diff --git a/Cargo.lock b/Cargo.lock index 45d7889f..7bc64643 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -3105,7 +3105,7 @@ checksum = "f962df74c8c05a667b5ee8bcf162993134c104e96440b663c8daa176dc772d8c" [[package]] name = "unleash-edge" -version = "13.0.0" +version = "13.0.1" dependencies = [ "actix-cors", "actix-http", diff --git a/server/CHANGELOG.md b/server/CHANGELOG.md index a4dcacbf..49b0436e 100644 --- a/server/CHANGELOG.md +++ b/server/CHANGELOG.md @@ -5,8 +5,54 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## 13.0.1 (2023-10-10) + +### Documentation + + - Add link to feature flags best practices + +### Bug Fixes + + - update Yggdrasil + Previously, yggdrasil returned a disabled variant if the strategy + variants representation came back as an empty list instead of null. + With Yggdrasil 0.6 this is now fixed. + - update rust crate reqwest to 0.11.21 + - update rust crate clap to 4.4.6 + - update rust crate rustls to 0.21.7 + +### Commit Statistics + + + + - 5 commits contributed to the release over the course of 7 calendar days. + - 12 days passed between releases. + - 5 commits were understood as [conventional](https://www.conventionalcommits.org). + - 5 unique issues were worked on: [#189](https://github.com/Unleash/unleash-edge/issues/189), [#281](https://github.com/Unleash/unleash-edge/issues/281), [#287](https://github.com/Unleash/unleash-edge/issues/287), [#288](https://github.com/Unleash/unleash-edge/issues/288), [#300](https://github.com/Unleash/unleash-edge/issues/300) + +### Commit Details + + + +
view details + + * **[#189](https://github.com/Unleash/unleash-edge/issues/189)** + - Update rust crate clap to 4.4.6 ([`8d1c294`](https://github.com/Unleash/unleash-edge/commit/8d1c294a50c9c939f9365cd9d8e324c0faf512fc)) + * **[#281](https://github.com/Unleash/unleash-edge/issues/281)** + - Update rust crate rustls to 0.21.7 ([`7d3a93b`](https://github.com/Unleash/unleash-edge/commit/7d3a93b9298304cd4f5ddcf1d51ae6c850fea19e)) + * **[#287](https://github.com/Unleash/unleash-edge/issues/287)** + - Add link to feature flags best practices ([`b8d422a`](https://github.com/Unleash/unleash-edge/commit/b8d422a08a0ec00b3ed80ed53e29f694a597afe4)) + * **[#288](https://github.com/Unleash/unleash-edge/issues/288)** + - Update rust crate reqwest to 0.11.21 ([`90c30e3`](https://github.com/Unleash/unleash-edge/commit/90c30e313257a91f640f9d5020cb73004046a97a)) + * **[#300](https://github.com/Unleash/unleash-edge/issues/300)** + - Update Yggdrasil ([`9b6a890`](https://github.com/Unleash/unleash-edge/commit/9b6a8906f17438a4332b26a892604359dc3fbaf1)) +
+ ## 13.0.0 (2023-09-27) + + + ### Chore - Bump tokio,clap,shadow,serde_json to latest @@ -21,40 +67,15 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 partial project tokens. Any refreshed data for a single project, can drop the existing project and replace it with the incoming - use the validated token to calculate flags to return - * fix(#274): use the validated token to calculate flags to return - - This change fixes a bug where the client API would return all flags - that existed in the cache, even if the api token did not have access - to those flags. Crucially, the API token had to have access to - multiple (but not all) projects for this to happen. - - The root cause is that we used the incoming edge token to check which - flags to return. Before it gets validated, its `projects` property is - just an empty list. In the filtering, this causes edge to return all - available. Features. - - The solution was to instead use the validated edge token that we - create further up. - - There is also a test that confirms this behavior is what we expect. - - ## Discussion point - - Could we make it so that the `with_filter` function can only take - validated edge tokens or would that break something else? Might be a - good way to future proof it. - - * fix(#274): update more uses - - I suspect these will have the same issue - - * Update server/src/client_api.rs + * fix(#274): use the validated token to calculate flags to return +* fix(#274): update more uses +* Update server/src/client_api.rs ### Commit Statistics - - 5 commits contributed to the release. + - 6 commits contributed to the release. - 9 days passed between releases. - 5 commits were understood as [conventional](https://www.conventionalcommits.org). - 3 unique issues were worked on: [#254](https://github.com/Unleash/unleash-edge/issues/254), [#275](https://github.com/Unleash/unleash-edge/issues/275), [#283](https://github.com/Unleash/unleash-edge/issues/283) @@ -72,10 +93,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 * **[#283](https://github.com/Unleash/unleash-edge/issues/283)** - No longer return wrong feature toggle ([`df73932`](https://github.com/Unleash/unleash-edge/commit/df73932e769efe9ff42f669580d7fb1de1dd31de)) * **Uncategorized** + - Release unleash-edge v13.0.0 ([`9e32cd9`](https://github.com/Unleash/unleash-edge/commit/9e32cd94583795c057dd8e13969f529f1a60fd74)) - Archived toggles now removed from edge ([`9983143`](https://github.com/Unleash/unleash-edge/commit/998314337ca42eab01881b2274e6f8012f429bd3)) - Bump tokio,clap,shadow,serde_json to latest ([`0aa7b4a`](https://github.com/Unleash/unleash-edge/commit/0aa7b4a2214dd0060ba01402f7f4cb074918d6cb)) + +This change fixes a bug where the client API would return all flagsthat existed in the cache, even if the api token did not have accessto those flags. Crucially, the API token had to have access tomultiple (but not all) projects for this to happen.The root cause is that we used the incoming edge token to check whichflags to return. Before it gets validated, its projects property isjust an empty list. In the filtering, this causes edge to return allavailable. Features.The solution was to instead use the validated edge token that wecreate further up.There is also a test that confirms this behavior is what we expect.Discussion pointCould we make it so that the with_filter function can only takevalidated edge tokens or would that break something else? Might be agood way to future proof it.I suspect these will have the same issue + ## 12.0.0 (2023-09-18) ### Documentation diff --git a/server/Cargo.toml b/server/Cargo.toml index 15fcae2e..2a62b3e2 100644 --- a/server/Cargo.toml +++ b/server/Cargo.toml @@ -12,7 +12,7 @@ homepage = "https://github.com/Unleash/unleash-edge" license = "MIT" name = "unleash-edge" repository = "https://github.com/Unleash/unleash-edge" -version = "13.0.0" +version = "13.0.1" [dependencies] actix-cors = "0.6.4"