Add release notes - 5.0.1

[mahalakshme]

for server, client, webapp, and product

[vinayvenu]

Blog as well?

[ashusvnath]

DRAFT

Avni-server

Security enhancements

• Add server-side validations for question group(repeatable and non-repeatable), image and text None-of-the-above as a response to a question #625, avniproject/avni-security#54
• Introduce invalid character validations for specific fields avniproject/avni-security#54
• Fetch and show last login time based on keycloak events api results. avniproject/avni-security#51
• Handle X-Forwarded headers when preventing host header poisoning avniproject/avni-security#55

Performance enhancements

• Introduce second level cache for User, Concept, ConceptAnswer, AddressLevel and VirtualCatchment LBP Registration Page - Error message not showing for mandatory field #608

Minor bug fixes

• When assignment is made, the server and client should show error when an individual outside of users catchment is assigned to the user App is crashing after clicking on individual of type student  avni-client#1110
• For the case when multiple IDPs are configured, super-admins will be created in cognito IDP On Concurrent syncs, the server throws this exception, and the program enrolment is not stored on the server #566
• Db script for one time deletion of duplicate subject migrations Fix LBP UAT #618

Avni-client

Security enhancements

• Prevent copy-paste of password on login screen avniproject/avni-security#28
• Additional protections
  • • Clear clipboard on password entry start
  • • Change keyboard type when password is shown to prevent showing of options such as clipboard (might not work on all devices)
  • • Prevent auto capitalization of first letter of password (happening on some devices)

Minor bug fixes

• Translate string while rendering SelectableItemGroup Single Value Feature toggle system #1128
• Restore userInfo after fast sync db restore Super admin UI #1125

Avni-Webapp

Security enhancements

• Clear non httponly cookies on user logout. avniproject/avni-security#46
• Display last login time for keycloak users in user profile. For cognito users last login time not displayed. avniproject/avni-security#51

Minor bug fixes

• Removed columns not relevant for super admin from display. Unable to create super admin user because of null pointer exception avni-server#566
• Webapp dev proxy now excludes requests to favicon. This enables better debugging based on server logs.

Component release notes

https://github.com/avniproject/avni-server/releases/tag/v5.0.1
https://github.com/avniproject/avni-client/releases/tag/v5.0.1
https://github.com/avniproject/avni-webapp/releases/tag/v5.0.1

Full Changelog: v5.0.0...v5.0.1

[himeshr]

Drafts:

• server : https://github.com/avniproject/avni-server/releases/edit/untagged-6d55e82e9511c37291e6
• webapp : https://github.com/avniproject/avni-webapp/releases/edit/untagged-81592a554cd324fd262c
• client: https://github.com/avniproject/avni-client/releases/edit/untagged-901dcc440a78044a7b29
• product: https://github.com/avniproject/avni-product/releases/edit/untagged-5d9d8c8a9f0a7dd86bf0

[ashusvnath]

@himeshr : As requested
gh project item-list -L 3000 --owner avniproject --format json 2 | jq -c '.items[] | select (.release == "5.0.0" and .status=="Done") | [.title, .content.repository, .content.url]'

[mahalakshme]

@ashusvnath add the above to release readme.

[mahalakshme]

@ashusvnath Few things:

server:

Under security enhancements

• Add server-side validations for question group(repeatable and non-repeatable), image and text (So I felt multiple lines can be merged)

Under server minor bug fixes:

• when assignment is made, it should show error when an individual out of users catchment is assigned to the user - App is crashing after clicking on individual of type student  avni-client#1110 (so I felt the description is incorrect)
• Not super admins listing - it is super admin creation -( we can actually remove this since we are adding in webapp no?)
• Native query updates will now update audit field - (this is for 5.1.0) - also the implementation for this is different
• what is LBP UAT

webapp:

Under security enhancements:

• Clear non httponly cookies on user logout (for better understanding)
• Instead of "Don't display last login time for cognito users." -> "For cognito users last login time not displayed" (for better understanding)

[ashusvnath]

@mahalakshme : Incorporated your feedback. Release notes draft on avni product has been updated.