1.49.2

• updated Para client
• added web manifest and service worker, thus making Scoold a PWA
• updated Spring Boot and Para client
• added cache-busting revision parameter to static assets
• added webmanifest file generator
• added Version class for keeping the exact release version of Scoold
• added response compression
• added title to search icon button in navbar
• removed touchstart event in clientside code

1.49.1

• fixed search filter for answered questions
• excluded Jackson databind from Spring Boot
• updated Para Client to 1.45.3
• added support for uploading avatars to Cloudinary
• added Cloudinary SDK
• added translation strings for RSS feed
• updated AWS SDK
• added lots of minor visual tweaks and CSS styling, updated MaterializeCSS, EasyMDE plugins
• updated Nimbus JWT to 9.21
• fixed app secret should be auto-generated when Scoold's configuration is initialized
• fixed 504 timeout errors when restoring from backup, if Scoold is running behind a proxy and restore job takes > 60s

1.49.0

1. Major refactoring of all configuration properties - all para.* configuration properties have been deprecated. Please change the prefix of all properties from para. to scoold.!
Additionally these properties have been renamed to prevent confusion in the future:

para.access_key   =>  scoold.para_access_key
para.secret_key   =>  scoold.para_secret_key
para.endpoint     =>  scoold.para_endpoint

The following properties remain as they are because they are related to para-core directly:

• para.client.ssl_*
• para.worker_id
• para.markdown_soft_break
• para.user_agent_id_enabled

2. Added new API endpoints for managing the Scoold configuration without having to restart the server
3. Removed Facebook SDK completely from /signin page, in favor of a simple web redirect - please add scoold.fb_secret to your configuration, if you use the Facebook login flow.

• updated Para to 1.45.1
• added 'rebuild index' button to Admin page
• fixed clearing a config property which was modified via API does't work
• added Facebook app ID notice for changed login flow
• removed Facebook SDK completely from /signin page, in favor of a simple web redirect
• fixed minor issue in WebhooksController
• added explanation text when there are no reports found
• added support for auto-init in docker-compose file
• fixed application.conf should automatically be created if missing
• added support for auto-initialization of the Scoold Para app, thus removing the need for any operations with the Para CLI tool
• added support for a new custom webhook event config.update
• fixed webhook triggering should be allowed from the API
• refactoring - removed static fields holding config values from ScooldServer
• updated API docs to include new config methods
• major refactoring around Config - reorganized and centralized all config properties
• fixed a few issues around password reset functionality

1.48.2

• fixed bug which prevented more complex assignment of groups and spaces from claims returned by an OAuth2 IDP
• fixed NPE in Teams integration, preventing asking questions from the @ bot message dialog
• fixed 405 error when posting an answer from a specific /write URL
• fixed write answer button visible when question is closed
• fixed CSS class in footer when an RTL language is selected
• updated JWT library

1.48.1

• fixed profile picture changes not persisted
• fixed warning for using root app displayed incorrectly sometimes
• added log message if OAuth2 user is locked out due to insufficient role privileges

1.48.0

• Release v1.48.0.
• added support for JSON pointers in para.security.oauth.groups_attribute_name for advanced roles mapping
• fixed connection error message should be printed out when Scoold is connected to a non-existent app
• added warning in logs when Scoold is connected to the root Para app
• fixed signature error when Slack sends ping requests to Scoold
• updated dockerfile
• bumped year in license headers
• added log message indicating an invalid Slack request signature
• fixed password reset link not sent sometimes
• updated Spring Boot to 2.6.3
• fixed changing the main logo should be reflected in transactional emails, making branding more consistent
• updated Para client to 1.43.4
• added delete protection for valuable content - questions with answers and accepted answers
• changed file uplaoads to Imgur to only work for avatars now
• added support for uploading avatars to cloud-based image services like Imgur, Cloudinary
• fixed space selection menu not being clear enough
• updated AWS SDK
• changed order of all spaces in dropdown menu
• fixed all spaces label
• changed all spaces to be the default view upon fist login
• removed unused configuration property para.vatar_validation_enabled
• updated AWS and Azure SDKS
• exposed file upload methods in the API controller
• updated translation strings
• fixed missing translation strings on question filter

1.47.2

• fixed sort filter not changing
• updated Para to 1.43.3
• added support for ReCAPTCHA on signup and password reset pages

1.47.1

• updated Para client to 1.43.1, switched to Java 11
• moved comment section above the post actions bar
• fixed custom theme caching
• fixed possible open redirect in QuestionsController
• fixed possible (low-severity) CSRF involving space cookies by using SameSite=Strict flag
• fixed user JWT token not invalidated on logout
• updated Spring Boot to 2.6.2
• fixed redirect loop in /reports
• heroku java 11 migration
• fixed webhook event comment.create not triggered
• added Farsi translation
• fixed slowdown due to multiple redundant requests to Para API when list of spaces is empty
• increased the default max. comment length from 255 to 600
• fixed comment line breaks ignored
• fixed error message when return-to URI is invalid
• fixed media recording JS code
• improved UX around comment and answer form inputs, added new option para.always_hide_comment_forms
• fixed Permissions-Policy header

1.47.0

⚠️ BREAKING CHANGE:

Scoold now uses a more secure login flow with short-lived ID tokens. You must upgrade to Para v1.42.0 before upgrading Scoold. Upgrading to this version will log out all users!

• updated Para client to 1.42.0
• fixed all JS code should be stripped from inline CSS
• switched to a more secure login mechanism using short-lived ID tokens (requires latest version of Para!)
• changed auth cookie name to default to the Para app id - this may log out users!
• added new security config option - para.security.one_session_per_user = true
• added Permissions-Policy header
• fixed missing important properties on exported objects which have JsonIgnore annotation
• added support for media recording and uploading from mic/webcam
• minor fixes in UploadController to allow media uploads
• fixed CSP header to prevent errors with Google Maps, added new config option para.media_recording_allowed

1.46.5

• updated Spring Boot to 2.5.6
• added note in api.yaml
• fixed exception ClassNotFoundException: RuntimeDelegateImpl when calling the Scoold API
• fixed a few HTML errors
• fixed app manifest for MS Teams