a debug log to facilitate understanding issues in production
  (#1251)
• Add native docker builds for amd and arm in github actions. (#1236)

What's Changed

• Fix/registration digest method by @k-burt-uch in #1250

Full Changelog: 11.2.0...11.2.1

Release Notes

For: uc-cdis/fence
Notes since tag: 11.1.0
Notes to tag/commit: 0cea33a
Generated: 2025-04-30

Improvements

• IP Address of user is now logged (#1245)
• Clarify what the MAX_ACCESS_TOKEN_TTL setting is for in the configuration
  comments (#1247)

Dependency Updates

• Bump jinja2 to ^3.1.6. (#1246)
• Updated to use Quay.io instead of ECR (#1243)
• Bumped cryptography to 44.0.1 (#1240)

Release Notes

For: uc-cdis/fence

Notes since tag: 11.0.2

Notes to tag/commit: dccf559

Generated: 2025-03-20

Improvements

• Run gunicorn as a gen3 user as opposed to root user (#1228)
• Add the database migrations directory to the unit test coverage report
  (#1232)
• minor format change to help with readability (#1231)
• Update to use new Amazon Linux base image and use the same structure as our
  other python services. (#1207)
• Moving to Poetry to manage our virtual environments (#1207)
• Multi-stage Docker builds for smaller images (#1207)
• Move to Gunicorn (#1207)

Bug Fixes

• Fix the _version endpoint not to return empty values (#1232)
• fix the 'None' string appearing because of yaml variable with no value
  (#1231)
• Fixed usersync decrypted result not parsing (#1230)
• fix --no-dev docker issue with updated poetry instance (#1210)

Release Notes

For: uc-cdis/fence

Notes since tag: 11.0.1

Notes to tag/commit: 11.0.2

Generated: 2025-02-17

Bug Fixes

• Fix bug where usersync would not properly revoke policies in arborist for
  data commons that historically have used all caps usernames. (#1225)

Improvements

• Add logging for discovery doc resolution, when dbgap_permissions expire
  from passports and when passports are cached. (#1223)
• Removed unused debug logs. (#1223)
• Fix typo in ClientAuthenication log (#1221)

Release Notes

For: uc-cdis/fence

Notes since tag: 11.0.0

Notes to tag/commit: 11.0.1

Generated: 2025-01-27

Bug Fixes

• Fix timeout when user with large passport logs in by skipping
  grant_from_storage. (#1219)

For: uc-cdis/fence

Notes since tag: 10.4.1

Notes to tag/commit: 11.0.0

Generated: 2025-01-23

New Features

• new endpoint to soft-delete users in Fence. (#1189)
• adds a unit test to check if s3 bucket regex validation is behaving as
  expected (#1196)
• feat: new config option to allow only existing OR active users to login
  (#1184)

Breaking Changes

• remove role field from /admin/user POST endpoint (#1202)
• set User.is_admin to DEPRECATED (#1202)
• deprecation notices for future breaking changes where we'll remove a number
  of legacy endpoints (#1201)
• some of the admin endpoints and methods now expect username instead of
  name. (#1189)

Bug Fixes

• Exchange Area projects no longer cause exceptions when applied from a
  passport (#1216)
• Google group sync no longer runs on login when a passport is issued.
  (#1216)
• Update documentation link in setup.md (#1194)

Improvements

• consolidate on use of username instead of a mix of name and username
  in the /admin/user endpoints. (#1189)
• The /admin endpoints in Fence are protected by a check agains Arborist
  permissions instead of checking for user.is_admin in DB (#1190)
• feat: add extra (optional) fields to "create user" /admin/user POST
  endpoint (#1185)
• to make user creation more uniform, reflecting what is also done elsewhere
  (#1185)
• in fence/sync/sync_users.py
  _upsert_userinfo()
  for example (#1185)

Dependency Updates

• Bumps werkzeug from 3.0.4 to 3.0.6.
  (#1192)

Deployment Changes

• activation of the feature depends on a new configuration setting:
  ALLOW_NEW_USER_ON_LOGIN (#1184)

Release Notes

For: uc-cdis/fence

Notes since tag: 10.4.0

Notes to tag/commit: 10.4.1

Generated: 2024-10-28

Bug Fixes

• Fixed a bug cause Fence to unable to generate presigned URL for S3 buckets
  in fence config that has wildcard characters in their names (#1193)

Deployment Changes

• any env that has S3 buckets in fence config that has wildcard characters
  should consider adpoting this release (#1193)

Release Notes

For: uc-cdis/fence

Notes since tag: 10.3.1

Notes to tag/commit: 10.4.0

Generated: 2024-09-11

Bug Fixes

• Fixes issue where google group updates for passport sync would clear
  existing membership from Google Bucket Access Groups. (#1177)

Release Notes

For: uc-cdis/fence

Notes since tag: 10.3.0

Notes to tag/commit: 10.3.1

Generated: 2024-08-29

Bug Fixes

• Use auto addressing style for presigned url generation (attempts to use
  virtual, but falls back to path if necessary) (#1179)
• Pass endpoint_url from Fence config to boto3 client for presigned url
  creation (#1179)