# Releases ## 2021-Q2 ### Vault v32.4.3 * Fixed delegate user role for to access user's DEK * Removed conversations and messages endpoints * Added client task for re-encrypting the account owners KEK during delegation setup * Added support multiple JWT issuers for OpenIDConnect Authentication flow. * Added support seamless identity transition on OpenIDConnect identity provider change. * This feature requires OpenIDConnect JWT to enclose a special claim `extension_meecoUserId` with value reference to the previous Meeco user identity. * Added parameters for `GET /connections`: * `delegation=granted_to_the_other_user`; the current user has granted delegation to other users * `delegation=granted_to_me`; the current user has received delegation from other users * Changed `GET /session` shows: * the type of the session (`oidc` or `token`) * if the type of the session is `token`, the access token will be shown * Added parameters to `GET /items`: it is now possible to fetch only items with a certain name via `?name=foo` * Added Share intents: * `POST /invitations/{invitation_id}/share_intents` to create a share intent * `DELETE /share_intents/:id`, * `GET /share_intents/:id` * `GET /share_intents` * Models `Invitation` and `PublicInvitation` have new field `shares_to_be_created` * response to `POST /connections` contains a new element: a report on the created connections * Changed parameters `valid_for` added to `POST /sessions`. `valid_for` defines the number of seconds the token is going to be valid * Changed handling of errors in `POST /items/shares`: field `extra_info` contains a subset of incoming parameters with the error. * Removed image and background color for the Item model (removed fields `image_background_colour`, `background_color` which are realted) * Removed Item flag `me` from items. * Changed User field `verified_at` so is hidden. * Removed legacy `messages` feature which was not being used and would need to be upgraded if it were to be used. * Changed the `POST /thumbnails` endpoint request structure to be nested under a `thumbnail` object * Fixed performance on the `POST /items` endpoint * Changed classification parameters for `POST /items` and `PUT /items` endpoints * Changed `POST /classification_nodes` to only be used for user managed schemes (tags) * Changed error messages on `POST /items` endpoint to provide more detailde cause * Added field `owned_by_user` to classification scheme * Removed `value` from POST /items, `encrypted_value` field should be used instead * Removed POST /images endpoint and all image relations on items and users, images (unencrypted) are now only to be used by system admins, this helps clear confusion and the risk of user's images being sent up unencrypted. * Removed associations from users and items * Added enum definitions to the swagger file (and generated sdk) for the following models: * `ClientTask.state` * `ClientTask.work_type` * `Event.eventable_type` * `Event.event_type` * `OwnConnectionData.connection_type` * `TheOtherConnectedUserData.connection_type` * `Service.status` * `Organization.status` * `Share.acceptance_required` * `Share.sharing_mode` * `OrganizationMember.role` * `User.user_type` * Removed updating of a slot in the `PUT /items` endpoint. You must now specifiy the slot's id to update it, any slot sent up without an id will be treated as a new slot * Changed the flow of downloading attachments so fewer API calls are needed (see newly released cli/sdk implementation for example usage) * Removed fields `is_app_logging_enabled`, `unconfirmed_email`, `share_terms` from model `User` * Removed UserAccessToken fields `name`, `device_push_token`, `push_token_platform` * Added `item_ids` parameter to retrieve multiple specific items at once. e.g. `GET /items?item_ids=abc,xyz,foo,bar` * Changed share objects to hide the `owner_id` field from share objects when the sharee is not connected with the owner of the item (e.g. on-share) * `POST /items` - added fields `name` and `description` to the list of accepted item fields * `POST /items`: removed fields `id` and `_destroy` from slot attributes when creating a new item. * Added documentation for `GET /images/:id` endpoint * Removed GET /attachments/:id/download from documentation (this endpoint had already be decommisioned in the previous release) * `attachment_id` in slots no longer changes when sharing a slot with an attachment * Changed the shape of the nested attachment json (on POST /items etc) * Removed `slots.attachment_uid` as `attachment_id` does not change upon share now. * Changed behaviour of attachements to enforce data integrity * once a slot has an attachment, it is not permitted to remove or replace the attachment * once a slot has an attachments folder, it is not permitted to remove or replace the attachments folder * Changed the urls generated by the server for images and thumbnails. Redirects are now handled by 2 endpoints: * `GET /blobs/public/{id}/{digest}` - for images and thumbnails * `GET /blobs/attachment/{id}/{digest}` - for attachments and direct attachments * Removed `PUT /slots/:id`. Instead, `PUT /items/:id` should be used. * Added attachment folders functionality; managing attachments folders not linked to any slots: * `POST /attachments_folders` * `GET /attachments_folders` * `GET /attachments_folders/:id` * `DELETE /attachments_folders/:id` * Added attachments folders for slots: * To attach an existing attachments folder use property `attachments_folder_id`, see model `NestedSlotAttributes` * To access a attachments folders data use `GET /slots/:slot_id/attachments_folder` * Added new parameters for `GET /items`: * `own` boolean, if true adds constraint `items.user_id = items.owner_id`, if false adds constraint `items.user_id != items.owner_id` * `owner_id`, if present, adds constraint `items.owner_id = 'parameter goes here'` * Removed Field `encrypted` in `Slot` * Removed fields `cloudname`, `key_store_admission_token`, `key_store_id`, `key_store_url`, `key_store_username` in `User` ### KeyStore API v5.8.1 * Added support multiple JWT issuers for OpenIDConnect Authentication flow. * Added support seamless identity transition on OpenIDConnect identity provider change. * This feature requires OpenIDConnect JWT to enclose a special claim `extension_meecoUserId` with value reference to the previous Meeco user identity. * Changed `GET /session` shows the validity of the current session * Added endpoint `POST /session/limited_in_time` * Added new parameters `valid_for` added to `POST /sessions`, `POST /sessions/with_login_key`, and `POST /srp/sessions`. `valid_for` defines the number of seconds the token is going to be valid * Fixed Authorizations in the swagger file (userAuthToken, oidc2UserAuthToken, subscriptionKey, meecoDelegationId]) * Added new mandatory parameter in `POST /child_users`: `delegation_token` * Added `private_dek_external_id` to the response of `POST /child_users` ### StyleKit v2.0.0 * Version bump on most dependencies * Build directory now fonts and images ### SDK v3.0.0 * Version bump on most dependencies ### FileStorageBrowser, FileStorageNode v5.0.0 * Version bump on most dependencies ### CLI v3.0.0 * Version bump on most dependencies ## Feb 2021 ### CLI v2.0.0 * `users:get` renamed to `users:login`, has the effect of recreating tokens if expired. * `users:get` now returns user's id and other user info. * `shares:create-config` takes connection and item config files (output of `connections:create` and `items:create`) instead of the respective ids. * `client-task-queue:list` no longer accepts `--suppressChangingState`, pass `--update` if you want to set listed tasks to `in_progress`. * `client-task-queue:run-batch` can now run `failed` tasks too. * new command `client-task-queue:update` allows changing status of client tasks. * `client-task-queue` commands now have `--limit` parameter * added `items:create-thumbnail` * `meeco items:list` allow filtering list by `templateId`, `scheme`, `classification` and `sharedWith`. * added `oidc_token` OIDC token header support for authenticating user. ### SDK v2.0.0 * Major revamp of Services API: * All custom service methods specify the required credentials by interfaces * Services provide their base APIs via the `getAPI` method * Services with paginated responses offer a `listAll` method * Added Service for delegating child users * Added cryppo wrapper classes `SymmetricKey` and `PublicKey` to simplify key usage within SDK * Added classes for manipulating Items and Slots: `DecryptedItem` for client-side copies, `NewItem` and `ItemUpdate` for pending changes. * Added demo app for sharing and delegation * added `oidc_token` OIDC token header support for authenticating user. ### Vault API v19.3.0 * Add user\_public\_key to response of `GET /invitations/{:token}` * Remove `child_public_key_for_login` parameter from `POST /child_users` * Update description of `sharing_mode` in `POST /items/{id}/shares` * New field `item_shared_via_another_share_id` in ShareWithItemData If this field is NULL it means that the rendered item has been created via the currently displayed share. If `item_shared_via_another_share_id` is not NULL, it means that the rendered item has been created via a different share, and the ID if the share is in `item_shared_via_another_share_id`. The client is advised to re-run the call with this ID. * Change default behaviour of `GET /client-task-queue` to not change task states `supress_changing_state` parameter has been changed to change\_state to reflect the change. * Add delegation\_token parameter description in `POST /invitations` * Change behavour of GET /client\_task\_queue * Will now return items of all states by default * Accepts a list of states instead of a single state as before * Generated TypeScript client will now require that states are passed using the generated ClientTaskQueueGetStateEnum enum * Removed logging in with a password `POST /session/login` * Add item\_ids query parameter for `GET /outgoing_shares` as search filter. * Support for OIDC2 * Added filter target\_id to `GET /client_task_queue`: `GET /client_task_queue?target_id=id` * Add `GET /event_feed endpoint` * Swagger models `Slot`, `Attachment`, and `DirectAttachment` all have a new field: `attachment_uid`. The function of `attachment_uid` is to signal whether the actual file referenced from two different attachments is the same or not. In other words, when an attachment is shared to a different user, a new attachment record is created with a new id, but `attachment_uid` stays the same. This ID cannot be used to retrieve the attachment. * added filter `classification_node_names` to `GET /items: GET /items?classification_node_names=value_1,value_2,value_3` * added filter `shared_with` to `GET /items: GET /items?shared_with=user_id`. If present, only items will be fetched which have been shared with the given user. Works for items owned by the current user as well as for items owned by someone else and on-shared by the current user. ### KeyStore API v5.1.0 * Add `POST /child_users` endpoint * Add `POST /delegations` endpoint * Add `GET`, `DELETE /delegations/:delegation_token` endpoint * Add `PUT /delegations/:delegation_token/share` endpoint * Add `PUT /delegations/:delegation_token/reencrypt` endpoint * Rename `DELETE /session/all` :delete\_all\_session\_params query param to :except\_current of boolean type. * Add `POST /delegations/:delegation_token/claim` endpoint * Added user delegation header `Meeco-Delegation-Id`. `Meeco-Delegation-Id` contains the ID of a user that the current user has delegation permissions for. If delegation has been set up correctly, the current user of the action will be the user in `Meeco-Delegation-Id` * Remove encryption spaces endpoints * Dropped support for `POST /keypairs/external_id/:external_id/` decrypt\_session\_token * Support for OIDC2 * External\_identitiers in Keypair is a string, not an object. * Private\_dek\_external\_id is added to the response of `POST /child_users` ### Cryppo/JS v2.0.0 * Breaking changes: * Encrypt method now accept bytes UInt8Array as input. * Decrypt method now produce bytes UInt8Array as output. * RSA signature also accept bytes UInt8Array as input. * Private key encryption also accepts bytes as input. ### File-Storage-Browser, File-Storage-Node v3.0.0 * Updated cryppo version 2.0.0 * Updated Vault-api-sdk: 19.X.X & keystore-api-sdk: 5.X.X ### Cryppo CLI v2.0.0 * No functional changes, updated new cryppo version 2.0.0 ## October 2020 ### Vault API v16.0.1 * On-sharing - the ability to allow other users to share an item that has been shared with you if the item’s owner allows it. This includes a verification step to make sure the on-sharer has not modified the data. * Organizations - you can now create an account for your organisation and add members and services. * Accepting of shares - we’ve identified that sometimes the terms of a share need to be reviewed and explicitly accepted or rejected before seeing the data so we’ve now made this possible. * More efficient file attachments, we now have the ability to receive encrypted chunks of data so an entire file doesn’t have to be encrypted as one before sending it up. * Improved Sharing - sharing is more streamlined, comprehensible and performant than ever before. * Sharing of encrypted files with other users. * Re-encrypting of shared data to cut down on the number of Encryption Keys needed to be stored/managed indefinitely. * Updated to use latest BSON serialization format from Cryppo. ### KeyStore API v3.0.0 * Remove the shared key endpoints as sharing keys for shares will now happen in the vault. * Removed the encryption\_spaces endpoints in favor of just using the Date Encryption Key endpoints. ### SDK v1.0.0 * Added Item Update function * Added Functions to Retrieve Client Tasks and Execute the Tasks. * Added some Organization related commands where the logic was not just a simple endpoint req * Exposed more methods from the user create and user login flow to allow more control from client applications. ### CLI v1.0.0 * Added Share Delete command. * Added Item Update function * Added Functions to Retrieve Client Tasks and Execute the Tasks. * Added Commands for Creating and Managing Organizations, Organization Services, and Organization Members. * Added Checking the Client Task Queue after updating an item to see if shares need to be updated. * Added user login and logout methods. ### Cryppo/JS v1.0.0 * Updated to return null when an empty string is passed in instead of returning a serialized empty string. * Updated to the latest underlying node-forge library. * Update to use BSON serialization. * Better handling of character encoding by forcing UTF-8 where appropriate. ### Cryppo/Ruby v1.0.0 * Update to use BSON serialization. * Added Checking of the Client Task Queue after updating an item to see if shares need to be updated. ### Cryppo CLI v1.0.1 * No functional changes, just updated to use new linked libraries. ### File-Storage-Browser, File-Storage-Node v2.0.0 * Initial release of these browser-js/node-js packages to upload files as chunks of encrypted data. ### Style-Kit v1.0.0 * Initial release of this html/js library used for adding Meeco’s stylings to your app or components of your app.