The Schema access control options are now more granular
Schema createMode, readMode, updateMode and deleteMode have been improved to be more consistent and accept multiple granular options.
For further information please refer to the data access management documentation.
Executing a Transition by name
When executing a Transition, instead of having to find and provide the id, you can now choose to provide the name of a Transition. This improvement will make code clearer and easier to re-use across your different clusters.
New Transition permissions
The following permissions have been added to allow the execution of Transitions:
Execute any Transition in any Schema:
TRANSITION_DOCUMENTS
Execute any Transition in a specific Schema:
TRANSITION_DOCUMENTS:{SCHEMA_NAME}
Execute a specific Transition for a specific Schema:
TRANSITION_DOCUMENTS:{SCHEMA_NAME}:{TRANSITION_NAME}
Group permissions
Staff members can now be assigned permission to perform operations on a Document that is linked to their Groups. The permissions VIEW_DOCUMENTS, UPDATE_DOCUMENTS, DELETE_DOCUMENTS and TRANSITION_DOCUMENTS are now supported. (Including their sub-permissions e.g. VIEW_DOCUMENTS:{SCHEMA_NAME})
Task Action quality of life improvements
The Task Action now supports the priority field
The Task Action is now supported for Transition afterActions.
🚨 Deprecation Warnings
Legacy schema access control options
Most of the existing createMode, readMode, updateMode and deleteMode values have been deprecated in favor of the revamped access control options.
Behind the scenes we can block emails being sent to certain domains/email addresses when needed. Only to be used on request if you want to protect your email sending reputation.
Pin code mode for the account activation and forgot password flows
The pin code mode is an alternative mode for the account activation and forgot password flows.
The mode is targeted to use cases where the end user might need to manually input the secret in your application.
List and remove the account activation and forgot password requests
New endpoints to list and remove the account activation and forgot password requests.
Helps to provide insight and control over these flows.
(Rate)limit account activation and password reset requests
The amount, rate and lifetime of account activation and password reset requests that are requested for an account are now controlled.
View and update verification settings
Control the behavior of the account activation and password reset flows.
⚒️ Improvements
Fallback to the maximum RQL limit if larger is requested
Supplying an RQL limit higher than the maximum now set it to the maximum rather than the default limit
🐞 Bugs Fixed
Empty strings are now included in the response correctly rather than hidden
Corrected the OpenAPI documentation of the PUT /password response
🚨 Deprecation Warnings
The newly introduced verification settings limit_hash_activation_requests and limit_hash_forgot_password_requests are marked as deprecated immediately.
They’re only provided to help existing applications transition to make use of the new (rate)limiting feature.
A new settings property disableForceDownloadForMimeTypes may be configured to override the File Service’s default behavior of enforcing file downloads and enable viewing of files directly in the browser for selected mime types.
⚒️ Improvements
Improved the error message for creating a file without a request body
🐞 Bugs Fixed
An empty string is now a valid value in an array of tags
Fixed an RQL issue that would not consider the use of the limit operator
Queries for GET requests are no longer restricted by the 3 seconds timeout. The timeout is now configurable on our side and is set to 10 seconds by default.(previously also implemented in 1.1.11)
🐞 Bugs Fixed
Trying to add a non existing role to a user no longer affects the user
(Regression) The RQL select operation no longer affects updates
Increased the stability of the service
Service discovery is now based on DNS and more reliable.
Internationalized email address support
Email addresses using non ascii characters, such as 二ノ宮@黒川.日本, are now supported via updating our validation to be based on RFC 6530.
🐞 Bugs Fixed
Inconsistencies in querying on certain fields (template_id, updateTimestamp, …) with RQL have been resolved.
Users can now enable a retry policy on a function, which retries tasks of the function that fail. The user can choose between retrying all errors or specifying specific errors that should be retried.
Task-specific logs
It is now possible to list the logs of a specific task. This allows users to easily find what happened during a task run.
🚨 Deprecation Warnings
GET /functions/:functionName/logs is now deprecated
AppStore: Transactions with a changed transaction_id value do no longer cause issues.
An active subscription being detached from a user will now correctly update the expireTimestamp of the relevant entitlement.
🚨 Deprecation Warnings
The lastTransactionId field in the App Store subscriptions is replaced by lastWebOrderId. App Store subscriptions are returned by the GET /appStore/subscriptions endpoint.
When the payment details of a Play Store or App Store purchase are known, it is now possible to complete the purchase process for another user. This allows users with administrative privileges to move a subscription from one user to another or help users with (technical) difficulties.
Re-evaluate the state of a Play Store or App Store subscription
We now allow to trigger a re-evaluation of the subscription state. If the Play Store or App Store subscription state is out of sync, a re-evaluation will bring the state back in sync with the information reported by the payment provider.
Detach a Play Store or App Store subscription from a user
It is now possible to remove a Play Store and App Store subscription. This allows the subscription to be moved to another user.
⚒️ Improvements
Improved the integration with Play Store and App Store
The Play Store integration got a big overhaul and the stability of the App Store integration has been improved.
Automatically detach subscriptions on user removal
When a user account is deleted, the subscriptions linked to the account are removed. This allows users that deleted their account to reclaim their subscription when creating a new account.
🐞 Bugs Fixed
Play Store subscriptions no longer end up in the expired_from_billing status after a successful renewal
App Store receipts with awkward ordering are now handled correctly
Invalid RQL queries are now reported with the correct error
Via the following request: POST /functions/:name/execute a function can now be executed directly, and the caller gets the output of the function execution.
Execute functions based on a schedule
You can now schedule the execution of a function on a fixed interval.
Fetch the details of a function
The details of a function are returned via GET /functions/:name
Ability to disable/enable a function
Via the following request: GET /functions/:name/enable & GET /functions/:name/disable Will affect the ability for a function to be executed or not
⚒️ Improvements
A single task service instance can now run multiple tasks in parallel
After creating a function all details are returned
The tasks now keep track of their initiator
🐞 Bugs Fixed
Function code can now be updated together with other configuration
Unknown fields are no longer causing errors while updating a function
Errors for invalid function names are now correctly reported
All the end points that were previously called with a schema id can now also be called by schema name.
Specific schema permissions
It is now possible to have permissions specifically for a schema. e.g. VIEW_DOCUMENTS:notes gives you permission to view all the documents on the schema with the name notes.
⚒️ Improvements
Swagger documentation is improved
Comments end points are marked as deprecated. Small mistakes in other end points are fixed.
🐞 Bugs Fixed
While adding a property to a schema the configuration field was not marked as required
