Releases

2021-Q2

Vault v32.4.3

  • Fixed delegate user role for to access user's DEK

  • Removed conversations and messages endpoints

  • Added client task for re-encrypting the account owners KEK during delegation setup

  • Added support multiple JWT issuers for OpenIDConnect Authentication flow.

  • Added support seamless identity transition on OpenIDConnect identity provider change.

    • This feature requires OpenIDConnect JWT to enclose a special claim extension_meecoUserId

      with value reference to the previous Meeco user identity.

  • Added parameters for GET /connections:

    • delegation=granted_to_the_other_user; the current user has granted delegation to other users

    • delegation=granted_to_me; the current user has received delegation from other users

  • Changed GET /session shows:

    • the type of the session (oidc or token)

    • if the type of the session is token, the access token will be shown

  • Added parameters to GET /items: it is now possible to fetch only items with a certain name via ?name=foo

  • Added Share intents:

    • POST /invitations/{invitation_id}/share_intents to create a share intent

    • DELETE /share_intents/:id,

    • GET /share_intents/:id

    • GET /share_intents

    • Models Invitation and PublicInvitation have new field shares_to_be_created

    • response to POST /connections contains a new element: a report on the created connections

  • Changed parameters valid_for added to POST /sessions. valid_for defines the number of

    seconds the token is going to be valid

  • Changed handling of errors in POST /items/shares: field extra_info contains

    a subset of incoming parameters with the error.

  • Removed image and background color for the Item model (removed fields image_background_colour, background_color which are realted)

  • Removed Item flag me from items.

  • Changed User field verified_at so is hidden.

  • Removed legacy messages feature which was not being used and would need to be upgraded if it were to be used.

  • Changed the POST /thumbnails endpoint request structure to be nested under a thumbnail object

  • Fixed performance on the POST /items endpoint

  • Changed classification parameters for POST /items and PUT /items endpoints

  • Changed POST /classification_nodes to only be used for user managed schemes (tags)

  • Changed error messages on POST /items endpoint to provide more detailde cause

  • Added field owned_by_user to classification scheme

  • Removed value from POST /items, encrypted_value field should be used instead

  • Removed POST /images endpoint and all image relations on items and users, images (unencrypted) are now only to be used by system

    admins, this helps clear confusion and the risk of user's images being sent up unencrypted.

  • Removed associations from users and items

  • Added enum definitions to the swagger file (and generated sdk) for the following models:

    • ClientTask.state

    • ClientTask.work_type

    • Event.eventable_type

    • Event.event_type

    • OwnConnectionData.connection_type

    • TheOtherConnectedUserData.connection_type

    • Service.status

    • Organization.status

    • Share.acceptance_required

    • Share.sharing_mode

    • OrganizationMember.role

    • User.user_type

  • Removed updating of a slot in the PUT /items endpoint. You must now specifiy the slot's id to

    update it, any slot sent up without an id will be treated as a new slot

  • Changed the flow of downloading attachments so fewer API calls are needed (see newly released cli/sdk implementation for example usage)

  • Removed fields is_app_logging_enabled, unconfirmed_email, share_terms from model User

  • Removed UserAccessToken fields name, device_push_token, push_token_platform

  • Added item_ids parameter to retrieve multiple specific items at once. e.g. GET /items?item_ids=abc,xyz,foo,bar

  • Changed share objects to hide the owner_id field from share objects when the sharee is not connected with the owner of the item (e.g. on-share)

  • POST /items - added fields name and description to the list of accepted item fields

  • POST /items: removed fields id and _destroy from slot attributes when creating a new item.

  • Added documentation for GET /images/:id endpoint

  • Removed GET /attachments/:id/download from documentation (this endpoint had already be decommisioned in the previous release)

  • attachment_id in slots no longer changes when sharing a slot with an attachment

  • Changed the shape of the nested attachment json (on POST /items etc)

  • Removed slots.attachment_uid as attachment_id does not change upon share now.

  • Changed behaviour of attachements to enforce data integrity

    • once a slot has an attachment, it is not permitted to remove or replace the attachment

    • once a slot has an attachments folder, it is not permitted to remove or replace the attachments folder

  • Changed the urls generated by the server for images and thumbnails. Redirects are now handled by 2 endpoints:

    • GET /blobs/public/{id}/{digest} - for images and thumbnails

    • GET /blobs/attachment/{id}/{digest} - for attachments and direct attachments

  • Removed PUT /slots/:id. Instead, PUT /items/:id should be used.

  • Added attachment folders functionality; managing attachments folders not linked to any slots:

    • POST /attachments_folders

    • GET /attachments_folders

    • GET /attachments_folders/:id

    • DELETE /attachments_folders/:id

  • Added attachments folders for slots:

    • To attach an existing attachments folder use property attachments_folder_id, see model NestedSlotAttributes

    • To access a attachments folders data use GET /slots/:slot_id/attachments_folder

  • Added new parameters for GET /items:

    • own boolean, if true adds constraint items.user_id = items.owner_id, if false adds

      constraint items.user_id != items.owner_id

    • owner_id, if present, adds constraint items.owner_id = 'parameter goes here'

  • Removed Field encrypted in Slot

  • Removed fields cloudname, key_store_admission_token, key_store_id,

    key_store_url, key_store_username in User

KeyStore API v5.8.1

  • Added support multiple JWT issuers for OpenIDConnect Authentication flow.

  • Added support seamless identity transition on OpenIDConnect identity provider change.

    • This feature requires OpenIDConnect JWT to enclose a special claim extension_meecoUserId

      with value reference to the previous Meeco user identity.

  • Changed GET /session shows the validity of the current session

  • Added endpoint POST /session/limited_in_time

  • Added new parameters valid_for added to POST /sessions, POST /sessions/with_login_key,

    and POST /srp/sessions. valid_for defines the number of seconds the token is going

    to be valid

  • Fixed Authorizations in the swagger file (userAuthToken, oidc2UserAuthToken,

    subscriptionKey, meecoDelegationId])

  • Added new mandatory parameter in POST /child_users: delegation_token

  • Added private_dek_external_id to the response of POST /child_users

StyleKit v2.0.0

  • Version bump on most dependencies

  • Build directory now fonts and images

SDK v3.0.0

  • Version bump on most dependencies

FileStorageBrowser, FileStorageNode v5.0.0

  • Version bump on most dependencies

CLI v3.0.0

  • Version bump on most dependencies

Feb 2021

CLI v2.0.0

  • users:get renamed to users:login, has the effect of recreating tokens if expired.

  • users:get now returns user's id and other user info.

  • shares:create-config takes connection and item config files (output of connections:create and items:create) instead of the respective ids.

  • client-task-queue:list no longer accepts --suppressChangingState, pass --update if you want to set listed tasks to in_progress.

  • client-task-queue:run-batch can now run failed tasks too.

  • new command client-task-queue:update allows changing status of client tasks.

  • client-task-queue commands now have --limit parameter

  • added items:create-thumbnail

  • meeco items:list allow filtering list by templateId, scheme, classification and sharedWith.

  • added oidc_token OIDC token header support for authenticating user.

SDK v2.0.0

  • Major revamp of Services API:

    • All custom service methods specify the required credentials by interfaces

    • Services provide their base APIs via the getAPI method

    • Services with paginated responses offer a listAll method

  • Added Service for delegating child users

  • Added cryppo wrapper classes SymmetricKey and PublicKey to simplify key usage within SDK

  • Added classes for manipulating Items and Slots: DecryptedItem for client-side copies, NewItem and ItemUpdate for pending changes.

  • Added demo app for sharing and delegation

  • added oidc_token OIDC token header support for authenticating user.

Vault API v19.3.0

  • Add user_public_key to response of GET /invitations/{:token}

  • Remove child_public_key_for_login parameter from POST /child_users

  • Update description of sharing_mode in POST /items/{id}/shares

  • New field item_shared_via_another_share_id in ShareWithItemData If this field is NULL it means that the rendered item has been created via the currently displayed share. If item_shared_via_another_share_id is not NULL, it means that the rendered item has been created via a different share, and the ID if the share is in item_shared_via_another_share_id. The client is advised to re-run the call with this ID.

  • Change default behaviour of GET /client-task-queue to not change task states supress_changing_state parameter has been changed to change_state to reflect the change.

  • Add delegation_token parameter description in POST /invitations

  • Change behavour of GET /client_task_queue

    • Will now return items of all states by default

    • Accepts a list of states instead of a single state as before

    • Generated TypeScript client will now require that states are passed using the generated ClientTaskQueueGetStateEnum enum

  • Removed logging in with a password POST /session/login

  • Add item_ids query parameter for GET /outgoing_shares as search filter.

  • Support for OIDC2

  • Added filter target_id to GET /client_task_queue: GET /client_task_queue?target_id=id

  • Add GET /event_feed endpoint

  • Swagger models Slot, Attachment, and DirectAttachment all have a new field: attachment_uid. The function of attachment_uid is to signal whether the actual file referenced from two different attachments is the same or not. In other words, when an attachment is shared to a different user, a new attachment record is created with a new id, but attachment_uid stays the same. This ID cannot be used to retrieve the attachment.

  • added filter classification_node_names to GET /items: GET /items?classification_node_names=value_1,value_2,value_3

  • added filter shared_with to GET /items: GET /items?shared_with=user_id. If present, only items will be fetched which have been shared with the given user. Works for items owned by the current user as well as for items owned by someone else and on-shared by the current user.

KeyStore API v5.1.0

  • Add POST /child_users endpoint

  • Add POST /delegations endpoint

  • Add GET, DELETE /delegations/:delegation_token endpoint

  • Add PUT /delegations/:delegation_token/share endpoint

  • Add PUT /delegations/:delegation_token/reencrypt endpoint

  • Rename DELETE /session/all :delete_all_session_params query param to :except_current of boolean type.

  • Add POST /delegations/:delegation_token/claim endpoint

  • Added user delegation header Meeco-Delegation-Id. Meeco-Delegation-Id contains the ID of a user that the current user has delegation permissions for. If delegation has been set up correctly, the current user of the action will be the user in Meeco-Delegation-Id

  • Remove encryption spaces endpoints

  • Dropped support for POST /keypairs/external_id/:external_id/ decrypt_session_token

  • Support for OIDC2

  • External_identitiers in Keypair is a string, not an object.

  • Private_dek_external_id is added to the response of POST /child_users

Cryppo/JS v2.0.0

  • Breaking changes: https://github.com/Meeco/cryppo-js/blob/master/README.md

    • Encrypt method now accept bytes UInt8Array as input.

    • Decrypt method now produce bytes UInt8Array as output.

    • RSA signature also accept bytes UInt8Array as input.

    • Private key encryption also accepts bytes as input.

File-Storage-Browser, File-Storage-Node v3.0.0

  • Updated cryppo version 2.0.0

  • Updated Vault-api-sdk: 19.X.X & keystore-api-sdk: 5.X.X

Cryppo CLI v2.0.0

  • No functional changes, updated new cryppo version 2.0.0

October 2020

Vault API v16.0.1

  • On-sharing - the ability to allow other users to share an item that has been shared with you if the item’s owner allows it. This includes a verification step to make sure the on-sharer has not modified the data.

  • Organizations - you can now create an account for your organisation and add members and services.

  • Accepting of shares - we’ve identified that sometimes the terms of a share need to be reviewed and explicitly accepted or rejected before seeing the data so we’ve now made this possible.

  • More efficient file attachments, we now have the ability to receive encrypted chunks of data so an entire file doesn’t have to be encrypted as one before sending it up.

  • Improved Sharing - sharing is more streamlined, comprehensible and performant than ever before.

  • Sharing of encrypted files with other users.

  • Re-encrypting of shared data to cut down on the number of Encryption Keys needed to be stored/managed indefinitely.

  • Updated to use latest BSON serialization format from Cryppo.

KeyStore API v3.0.0

  • Remove the shared key endpoints as sharing keys for shares will now happen in the vault.

  • Removed the encryption_spaces endpoints in favor of just using the Date Encryption Key endpoints.

SDK v1.0.0

  • Added Item Update function

  • Added Functions to Retrieve Client Tasks and Execute the Tasks.

  • Added some Organization related commands where the logic was not just a simple endpoint req

  • Exposed more methods from the user create and user login flow to allow more control from client applications.

CLI v1.0.0

  • Added Share Delete command.

  • Added Item Update function

  • Added Functions to Retrieve Client Tasks and Execute the Tasks.

  • Added Commands for Creating and Managing Organizations, Organization Services, and Organization Members.

  • Added Checking the Client Task Queue after updating an item to see if shares need to be updated.

  • Added user login and logout methods.

Cryppo/JS v1.0.0

  • Updated to return null when an empty string is passed in instead of returning a serialized empty string.

  • Updated to the latest underlying node-forge library.

  • Update to use BSON serialization.

  • Better handling of character encoding by forcing UTF-8 where appropriate.

Cryppo/Ruby v1.0.0

  • Update to use BSON serialization.

  • Added Checking of the Client Task Queue after updating an item to see if shares need to be updated.

Cryppo CLI v1.0.1

  • No functional changes, just updated to use new linked libraries.

File-Storage-Browser, File-Storage-Node v2.0.0

  • Initial release of these browser-js/node-js packages to upload files as chunks of encrypted data.

Style-Kit v1.0.0

  • Initial release of this html/js library used for adding Meeco’s stylings to your app or components of your app.