Skip to content

Releases: lucyparsons/OpenOversight

v0.7.5

27 Aug 03:32
9264bd7
Compare
Choose a tag to compare

What's Changed

Full Changelog: v0.6.7...v0.7.5

v0.7.0

18 Aug 21:32
12a5596
Compare
Choose a tag to compare

What's Changed

New Contributors

Full Changelog: v0.6.7...v0.7.0

OpenOversight v0.6.7

07 Feb 05:13
ec35603
Compare
Choose a tag to compare
  • Fixing deployment to staging and production
  • Improvements and bug fixes to the advanced csv import command #891
  • Admins can manually approve users in addition of using the email-based approval process

OpenOversight 0.6.6

01 Mar 04:36
24442c8
Compare
Choose a tag to compare

Features

  • Support markdown for incident descriptions #867

Bug fixes

  • Fix two small bugs in officer search #872
  • Remove character limit of url field in link model #879

OpenOversight 0.6.5.1

01 Mar 04:39
180ac24
Compare
Choose a tag to compare

We added the CSRF checks but missed a few places where we needed to submit them in the forms. As a result, image upload and tagging were not functional in 0.6.5.

OpenOversight 0.6.5

21 May 03:15
9c057fa
Compare
Choose a tag to compare

This release contains security updates:

Tenable reported multiple vulnerabilities in OpenOversight version 0.6.4. As the codebase for OpenOversight grew, it appears coverage for CSRF protection was not fully added in. 🤕

A remote, unauthenticated attacker was able to submit bad data for image identification tasks, delete, enable, disable, and approve users, and delete incidents as well as links, notes, and descriptions on individual police officers by exploiting cross-site request forgery vulnerabilities.

Additionally, a remote, authenticated attacker with administrator privileges in OpenOversight could inject malicious JavaScript when creating a new officer rank, which would then run when another administrator attempted to delete this rank, provided it was associated with an officer.

OpenOversight 0.6.4

10 Mar 04:45
5fd1062
Compare
Choose a tag to compare

Features

  • Improved handling of Gender field in officers table. See #833

Bug fixes

  • Browse officer speedup #858

OpenOversight 0.6.3

21 Nov 02:51
f372c70
Compare
Choose a tag to compare

Features

  • SEO Improvements #800 (adding Open Graph, Twitter Card and Google Search Breadcrumbs on officer profiles to support rich preview)
  • Adding some type-hints, stubs and type-checking via mypy #831
  • new csv-upload functionality that allows for more control over the result but requires more careful preparation of the csv files #767
  • Images assigned to an officer can be "featured" to be selected as the main profile image #779
  • Adding an unit-view of officers #783
  • Various UI improvements

Bug fixes

  • Stable order necessary for correct pagination #828
  • Fixing server error when officer has no assignment #794
  • many more

OpenOversight 0.6.2

10 Aug 22:08
fea817f
Compare
Choose a tag to compare

Bug fixes:

  • Fix regression disabling email sending (resolved by #790)

OpenOversight 0.6.1

10 Aug 04:23
a372f19
Compare
Choose a tag to compare

Bug fixes:

  • OO 0.6.0 introduced a bug where newly created users could not actually validate their emails, instead getting trapped in a loop where all their requests were redirected to the unconfirmed user page. This has been fixed.
    Clicking the originally generated authorization token url from the email should work now, but a server admin could also resend the verify-user messages in bulk for any unverified users.
  • Officers with no assignments will now render correctly instead of throwing errors.
  • The assignments CSV download will now be properly limited by department, instead of returning all assignments across departments.

New features:

  • There's now a sitemap at /sitemap.xml.

  • Some improvements have been made to the process of bulk-adding officers:

    • Add a flag --update-by-name to the bulk_add_officers management command, which allows officers to be updated by name (without star_no or unique_internal_identifier) within a department.
    • Add a flag --update-static-fields to bulk_add_officers, which allows normally-static fields like race, employment date, etc. to be updated.
    • Unconditionally relaxes a check on static fields in bulk_add_officers, so that if a static field is None, and an imported CSV contains data for it, it will be updated, regardless of whether --update-static-fields is passed. This allows for resolution of datasets to happen in OO, instead of needing to be done manually ahead of time.
    • Add a flag --no-create to bulk_add_officers, which causes bulk_add_officers to never create new officers, only update existing ones. Any unknown officers in the imported CSV will simply be ignored.
  • Add add_department and add_job_title admin commands.