From a9f2ae266202500beb3ac440175be98c9c09d69b Mon Sep 17 00:00:00 2001 From: Matt Date: Thu, 3 Oct 2019 13:26:48 +0100 Subject: [PATCH] Release v4.1.4 --- deploy/docker/qis-as/Dockerfile | 2 +- doc/changelog.md | 12 ++++++++--- doc/upgrading.md | 35 +++++++++++++++++++++++++++++++++ src/imageserver/__about__.py | 2 +- 4 files changed, 46 insertions(+), 5 deletions(-) diff --git a/deploy/docker/qis-as/Dockerfile b/deploy/docker/qis-as/Dockerfile index d619c47..84fc7df 100644 --- a/deploy/docker/qis-as/Dockerfile +++ b/deploy/docker/qis-as/Dockerfile @@ -29,7 +29,7 @@ RUN apt-get update && \ RUN locale-gen en_GB.UTF-8 && update-locale LANG=en_GB.UTF-8 LC_ALL=en_GB.UTF-8 # Build variables -ARG QIS_VERSION=4.1.3 +ARG QIS_VERSION=4.1.4 ARG QIS_USER=qis ARG QIS_INSTALL_DIR=/opt/qis ARG QIS_SAMPLES_DIR=/opt/qis-samples diff --git a/doc/changelog.md b/doc/changelog.md index 6e36a5a..866ad30 100644 --- a/doc/changelog.md +++ b/doc/changelog.md @@ -1,7 +1,13 @@ -# Unreleased +# v4.1.4 _Changes: Allow cross-origin file uploads by default, only use TLS 1.2+ by default, -add forwarded-for header to Apache access logs, add web session background login API, -add `.well-known` directory and URL mapping_ +record the forwarded-for header in the Apache access logs, add web session background +login API, add `.well-known` directory and URL mapping_ + +To upgrade: + +* Update the Python and web code (the `src` folder) +* Apply the updated Apache configuration - see [upgrading.md](upgrading.md) +* Restart the Apache service # v4.1.3 _Changes: Add Ubuntu 18 support, new guide to running at AWS or on Docker, diff --git a/doc/upgrading.md b/doc/upgrading.md index 9910133..54fa049 100644 --- a/doc/upgrading.md +++ b/doc/upgrading.md @@ -11,6 +11,41 @@ web server: Occasionally however a more involved upgrade is required. These releases are flagged in the [change log](changelog.md) and will be documented here. +## v4.1.4 + +Release 4.1.4 includes a number of changes to the Apache configuration. To +upgrade an existing configuration, use a text editor to change both of the QIS +Apache configuration files: + + $ cd /etc/httpd/conf.d/ # CentOS / Red Hat + $ cd /etc/apache2/sites-available/ # Debian / Ubuntu + $ vi qis.conf + $ vi qis-ssl.conf + +In the `Alias` section, add a new directory mapping for the new `.well-known` URL: + + Alias /.well-known/ /opt/qis/src/imageserver/static/.well-known/ + +To modernise the TLS/HTTPS configuration (disables TLS 1.0 and 1.1), change these +2 `SSL` entries to: + + SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 + SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 + +To log clients' real IP addresses when behind a proxy server or load balancer, +change `LogFormat` to: + + LogFormat "%h %{X-Forwarded-For}i %t \"%r\" %>s %B %{X-Time-Taken}o %D %{X-From-Cache}o \"%{User-Agent}i\" \"%{Referer}i\"" imaging + +To allow file uploads and API requests from browsers coming from any origin +**with a valid API token** (this is the new default), set the `Header` lines: + + # Allow other domains to query the data API (required for canvas/zoom image viewer) + Header set Access-Control-Allow-Origin "*" + Header set Access-Control-Allow-Headers "Origin, Authorization, If-None-Match, Cache-Control, X-Requested-With, X-Csrf-Token" + # Allow other domains to see the returned image headers + Header set Access-Control-Expose-Headers "Content-Length, X-From-Cache, X-Time-Taken" + ## v2.x to v3.0 Version 3 supports only Python 3. There are no changes to the QIS database or diff --git a/src/imageserver/__about__.py b/src/imageserver/__about__.py index 8863715..ccf53d3 100644 --- a/src/imageserver/__about__.py +++ b/src/imageserver/__about__.py @@ -33,7 +33,7 @@ __source_uri__ = "https://github.com/quru/qis" __platforms__ = ["Linux", "Unix", "Mac OSX"] -__version__ = "4.1.3" +__version__ = "4.1.4" __author__ = "Quru Ltd" __email__ = "info@quru.com"