REL: 1.2.5 Limit allowed Event fields

Author: wagner-intevation

CHANGELOG.md

@@ -2,6 +2,27 @@ CHANGELOG
 =========
 
 
+1.2.5: Limit allowed Event fields
+---------------------------------
+
+## Configuration
+* New parameter `allowed_event_fields` to limit the list of allowed event field names.
+  Default (unset) is to allow all fields.
+
+## Backend
+* Add check for `allowed_event_fields`
+
+## Frontend
+* Template preview
+     * Add support for unsigned (plain/text) e-mails
+     * Show Content Type of resulting e-mail
+* Modal window for row details (events, bot logs):
+     * add line-wrapping for code blocks
+     * format the section headings better
+
+## Documentation
+* mailgen: add notes on database privs and gnupg
+
 1.2.4: Field name selector improvements
 ---------------------------------------
 

client/src/components/WebinputCSV.vue

@@ -828,7 +828,7 @@ export default ({
       errorMessage: null,
       showErrorModal: false,
       mailgenTargetGroups: [],
-      clientVersion: "1.2.4",
+      clientVersion: "1.2.5",
       templateDeletionModal: false,
       templateToDelete: {'index': null, 'template_name': null},
       mailgenTemplate: '',

debian/changelog

@@ -1,3 +1,22 @@
+intelmq-webinput-csv (1.2.5-1) stable; urgency=medium
+
+  * Configuration
+    * New parameter `allowed_event_fields` to limit the list of allowed event field names.
+      Default (unset) is to allow all fields.
+  * Backend
+    * Add check for `allowed_event_fields`
+  * Frontend
+    * Template preview
+      * Add support for unsigned (plain/text) e-mails
+      * Show Content Type of resulting e-mail
+    * Modal window for row details (events, bot logs):
+      * add line-wrapping for code blocks
+      * format the section headings better
+  * Documentation
+    * mailgen: add notes on database privs and gnupg
+
+ -- Sebastian Wagner <[email protected]>  Tue, 20 Aug 2024 18:17:42 +0200
+
 intelmq-webinput-csv (1.2.4-1) stable; urgency=medium
 
   * Backend: New API endpoint to check the validity of a field name with IntelMQ.

docs/user-guide.rst

@@ -84,7 +84,7 @@ Usual configuration parameters
    with bots, no data will be written anywhere, neither to an IntelMQ pipeline,
    nor to the database!
 - ``allowed_event_fields``: A list of `IntelMQ Event Field Names
-  <https://docs.intelmq.org/latest/user/event/#fields-reference>_` which are
+  <https://docs.intelmq.org/latest/user/event/#fields-reference>`_ which are
   allowed for user input. If left empty, all fields are allowed (default).
   The check is applied in the frontend (field selection for columns) and backend.
   The check does **not** apply to constant fields and custom input fields!
@@ -172,7 +172,7 @@ A few things need to be considered for the setup and configuration:
       GRANT INSERT ON TABLE events TO intelmq_mailgen;
       GRANT INSERT ON events_id_seq TO intelmq_mailgen;
 
-2. For OpenPGP-signatures in maigen, the webserver user must have sufficient privileges to the gnupg home directory
+2. For OpenPGP-signatures in mailgen, the webserver user (or the user running the WSGI process) must have sufficient privileges to the gnupg home directory
 
    1. write access on the directory itself to create temporary files
    2. read access to all files in the directoy

intelmq_webinput_csv/version.py

@@ -1,4 +1,4 @@
 # SPDX-FileCopyrightText: 2017-2018 nic.at GmbH <[email protected]>, 2022-2024 Bundesamt für Sicherheit in der Informationstechnik
 # SPDX-License-Identifier: AGPL-3.0-or-later
-__version_info__ = (1, 2, 4)
+__version_info__ = (1, 2, 5)
 __version__ = '.'.join(map(str, __version_info__))