v0.34.1

Changes by Kind

Bug fixes

Fix an error that could occur when statistics for a realm are missing or incomplete.

Dependencies

Added

Nothing has changed.

Changed

Nothing has changed.

Removed

Nothing has changed.

v0.34.0

Changes by Kind

UX Tweaks

• CSS Tweaks for user report webview. (#2177, @mikehelmick)
• Update logo colors and purge favicon caches on release. (#2180, @sethvargo)

Bugfixes

• Fix an issue with the client-side javascript when registering a new MFA device. (#2178, @sethvargo)
• More gracefully handle validation errors for duplicate names on authorized apps, mobile apps, and the system admin view for creating realms. (#2182, @sethvargo)

Functional changes

• Extend statistics retention to 90 days. (#2181, @sethvargo)

Dependencies

Added

Nothing has changed.

Changed

• github.com/google/exposure-notifications-server: v0.33.0 → v0.34.0

Removed

Nothing has changed.

v0.33.1

Release notes for v0.33.1

Changelog since v0.33.0

Changes by Kind

Bug fixes and improvements

• CSS Tweaks for user report webview. (#2177, @mikehelmick)
• Fix an issue with the client-side javascript when registering a new MFA device. (#2178, @sethvargo)

Dependencies

Added

Nothing has changed.

Changed

Nothing has changed.

Removed

Nothing has changed.

v0.33.0

Changes since v0.32.0

AppSync

• AppSync - all Android ENX apps will use picker when imported. (#2172, @mikehelmick)

Misc

• Only prompt the user to select the MFA device when more than one device is registered. (#2173, @sethvargo)

User Report

• Add user-report example to /api/verify documentation (#2174, @mikehelmick)
• User report web view redesign and refresh of default strings and translations. (#2168, @mikehelmick)

Dependencies

Added

• github.com/asaskevich/govalidator: f21760c
• github.com/benbjohnson/clock: v1.1.0
• github.com/bits-and-blooms/bitset: v1.2.0
• github.com/cenkalti/backoff/v3: v3.2.2
• github.com/cncf/xds/go: fbca930
• github.com/go-kit/log: v0.1.0
• github.com/orisano/pixelmatch: 4fa4c7b
• go.opentelemetry.io/proto/otlp: v0.7.0
• go.uber.org/goleak: v1.1.10

Changed

• cloud.google.com/go/storage: v1.15.0 → v1.16.0
• cloud.google.com/go: v0.83.0 → v0.87.0
• contrib.go.opencensus.io/exporter/stackdriver: v0.13.6 → v0.13.8
• github.com/Azure/azure-sdk-for-go: v55.1.0+incompatible → v55.7.0+incompatible
• github.com/Azure/azure-storage-blob-go: v0.13.0 → v0.14.0
• github.com/Azure/go-ansiterm: d6e3b33 → d185dfc
• github.com/Azure/go-autorest/autorest/azure/auth: v0.5.7 → v0.5.8
• github.com/alecthomas/units: ff826a3 → f65c72e
• github.com/aws/aws-sdk-go: v1.38.56 → v1.40.2
• github.com/chromedp/cdproto: 9e51b90 → 7d28b40
• github.com/chromedp/chromedp: v0.7.3 → v0.7.4
• github.com/cilium/ebpf: v0.5.0 → v0.6.2
• github.com/coreos/go-systemd/v22: v22.3.1 → v22.3.2
• github.com/envoyproxy/go-control-plane: 668b12f → 63b5d3c
• github.com/felixge/httpsnoop: v1.0.1 → v1.0.2
• github.com/go-playground/validator/v10: v10.4.1 → v10.7.0
• github.com/gobwas/ws: v1.1.0-rc.5 → v1.1.0
• github.com/gofrs/uuid: v3.2.0+incompatible → v4.0.0+incompatible
• github.com/golang/mock: v1.5.0 → v1.6.0
• github.com/golang/snappy: v0.0.3 → v0.0.4
• github.com/google/exposure-notifications-server: v0.32.0 → v0.33.0
• github.com/google/pprof: 01bbb19 → a478d1d
• github.com/google/uuid: v1.2.0 → v1.3.0
• github.com/hashicorp/go-hclog: v0.14.1 → v0.16.1
• github.com/hashicorp/hcl: 2 → 3
• github.com/hashicorp/vault/api: v1.1.0 → v1.1.1
• github.com/hashicorp/vault/sdk: v0.2.0 → v0.2.1
• github.com/jackc/pgconn: v1.8.1 → v1.9.0
• github.com/jackc/pgmock: 13a1b77 → 4fe30f7
• github.com/jackc/pgproto3/v2: v2.0.7 → v2.1.1
• github.com/jackc/pgtype: v1.7.0 → v1.8.0
• github.com/jackc/pgx/v4: v4.11.0 → v4.12.0
• github.com/json-iterator/go: v1.1.10 → v1.1.11
• github.com/leodido/go-urn: v1.2.0 → v1.2.1
• github.com/mattn/go-isatty: v0.0.12 → v0.0.13
• github.com/microcosm-cc/bluemonday: v1.0.9 → v1.0.15
• github.com/nyaruka/phonenumbers: v1.0.69 → v1.0.70
• github.com/opencontainers/runc: v1.0.0-rc95 → v1.0.1
• github.com/opencontainers/selinux: v1.8.0 → v1.8.2
• github.com/pierrec/lz4: v2.6.0+incompatible → v2.6.1+incompatible
• github.com/prometheus/client_golang: v1.10.0 → v1.11.0
• github.com/prometheus/common: v0.25.0 → v0.29.0
• github.com/prometheus/procfs: v0.6.0 → v0.7.0
• github.com/prometheus/statsd_exporter: v0.20.2 → v0.21.0
• github.com/shopspring/decimal: 02e2044 → v1.2.0
• github.com/ugorji/go/codec: v1.1.7 → v1.2.6
• github.com/ugorji/go: v1.1.7 → v1.2.6
• go.uber.org/atomic: v1.7.0 → v1.9.0
• go.uber.org/zap: v1.17.0 → v1.18.1
• golang.org/x/crypto: c07d793 → a769d52
• golang.org/x/net: abc4532 → 853a461
• golang.org/x/oauth2: f6687ab → a41e5a7
• golang.org/x/sys: 9665404 → 0f9fa26
• golang.org/x/time: ed9ce3a → 38a9dc6
• golang.org/x/tools: v0.1.2 → v0.1.5
• google.golang.org/api: v0.48.0 → v0.50.0
• google.golang.org/genproto: b6d2f5b → 1d5a45f
• google.golang.org/grpc: v1.38.0 → v1.39.0
• google.golang.org/protobuf: v1.26.0 → v1.27.1
• gopkg.in/check.v1: 8fa4692 → 10cb982
• gopkg.in/square/go-jose.v2: v2.5.1 → v2.6.0

Removed

• github.com/niemeyer/pretty: a10e7ca
• github.com/willf/bitset: v1.1.11
  v0.2.1)
• github.com/kr/text: v0.1.0 → v0.2.0
• github.com/leodido/go-urn: v1.2.0 → v1.2.1
• github.com/lib/pq: v1.8.0 → v1.10.2
• github.com/mattn/go-isatty: v0.0.12 → v0.0.13
• github.com/opencontainers/runc: v0.1.1 → v1.0.1
• github.com/pierrec/lz4: v2.0.5+incompatible → v2.6.1+incompatible
• github.com/prometheus/client_golang: v1.9.0 → v1.11.0
• github.com/prometheus/common: v0.15.0 → v0.29.0
• github.com/prometheus/procfs: v0.2.0 → v0.7.0
• github.com/prometheus/statsd_exporter: v0.20.0 → v0.21.0
• github.com/shopspring/decimal: 02e2044 → v1.2.0
• github.com/sirupsen/logrus: v1.7.0 → v1.8.1
• github.com/ugorji/go/codec: v1.1.7 → v1.2.6
• github.com/ugorji/go: v1.1.7 → v1.2.6
• go.uber.org/atomic: v1.7.0 → v1.9.0
• go.uber.org/multierr: v1.6.0 → v1.7.0
• go.uber.org/zap: v1.17.0 → v1.18.1
• golang.org/x/crypto: 0c34fe9 → a769d52
• golang.org/x/net: 7fd8e65 → 853a461
• golang.org/x/oauth2: f6687ab → a41e5a7
• golang.org/x/sys: 9665404 → 0f9fa26
• golang.org/x/time: ed9ce3a → 38a9dc6
• golang.org/x/tools: v0.1.2 → v0.1.5
• google.golang.org/api: v0.48.0 → v0.50.0
• google.golang.org/genproto: 00d4fb2 → 1d5a45f
• google.golang.org/grpc: v1.38.0 → v1.39.0
• google.golang.org/protobuf: v1.26.0 → v1.27.1
• gopkg.in/check.v1: 8fa4692 → 10cb982
• gopkg.in/square/go-j...

v0.32.0

Release notes for v0.32.0

Changelog since v0.31.0

Changes by Kind

Potentially breaking - This release changes the required validation for User Report SMS templates on all realms. This could cause background jobs to fail, and if it does, the fix is to correct the User Report templates. Before upgrading, check your System Admin overview see if any realms are opted into this function or not.

Fixes and Improvements

• Add a page for system administrators to view information about a realm's mobile apps. This is useful for diagnosing syncing issues without needing to join the realm. (#2158, @sethvargo)
• Fix an issue where javascript and stylesheets would not load on Firefox. (#2164, @sethvargo)
• Fixes default SMS template and SMS template validation issues. SMS Template validation is now also done in the live preview on the settings page. If realms previously had invalid SMS text templates, all attempts to save the realm will fail with "validation failed". This will also cause partial failures for the modeler. System admins should watch logs and alerts. (#2154, @mikehelmick)
• For Android redirects, always hint to the region where possible when redirecting to the picker. (#2163, @mikehelmick)
• On the user report webview, disable the submit button after press (#2166, @mikehelmick)
• Upgrade design framework to latest version. (#2156, @sethvargo)

Documentation

• Update all documentation with refreshed screenshots. (#2160, @sethvargo)

Dependencies

Added

Nothing has changed.

Changed

• github.com/google/exposure-notifications-server: v0.31.0 → v0.32.0

Removed

Nothing has changed.

v0.31.0

Changes since v0.30.0

Bug fixes

• Fixes a bug where some successfully issued codes on bulk upload wouldn't appear in results CSV file. (#2135, @mikehelmick)

Security

• Add SRI integrity hashes to custom css and javascript. SRI was already present for external assets, but this includes the check on internal assets as well. (#2134, @sethvargo)
• Add alerts for when a Cloud Run service is deployed using breakglass (without Binary Authorization). Like the HumanAccessedSecret alert, there may be legitimate reasons for a human to perform this operation, but it should be carefully checked and audited. Due to eventual consistency, the initial Terraform apply may fail due to missing metric. After 5 minutes, you can run the Terraform apply again to converge. (#2143, @sethvargo)
• Ensure all external links specify noopener and noreferrer. (#2147, @sethvargo)
• Migrate from unsupported JWT library to supported JWT library (#2129, @mikehelmick)
• Scrub phone numbers from user report log lines (#2119, @mikehelmick)

User-report

• Allows for client side user-report throttling, indicating an appropriate error on the server. (#2130, @mikehelmick)
• More customization and localization of user-report web view. (#2131, @mikehelmick)
• Syncs web report learn more URL from the Google ENX application feed. (#2133, @mikehelmick)

Misc

• Remove platform field from user-report API documentation. (#2132, @mikehelmick)
• Print a log message at the error level when html/json/csv fails to marshal. (#2140, @sethvargo)
• Delete statistics that are more than 30 days old. This retention period can be configured by setting STATS_MAX_AGE on the cleanup service. The minimum value is 7 days and the maximum retention period is 60 days. This replaces the existing KEY_SERVER_STATS_MAX_AGE variable. (#2122, @sethvargo)
• Fix an issue where a realm chaff event might be recorded for the wrong date. (#2124, @sethvargo)
• Make alerts and notices more prominent in the UI. (#2146, @sethvargo)

Dependencies

Added

• github.com/checkpoint-restore/go-criu/v5: v5.0.0
• github.com/golang-jwt/jwt: v3.2.1+incompatible
• google.golang.org/grpc/cmd/protoc-gen-go-grpc: v1.1.0

Changed

• cloud.google.com/go: v0.81.0 → v0.83.0
• contrib.go.opencensus.io/exporter/stackdriver: v0.13.5 → v0.13.6
• github.com/Azure/azure-sdk-for-go: v53.4.0+incompatible → v55.1.0+incompatible
• github.com/Azure/go-autorest/autorest/adal: v0.9.13 → v0.9.14
• github.com/Azure/go-autorest/autorest: v0.11.18 → v0.11.19
• github.com/aws/aws-sdk-go: v1.38.25 → v1.38.56
• github.com/chromedp/cdproto: 0942afb → 9e51b90
• github.com/chromedp/chromedp: v0.6.10 → v0.7.3
• github.com/cilium/ebpf: v0.2.0 → v0.5.0
• github.com/containerd/console: v1.0.1 → v1.0.2
• github.com/coreos/go-systemd/v22: v22.1.0 → v22.3.1
• github.com/form3tech-oss/jwt-go: v3.2.2+incompatible → v3.2.3+incompatible
• github.com/gin-gonic/gin: v1.6.3 → v1.7.2
• github.com/gobwas/ws: v1.0.4 → v1.1.0-rc.5
• github.com/godbus/dbus/v5: v5.0.3 → v5.0.4
• github.com/google/exposure-notifications-server: v0.29.0 → v0.31.0
• github.com/google/go-cmp: v0.5.5 → v0.5.6
• github.com/google/martian/v3: v3.1.0 → v3.2.1
• github.com/google/pprof: cbba55b → 01bbb19
• github.com/hashicorp/go-retryablehttp: v0.6.8 → v0.7.0
• github.com/hashicorp/hcl: v1.0.1-vault → 2
• github.com/leodido/go-urn: v1.2.1 → v1.2.0
• github.com/leonelquinteros/gotext: v1.4.0 → v1.5.0
• github.com/lib/pq: v1.10.1 → v1.10.2
• github.com/moby/sys/mountinfo: v0.4.0 → v0.4.1
• github.com/nyaruka/phonenumbers: v1.0.68 → v1.0.69
• github.com/opencontainers/runc: v1.0.0-rc93 → v1.0.0-rc95
• github.com/opencontainers/runtime-spec: e6143ca → 1c3f411
• github.com/prometheus/common: v0.21.0 → v0.25.0
• github.com/prometheus/statsd_exporter: v0.20.1 → v0.20.2
• github.com/stretchr/testify: v1.6.1 → v1.7.0
• github.com/ugorji/go/codec: v1.2.5 → v1.1.7
• github.com/ugorji/go: v1.2.5 → v1.1.7
• github.com/unrolled/secure: v1.0.8 → v1.0.9
• github.com/yuin/goldmark: v1.2.1 → v1.3.5
• go.uber.org/multierr: v1.6.0 → v1.7.0
• go.uber.org/zap: v1.16.0 → v1.17.0
• golang.org/x/crypto: 83a5a9b → c07d793
• golang.org/x/lint: 83fdc39 → 6edffad
• golang.org/x/net: 5f58ad6 → abc4532
• golang.org/x/oauth2: 5e61552 → f6687ab
• golang.org/x/sys: c94f622 → 9665404
• golang.org/x/time: f8bda1e → ed9ce3a
• golang.org/x/tools: 2ac05c8 → v0.1.2
• google.golang.org/api: v0.45.0 → v0.48.0
• google.golang.org/genproto: 3a41ef9 → b6d2f5b
• google.golang.org/grpc: v1.37.0 → v1.38.0
• gopkg.in/yaml.v3: 9f266ea → 496545a
• honnef.co/go/tools: v0.1.3 → v0.2.0

Removed

• github.com/checkpoint-restore/go-criu/v4: v4.1.0
  pec: 1c3f411
• github.com/opencontainers/selinux: v1.8.0
• github.com/otiai10/copy: v1.2.0
• github.com/otiai10/curr: v1.0.0
• github.com/otiai10/mint: v1.3.1
• github.com/seccomp/libseccomp-golang: v0.9.1
• github.com/syndtr/gocapability: 42c35b4
• github.com/tenntenn/modver: v1.0.1
• github.com/tenntenn/text/transform: 7eef512
• github.com/vishvananda/netlink: v1.1.0
• github.com/vishvananda/netns: 0a2b9b5
• github.com/willf/bitset: v1.1.11
• gopkg.in/airbrake/gobrake.v2: v2.0.9
• gopkg.in/gemnasium/logrus-airbrake-hook.v2: v2.1.2
• gotest.tools/v3: v3.0.2

v0.30.0

Release notes for v0.30.0

Changelog since v0.29.0

Changes by Kind

Features and Improvements

• Add system-level feature configuration ENABLE_USER_REPORT_WEB to enable user report webview. This was previously always enabled, but *this changes the default behavior- to be disabled by default. System admins should set ENABLE_USER_REPORT_WEB to true to continue to support the webview on their system. (#2105, @sethvargo)
• Adds support for Android Headles ENX picker protcol. By default redirect to OS pickers when nothing else is known. (#2116, @mikehelmick)
• For Exposure Notifications Express realms, localizations that are synced from the Google feed will be used when rendering the user report web view with sensible fallbacks. (#2109, @mikehelmick)
• Introduce data structures to sync localization strings synced from the Google feed. (#2106, @mikehelmick)
• Make use of all user report web setting (#2113, @mikehelmick)
• Scrub phone numbers from user report log lines (#2119, @mikehelmick)
• Sync and store per-realm localization strings as part of the appsync process. (#2108, @mikehelmick)
• Synced realm translations can be a wider set than the system translations (EN Express only) (#2115, @mikehelmick)

Infrastructure / Admin Functionality

• System admin realm overview shows user report web view status per realm. (#2114, @mikehelmick)
• User report web view moves from system setting to realm setting. (#2112, @mikehelmick)

Dependencies

Added

Nothing has changed.

Changed

Nothing has changed.

Removed

Nothing has changed.
om/form3tech-oss/jwt-go/compare/v3.2.2...v3.2.3)

• github.com/gin-gonic/gin: v1.6.3 → v1.7.2
• github.com/go-playground/validator/v10: v10.4.1 → v10.6.1
• github.com/godbus/dbus/v5: v5.0.3 → v5.0.4
• github.com/google/go-cmp: v0.5.5 → v0.5.6
• github.com/google/pprof: cbba55b → 923b5ab
• github.com/gostaticanalysis/analysisutil: 4088753 → v0.7.1
• github.com/hashicorp/go-retryablehttp: v0.6.8 → v0.7.0
• github.com/hashicorp/go-version: v1.2.0 → v1.2.1
• github.com/hashicorp/hcl: v1.0.1-vault → 2
• github.com/json-iterator/go: v1.1.10 → v1.1.11
• github.com/lib/pq: v1.10.0 → v1.10.2
• github.com/moby/sys/mountinfo: v0.4.0 → v0.4.1
• github.com/opencontainers/runc: v1.0.0-rc93 → v1.0.0-rc95
• github.com/opencontainers/runtime-spec: e6143ca → 1c3f411
• github.com/prometheus/common: v0.20.0 → v0.25.0
• github.com/prometheus/statsd_exporter: v0.20.1 → v0.20.2
• github.com/sethvargo/go-envconfig: v0.3.4 → v0.3.5
• github.com/stretchr/testify: v1.6.1 → v1.7.0
• github.com/ugorji/go/codec: v1.2.5 → v1.2.6
• github.com/ugorji/go: v1.2.5 → v1.2.6
• github.com/yuin/goldmark: v1.2.1 → v1.3.5
• go.uber.org/multierr: v1.6.0 → v1.7.0
• golang.org/x/crypto: 0c34fe9 → c07d793
• golang.org/x/lint: 83fdc39 → 6edffad
• golang.org/x/net: a5a99cb → abc4532
• golang.org/x/oauth2: 2e8d934 → f6687ab
• golang.org/x/sys: 5e06dd2 → 35b2ab0
• golang.org/x/tools: v0.1.0 → v0.1.2
• google.golang.org/api: v0.43.0 → v0.47.0
• google.golang.org/genproto: a39eb2f → 6691572
• google.golang.org/grpc: v1.36.1 → v1.38.0
• gopkg.in/yaml.v3: 9f266ea → 496545a
• honnef.co/go/tools: v0.1.1 → v0.2.0

Removed

• github.com/checkpoint-restore/go-criu/v4: v4.1.0

v0.29.0

Release notes for main

Documentation

Changelog since v0.28.0

Changes by Kind

Enhancements and Bug Fixes

• If a phone number was previously used for self report, success is return now instead of 409. (#2077, @mikehelmick)
• Removes all current feature flags. Where applicable, features are still controlled at a realm level. (#2078, @mikehelmick)
• Add additional info to system admin realm overview including if abuse prevention is enabled and if authenticated SMS is enabled. (#2099, @mikehelmick)
• Add missing 401 Unauthorized page to redirect service. Prior to this, 401s on the redirect service would result in 500s due to the missing template. The 401 template is translated into all supported languages. (#2091, @sethvargo)
• Added translations for Thai. (#2098, @sethvargo)
• Fix error in Spanish translations for user-report (#2089, @mikehelmick)
• Introduce new optional fields to the /issue API for requesting the generated SMS message. This feature must be enabled on a per-realm basis. (#2086, @sethvargo)
• Send signal to close webview window on iOS when user report is complete. (#2080, @mikehelmick)
• Show which realms have user report enabled on system admin realm listing. (#2079, @mikehelmick)
• Upgrade styles on user report form to improve internationalization layout for right-to-left languages, and fix an issue with client-side date validation for user reports. (#2092, @sethvargo)

Infrastructure

• Serve robots.txt that disallows indexing on the enx-redirect main endpoints. (#2083, @mikehelmick)
• Upgrade to latest exposure-notifications-server release (#2076, @mikehelmick)

Dependencies

Added

Nothing has changed.

Changed

• github.com/google/exposure-notifications-server: v0.28.0 → v0.29.0

Removed

Nothing has changed.

v0.28.0

Release notes for exposure-notifications-verification-server

Upgrade Notes

If you have any realms that have User Report enabled, then they will need to make changes to their SMS templates before upgrading. This mostly likely only impacts e2e-test-realm realms.

To fix, before upgrading:

1. Disable user report on the e2e-test-realm
2. Delete the User Report SMS template on the e2e-test-realm

Upgrade as normal, the e2e-runner will configure the e2e-test-realm correctly on startup.

Changelog since v0.27.0

Changes by Kind

Enhancement

• Adds internationalization for user-report web view for all currently supported locales. (#2070, @mikehelmick)
• Remove temporary code to migrate secrets from environment variables to automatically-rotated secrets. (#2059, @sethvargo)
• The UI elements for displaying when an API key was last used is now *ON- by default. To disable this, set ENABLE_API_KEY_LAST_USED_AT to false. (#2060, @sethvargo)
• The feature flag control for authenticated SMS is being removed and that feature is now always available. (#2073, @mikehelmick)
• Adds translations for Bengali, bn. (#2068, @mikehelmick)
• Always store HMAC of E164 version of a phone number so that different formats and presence/absence of country code are treated the same. (#2066, @mikehelmick)
• Appsync service will pull agency images if available.
  Agency images will show up on the user-report webview
  Changed rules on user-report SMS text template (#2063, @mikehelmick)
• Handle and display error messages on the user-report webview form. (#2064, @mikehelmick)
• Update user report webview strings. (#2069, @mikehelmick)
• User report feature is now enabled by default. (#2072, @mikehelmick)

Uncategorized

• Upgrade to latest exposure-notifications-server release (#2076, @mikehelmick)

Dependencies

Added

• github.com/nyaruka/phonenumbers: v1.0.68

Changed

• github.com/google/exposure-notifications-server: v0.27.0 → v0.28.0

Removed

Nothing has changed.

v0.27.0

Changes since v0.26.0

Upgrade notes

• Automated secrets rotation - this release introduces automated secrets rotation for improved security. See the updated production.md for a list of secrets that still require manual rotation. This also introduces a new monitoring metric for forward-progress on secrets rotation. The initial terraform apply may fail on the en-alerting module due to the missing metric. You can proceed with the deploy, manually invoke the rotation-secrets worker, and then re-run Terraform to pick up the changes.

  As part of this upgrade, you may encounter errors like the following while running Terraform:

  The metric referenced by the provided filter is unknown.
  

  You can safely ignore this error for now. Continue with the deploy and then, after the service has been deployed, wait 15 minutes and re-run Terraform to create the metrics and alerts.

• Terraform 0.15 - the Terraform configurations are only tested against Terraform v0.15+. If you are using Terraform 0.14+, please upgrade. While we don't intentionally depend on 0.15-only features, we are no longer testing the 0.14 series.

• Missing random provider - If you encounter the following error when applying Terraform:

  │ Error: Provider configuration not present
  │
  │ To work with module.en.THING (orphan) its original provider configuration at module.en.provider["registry.terraform.io/hashicorp/random"] is required, but it has been removed. This occurs when a provider
  │ configuration is removed while objects created by that provider still exist in the state. Re-add the provider configuration to destroy module.en.THING (orphan), after which you can remove the provider
  │ configuration again.
  

  You can safely remove the item from the state:

  terraform state rm module.en.THING
  

• Temporarily failing e2e-user-report. During the initial deployment, you may see errors in the logs that the e2e-user-report is failing. You can ignore these logs during the deployment. The worker should begin functioning as-expected within 5 minutes of the complete deploy.

Enhancement

• Add automated secrets rotation.- This introduces automated rotation for most application-level secrets. Whereas previously it was the responsibility of server administrators to rotate secrets, the application will now rotate a variety of secrets on regular intervals for improved security. (#2039, @sethvargo)
• Add custom cookiestore codec for dynamically resolving secrets. (#2034, @sethvargo)
• Add secret models and structure to info page. (#2031, @sethvargo)
• Add secret resolver. (#2033, @sethvargo)
• Display feature statuses on system admin info page. (#2056, @sethvargo)
• Do not store firebase cookie and verify ID token is < 5min old. (#2024, @sethvargo)
• Extract key/secret bootstrapping from rotation controller into functions for seeding. (#2032, @sethvargo)
• Remove unused csrf token from Terraform. (#2025, @sethvargo)
• System admins can allow for a domain to have longer short code expiration times (up to 2 hours) and for that realm to edit their short code expiration time even if ENX is enabled (#2047, @mikehelmick)
• The configurable timing for NBF is also applied to IAT, accounting for clock skew between key and verification servers. (#2049, @mikehelmick)
• The not before (nbf) time on certificates is no configurable to account for clock skew between verification and key servers. (#2048, @mikehelmick)
• Unescape mobile app paths in UI. (#2036, @sethvargo)
• User-report types are part of the default accept list on the verify API now. (#2043, @mikehelmick)
• Begin tracking API key "last used" (#2022, @sethvargo)

Operations

• Fix an issue where adminapi metrics were not tagged with the realm ID. (#2041, @sethvargo)
• Handle gorm log at debug level instead of error. (#2023, @sethvargo)
• Handle string or log in gorm log type. (#2027, @sethvargo)
• Lowering threshold for hostdown alert (#2046, @bschlaman)

Infrastructure

• Adds end to end test runner for user-report if that feature is enabled. (#2040, @mikehelmick)
• Lower Cloud KMS database-encrypter rotation to 90d (#2019, @sethvargo)
• Use a wildcard for redirect domains. This fixes an issue for installations with more than 50 realms exceeding the limit on the URL map. (#2029, @sethvargo)

Docs

• Note that last_used_time has 15m granularity in the UI. (#2026, @sethvargo)
• Remove beta notice from authenticated SMS guide. (#2030, @sethvargo)

Bug or Regression

• Do not run email verification javascript until after load. This fixes an issue where users may be unable to verify their email address. (#2037, @sethvargo)

Misc

• Introduce function for getting the e2e-realm (if one exists). (#2020, @sethvargo)

Dependencies

Added

Nothing has changed.

Changed

• cloud.google.com/go/storage: v1.14.0 → v1.15.0
• github.com/Azure/azure-sdk-for-go: v53.1.0+incompatible → v53.4.0+incompatible
• github.com/Microsoft/go-winio: v0.4.16 → v0.5.0
• github.com/aws/aws-sdk-go: v1.38.17 → v1.38.25
• github.com/containerd/continuity: 93e1549 → v0.1.0
• github.com/google/exposure-notifications-server: v0.26.0 → v0.27.0
• github.com/lib/pq: v1.10.0 → v1.10.1
• github.com/microcosm-cc/bluemonday: v1.0.6 → v1.0.9
• github.com/prometheus/common: v0.20.0 → v0.21.0
• github.com/sethvargo/go-envconfig: v0.3.4 → v0.3.5
• golang.org/x/crypto: 0c34fe9 → 83a5a9b
• golang.org/x/net: afb366f → 5f58ad6
• golang.org/x/oauth2: 2e8d934 → 5e61552
• golang.org/x/sys: 5e06dd2 → c94f622
• google.golang.org/api: v0.44.0 → v0.45.0
• google.golang.org/genproto: e86de6b → 3a41ef9

Removed

Nothing has changed.