Skip to content

Tags: maykinmedia/open-api-framework

Tags

0.9.2

0.9.2 (2025-01-02)

------------------

**Security updates**

* Upgrade django to 4.2.17

0.9.1

*Bugfixes/QOL**

* Change ``LOG_STDOUT`` default value to True
* Re-add separate ``CELERY_LOGLEVEL`` configuration setting

0.9.0

**New Features**

* Add ``SESSION_COOKIE_AGE`` configurable setting
* Add user session management admin

**Bugfixes/QOL**

* fix runtime configuration for django-log-outgoing-requests

0.8.1

**Bugfixes/QOL**

* Change SESSION_COOKIE_SAMESITE to "Lax" to fix OIDC (#72)
* Remove url from SECRET_KEY help text (#76)
* Change CSP headers to support API schema page

0.8.0

**New features**

* Add Django CSP with configurable settings
* Add SECURE_HSTS_SECONDS and CSRF_COOKIE_HTTPONLY settings

.. warning::

    SECURE_HSTS_SECONDS has been added with a default of 31536000 seconds, ensure that
    before upgrading to this version of open-api-framework, your entire application is served
    over HTTPS, otherwise this setting can break parts of your application (see https://docs.djangoproject.com/en/4.2/ref/middleware/#http-strict-transport-security)

**Bugfixes/QOL**

* Fix rendering for envvar defaults (previously quotes were escaped)
* Move ``CACHE_DEFAULT``, ``CACHE_AXES``, ``EMAIL_HOST`` envvars to Required group (because they are required for Docker)
* Add CI job to check if all envvars are either documented or excluded from documentation

0.7.1

**Bugfixes**

* Add missing help_text for SESSION_COOKIE_SAMESITE and CSRF_COOKIE_SAMESITE envvars

0.7.0

**New features**

* Management command to generate documentation for environment variables
* Made SESSION_COOKIE_SAMESITE and CSRF_COOKIE_SAMESITE configurable via environment variables (default ``Strict``)

0.6.1

0.6.1 (2024-07-31)

0.6.0

0.6.0 (2024-07-04)

------------------

**New features**

* Use the callback class from mozilla-django-oidc-db to allow for a custom error view

0.5.0

Minor release to tweak some settings and add minor functionality

**New features**

* Add password to ``AXES_SENSITIVE_PARAMETERS``
* Use stricter ``django-axes`` settings
    * ``AXES_FAILURE_LIMIT`` changed from ``10`` to ``5``
    * ``AXES_COOLOFF_TIME`` changed from ``1`` to ``5`` minutes
* Make more ``log-outgoing-requests`` settings configurable
    * ``LOG_OUTGOING_REQUESTS_EMIT_BODY`` (default ``True``)
    * ``LOG_OUTGOING_REQUESTS_DB_SAVE_BODY`` (default ``True``)
* Add base template to display current version in admin

**Bugfixes**

* Remove FIXTURE_DIRS setting and add root level app to INSTALLED_APPS

**Other**

* Move documentation to readthedocs