This is a relatively big release, as it includes changes over three months. This was not intentional, just due to some overlapping sets of changes.
One set of changes affects several plugins, which was part of the effort to investigate html injection vulnerabilities. The changes consist mostly of annotations when usage is considered safe, but also includes various fixes, such as sanitizing test before injection, or using naturally safe text injection, rather than html.
Issues Resolved
CE-19: auth2-client: refactored to preact, few user-visible changes
UIP-10: feeds plugin: address any potential xss exposures, no user visible changes
UIP-11: auth plugin: address any potential xss exposures; no user visible changes, but some functionality fixes (not reported)
UIP-12: jgi-search plugin: addresses any potential xss exposures
UIP-13: xss work - auth2-client, catalog, typeview, dataview, public-search, organizations,
UIP-14: dataview - refactor genome landing page for efficiency; new layout in tabs
UFI-18: auth2-client: fix case of sign-in while auth2/signedout view is showing; some language edits
UFI-19: dataview - fix when referencing objects > 50; view single not all versions; add button to view standalone
PTV-1817: dataview - add CDS landing page, refactor Feature landing page; migrate to release-dist build via GHA;
typeview - refactor to preact, fix several bugs, migrate to release-dist build via GHA
[x] Added the Jira Tickets to the title of the PR e.g. (PTV-XXX fixes a terrible bug)
[-] Added the Github Issue to the title of the PR e.g. (PTV-XXX adds an awesome feature)
Testing Instructions
Ran all 67 integration tests, including new tests covering newly added interfaces.
[x] Tests pass locally
[x] Tests pass in github actions
[x] Manually verified that changes area available (by spinning up an instance and navigating to X to see Y)
Pull Request
Description
This is a relatively big release, as it includes changes over three months. This was not intentional, just due to some overlapping sets of changes.
One set of changes affects several plugins, which was part of the effort to investigate html injection vulnerabilities. The changes consist mostly of annotations when usage is considered safe, but also includes various fixes, such as sanitizing test before injection, or using naturally safe text injection, rather than html.
Issues Resolved
CE-19: auth2-client: refactored to preact, few user-visible changes
UIP-10: feeds plugin: address any potential xss exposures, no user visible changes
UIP-11: auth plugin: address any potential xss exposures; no user visible changes, but some functionality fixes (not reported)
UIP-12: jgi-search plugin: addresses any potential xss exposures
UIP-13: xss work - auth2-client, catalog, typeview, dataview, public-search, organizations,
UIP-14: dataview - refactor genome landing page for efficiency; new layout in tabs
UFI-18: auth2-client: fix case of sign-in while auth2/signedout view is showing; some language edits
UFI-19: dataview - fix when referencing objects > 50; view single not all versions; add button to view standalone
PTV-1817: dataview - add CDS landing page, refactor Feature landing page; migrate to release-dist build via GHA; typeview - refactor to preact, fix several bugs, migrate to release-dist build via GHA
[x] Added the Jira Tickets to the title of the PR e.g. (PTV-XXX fixes a terrible bug)
[-] Added the Github Issue to the title of the PR e.g. (PTV-XXX adds an awesome feature)
Testing Instructions
Ran all 67 integration tests, including new tests covering newly added interfaces.
Dev Checklist
Release Notes
Release