Feat

• add counters for rejected, rate-limited, and blackout alerts (#2049)
• auth: add CAS authentication provider (#2045)
• Allow LDAP users with no email set to log in (#2038)
• add SMTP_SKIP_SSL_VERIFY option (#1955)
• add pagination support to environments endpoint (#2029)

Fix

• remove default query limit cap on internal Postgres queries (#2051)
• blackout matching fails when service/tags are NULL after update (#2050)
• unack fails when ack entry evicted from history by HISTORY_LIMIT (#2048)
• security: restrict self-update endpoint to allowlisted fields (#2047)
• add missing StrEnum dependency, replace print with logging, fix schema injection (#2046)
• mongodb querybuilder missing the valid_filter_params check (#2039)
• security: parameterize Postgres query parser to prevent SQL injection (#2040)
• deps: replace pkg_resources with importlib.metadata (#2041)
• db: change keys.count field type from integer to bigint (#1976)

What's Changed

• feat: implement "post_action" for post processing actions. by @hyberdk in #1899
• build(deps-dev): bump mypy from 1.9.0 to 1.10.0 by @dependabot in #1948
• fix: add setuptools to requirements to make tests pass in 3.12 by @hyberdk in #1965
• build(deps): bump flask-compress from 1.14 to 1.15 by @dependabot in #1949
• build(deps): bump werkzeug from 3.0.2 to 3.0.3 by @dependabot in #1954
• build(deps): bump blinker from 1.7.0 to 1.8.2 by @dependabot in #1952
• build(deps): bump cryptography from 42.0.5 to 42.0.7 by @dependabot in #1953
• build(deps): bump requests from 2.31.0 to 2.32.0 by @dependabot in #1958
• build(deps): bump flask-cors from 4.0.0 to 4.0.1 by @dependabot in #1961
• build(deps): bump requests from 2.31.0 to 2.32.3 by @dependabot in #1963
• build(deps): bump sentry-sdk[flask] from 1.45.0 to 2.13.0 by @dependabot in #1979
• Bump python dependencies Sept 2024 by @satterly in #1989

Full Changelog: v9.0.3...v9.0.4

What's Changed

• build(deps): bump werkzeug from 3.0.1 to 3.0.2 by @dependabot in #1943
• build(deps): bump flask from 3.0.2 to 3.0.3 by @dependabot in #1941
• build(deps): bump sentry-sdk[flask] from 1.43.0 to 1.45.0 by @dependabot in #1944
• build(deps): bump lxml from 5.1.0 to 5.2.1 by @dependabot in #1942

Full Changelog: v9.0.2...v9.0.3

What's Changed

• build(deps): bump cryptography from 39.0.1 to 41.0.1 by @dependabot in #1854
• build(deps-dev): bump mypy from 1.0.1 to 1.3.0 by @dependabot in #1849
• build(deps-dev): bump pylint from 2.16.2 to 2.17.4 by @dependabot in #1848
• build(deps): bump requests from 2.28.1 to 2.31.0 by @dependabot in #1850
• build(deps): bump flask from 2.2.2 to 2.3.2 by @dependabot in #1841
• Reject alerts that do not regex.fullmatch any configured allowed envi… by @ClifHouck in #1862
• fixes issues if last plugin returns none or raises error by @hyberdk in #1890
• build(deps): bump cryptography from 41.0.1 to 41.0.6 by @dependabot in #1893
• build(deps): bump lxml from 4.9.2 to 4.9.4 by @dependabot in #1896
• build(deps): bump werkzeug from 2.3.6 to 2.3.8 by @dependabot in #1894
• Address breaking change in Python 3.11 for Enums with str mixins by @alvanson in #1885
• Add query string for blackouts by @krzysdabro in #1864
• Added pagination support to environments endpoint by @nilver in #1665
• Revert "Added pagination support to environments endpoint" by @satterly in #1901
• Release/9.1 by @satterly in #1898
• fix(codescan): info exposure via exception #16 by @satterly in #1902
• fix(codescan): info exposure via exception #1 by @satterly in #1903
• fix(codescan): Sanitize username used in ldap filter by @satterly in #1904
• Allow grafana webhook to set tags to tags or attributes by @dakotacody in #1606
• build(deps): bump lxml from 4.9.4 to 5.0.0 by @dependabot in #1906
• build(deps-dev): bump mypy from 1.7.1 to 1.8.0 by @dependabot in #1905
• build(deps): bump lxml from 5.0.0 to 5.1.0 by @dependabot in #1908
• build(deps): bump sentry-sdk[flask] from 1.39.1 to 1.39.2 by @dependabot in #1909
• build(deps): bump flask from 3.0.0 to 3.0.1 by @dependabot in #1910
• build(deps): bump pytz from 2023.3.post1 to 2023.4 by @dependabot in #1912
• build(deps): bump sentry-sdk[flask] from 1.39.2 to 1.40.3 by @dependabot in #1919
• build(deps): bump pytz from 2023.4 to 2024.1 by @dependabot in #1914
• build(deps): bump flask from 3.0.1 to 3.0.2 by @dependabot in #1915
• build(deps): bump pysaml2 from 7.4.2 to 7.5.0 by @dependabot in #1917
• build(deps-dev): bump pylint from 3.0.3 to 3.1.0 by @dependabot in #1925
• build(deps): bump sentry-sdk[flask] from 1.40.3 to 1.40.5 by @dependabot in #1922
• build(deps-dev): bump pre-commit from 3.6.0 to 3.6.2 by @dependabot in #1921
• build(deps): bump python-dateutil from 2.8.2 to 2.9.0.post0 by @dependabot in #1928
• build(deps): bump sentry-sdk[flask] from 1.40.5 to 1.41.0 by @dependabot in #1932
• build(deps): bump pyparsing from 3.1.1 to 3.1.2 by @dependabot in #1931
• build(deps-dev): bump mypy from 1.8.0 to 1.9.0 by @dependabot in #1930
• build(deps): bump cryptography from 41.0.7 to 42.0.5 by @dependabot in #1926
• build(deps): bump sentry-sdk[flask] from 1.41.0 to 1.43.0 by @dependabot in #1935
• build(deps-dev): bump pre-commit from 3.6.2 to 3.7.0 by @dependabot in #1934

New Contributors

• @ClifHouck made their first contribution in #1862
• @alvanson made their first contribution in #1885
• @krzysdabro made their first contribution in #1864
• @nilver made their first contribution in #1665
• @dakotacody made their first contribution in #1606

Full Changelog: v9.0.1...v9.0.2

What's Changed

• Allow locating alerta routing component in any distribution package by @vmgm in #1832
• add db schema by @Pierre-Louis-Boutruche in #1839
• Add support for ACTION_UNACK to ISA 18.2 alarm model by @jjdmol in #1715
• Fix return value from db.set_status by @JuniorJPDJ in #1852
• token_endpoint_auth_methods_supported is optional by @PeterSurda in #1856

New Contributors

• @Pierre-Louis-Boutruche made their first contribution in #1839
• @jjdmol made their first contribution in #1715
• @JuniorJPDJ made their first contribution in #1852
• @PeterSurda made their first contribution in #1856

Full Changelog: v9.0.0...v9.0.1

v9.0.0 (2023-03-17)

Feat

• Add support for AuthProxy auth (#1657)
• show/hide API server version info (#1821)
• plugin: add alertname in labels when annotations.alertname (#1801)
• Add userAgent to audit log (#1656)

Fix

• Bulk operations did not work properly (#1825)
• Replace FLASK_ENV with FLASK_DEBUG (#1824)
• Change ORDER BY no-op for Postgres 15 (#1820)
• security: do not expose exception errors to end users (#1811)
• auth: auth bypass via registering when AUTH_PROVIDER != basic (#1782)
• plugin: fixes an issue if the last plugin in the order (#1798)
• Do not 400 error if content type not application/json (#1756)
• Keycloak url base (#1683)
• Audit log should handle empty body on http delete (#1655)

Refactor

• db: Use Psql 9.6 syntax for ADD COLUMN (#1653)

Perf

• Add load test workflow

What's Changed

• Release/8.7 by @satterly in #1645
• build(deps): bump pytz from 2021.1 to 2021.3 by @dependabot in #1580
• build(deps): bump cryptography from 3.4.8 to 36.0.0 by @dependabot in #1620
• build(deps): bump pyparsing from 2.4.7 to 3.0.6 by @dependabot in #1616
• build(deps): bump pyyaml from 5.4.1 to 6.0 by @dependabot in #1591
• build(deps): bump python-ldap from 3.3.1 to 3.4.0 by @dependabot in #1633

Full Changelog: v8.6.5...v8.7.0

What's Changed

• PyMongo 4.0 is currently not supported by @satterly in #1636
• build(deps): bump sentry-sdk[flask] from 1.4.1 to 1.5.0 by @dependabot in #1621
• Housekeeping config variable precedence by @satterly in #1639
• Do not hardcode inform severity by @satterly in #1640
• Support all client secret OpenID token endpoint auth methods by @satterly in #1641
• Allow unack when status set to ack in plugin by @satterly in #1642
• Empty blackout values should be null by @satterly in #1643

Full Changelog: v8.6.4...v8.6.5

What's Changed

• Use GitHub teams for role lookup by @satterly in #1625
• Optionally print warnings if db create fails by @satterly in #1627
• special handling of sorting by custom attributes by @satterly in #1628
• Customer lookup failed when no user email by @satterly in #1629
• Test for duplicate alerts received after blackout period expires by @satterly in #1630

Full Changelog: v8.6.3...v8.6.4

What's Changed

• Fix mongodb healthcheck by @satterly in #1622

Full Changelog: v8.6.2...v8.6.3