Releases

2021-Q2
Vault v32.4.3
Fixed delegate user role for to access user's DEK
Removed conversations and messages endpoints
Added client task for re-encrypting the account owners KEK during delegation setup
Added support multiple JWT issuers for OpenIDConnect Authentication flow.
Added support seamless identity transition on OpenIDConnect identity provider change.
This feature requires OpenIDConnect JWT to enclose a special claim extension_meecoUserId 
with value reference to the previous Meeco user identity.
Added parameters for GET /connections:
delegation=granted_to_the_other_user; the current user has granted delegation to other users 
delegation=granted_to_me; the current user has received delegation from other users
Changed GET /session shows:
the type of the session (oidc or token)
if the type of the session is token, the access token will be shown
Added parameters to GET /items: it is now possible to fetch only items with a certain name via ?name=foo
Added Share intents:
POST /invitations/{invitation_id}/share_intents to create a share intent
DELETE /share_intents/:id,
GET /share_intents/:id
GET /share_intents
Models Invitation and PublicInvitation have new field shares_to_be_created
response to POST /connections contains a new element: a report on the created connections
Changed parameters valid_for added to POST /sessions. valid_for defines the number of
seconds the token is going to be valid
Changed handling of errors in POST /items/shares: field extra_info contains
a subset of incoming parameters with the error.
Removed image and background color for the Item model (removed fields image_background_colour, background_color which are realted)
Removed Item flag me from items.
Changed User field verified_at so is hidden.
Removed legacy messages feature which was not being used and would need to be upgraded if it were to be used.
Changed the POST /thumbnails endpoint request structure to be nested under a thumbnail object
Fixed performance on the POST /items endpoint
Changed classification parameters for POST /items and PUT /items endpoints
Changed POST /classification_nodes to only be used for user managed schemes (tags)
Changed error messages on POST /items endpoint to provide more detailde cause
Added field owned_by_user to classification scheme
Removed value from POST /items, encrypted_value field should be used instead
Removed POST /images endpoint and all image relations on items and users, images (unencrypted) are now only to be used by system
admins, this helps clear confusion and the risk of user's images being sent up unencrypted.
Removed associations from users and items
Added enum definitions to the swagger file (and generated sdk) for the following models:
ClientTask.state
ClientTask.work_type
Event.eventable_type
Event.event_type
OwnConnectionData.connection_type
TheOtherConnectedUserData.connection_type
Service.status
Organization.status
Share.acceptance_required
Share.sharing_mode
OrganizationMember.role
User.user_type
Removed updating of a slot in the PUT /items endpoint. You must now specifiy the slot's id to
update it, any slot sent up without an id will be treated as a new slot
Changed the flow of downloading attachments so fewer API calls are needed (see newly released cli/sdk implementation for example usage)
Removed fields is_app_logging_enabled, unconfirmed_email, share_terms from model User
Removed UserAccessToken fields name, device_push_token, push_token_platform
Added item_ids parameter to retrieve multiple specific items at once. e.g.  GET /items?item_ids=abc,xyz,foo,bar
Changed share objects to hide the owner_id field from share objects when the sharee is not connected with the owner of the item (e.g. on-share)
POST /items - added fields name and description to the list of accepted item fields
POST /items: removed fields id and _destroy from slot attributes when creating a new item.
Added documentation for GET /images/:id endpoint
Removed GET /attachments/:id/download from documentation (this endpoint had already be decommisioned in the previous release)
attachment_id in slots no longer changes when sharing a slot with an attachment
Changed the shape of the nested attachment json (on POST /items etc)
Removed slots.attachment_uid as attachment_id does not change upon share now.
Changed behaviour of attachements to enforce data integrity
once a slot has an attachment, it is not permitted to remove or replace the attachment
once a slot has an attachments folder, it is not permitted to remove or replace the attachments folder
Changed the urls generated by the server for images and thumbnails. Redirects are now handled by 2 endpoints:
GET /blobs/public/{id}/{digest} - for images and thumbnails
GET /blobs/attachment/{id}/{digest} - for attachments and direct attachments
Removed PUT /slots/:id. Instead, PUT /items/:id should be used.
Added attachment folders functionality; managing attachments folders not linked to any slots:
POST /attachments_folders
GET /attachments_folders
GET /attachments_folders/:id
DELETE /attachments_folders/:id
Added attachments folders for slots:
To attach an existing attachments folder use property attachments_folder_id, see model NestedSlotAttributes
To access a attachments folders data use GET /slots/:slot_id/attachments_folder
Added new parameters for GET /items:
own boolean, if true adds constraint items.user_id = items.owner_id, if false adds
constraint items.user_id != items.owner_id
owner_id, if present, adds constraint items.owner_id = 'parameter goes here'
Removed Field encrypted in Slot
Removed fields cloudname, key_store_admission_token, key_store_id,
key_store_url, key_store_username in User
KeyStore API v5.8.1
Added support multiple JWT issuers for OpenIDConnect Authentication flow.
Added support seamless identity transition on OpenIDConnect identity provider change.
This feature requires OpenIDConnect JWT to enclose a special claim extension_meecoUserId 
with value reference to the previous Meeco user identity.
Changed GET /session shows the validity of the current session
Added endpoint POST /session/limited_in_time
Added new parameters valid_for added to POST /sessions, POST /sessions/with_login_key,
and POST /srp/sessions. valid_for defines the number of seconds the token is going
to be valid
Fixed Authorizations in the swagger file (userAuthToken, oidc2UserAuthToken,
subscriptionKey, meecoDelegationId])
Added new mandatory parameter in POST /child_users: delegation_token
Added private_dek_external_id to the response of POST /child_users
StyleKit v2.0.0
Version bump on most dependencies
Build directory now fonts and images
SDK v3.0.0
Version bump on most dependencies
FileStorageBrowser, FileStorageNode v5.0.0
Version bump on most dependencies
CLI v3.0.0
Version bump on most dependencies
Feb 2021
CLI v2.0.0
users:get renamed to users:login, has the effect of recreating tokens if expired.
users:get now returns user's id and other user info.
shares:create-config takes connection and item config files (output of connections:create and items:create) instead of the respective ids.
client-task-queue:list no longer accepts --suppressChangingState, pass --update if you want to set listed tasks to in_progress.
client-task-queue:run-batch can now run failed tasks too.
new command client-task-queue:update allows changing status of client tasks.
client-task-queue commands now have --limit parameter
added items:create-thumbnail
meeco items:list allow filtering list by templateId, scheme, classification and sharedWith.
added oidc_token OIDC token header support for authenticating user.
SDK v2.0.0
Major revamp of Services API:
All custom service methods specify the required credentials by interfaces
Services provide their base APIs via the getAPI method
Services with paginated responses offer a listAll method
Added Service for delegating child users
Added cryppo wrapper classes SymmetricKey and PublicKey to simplify key usage within SDK
Added classes for manipulating Items and Slots: DecryptedItem for client-side copies, NewItem and ItemUpdate for pending changes.
Added demo app for sharing and delegation
added oidc_token OIDC token header support for authenticating user.
Vault API v19.3.0
Add user_public_key to response of GET /invitations/{:token}
Remove child_public_key_for_login parameter from POST /child_users
Update description of sharing_mode in POST /items/{id}/shares
New field item_shared_via_another_share_id in ShareWithItemData If this field is NULL it means that the rendered item has been created via the currently displayed share. If item_shared_via_another_share_id is not NULL, it means that the rendered item has been created via a different share, and the ID if the share is in item_shared_via_another_share_id. The client is advised to re-run the call with this ID.
Change default behaviour of GET /client-task-queue to not change task states supress_changing_state parameter has been changed to change_state to reflect the change.
Add delegation_token parameter description in POST /invitations
Change behavour of GET /client_task_queue
Will now return items of all states by default
Accepts a list of states instead of a single state as before
Generated TypeScript client will now require that states are passed using the generated ClientTaskQueueGetStateEnum enum
Removed logging in with a password POST /session/login
Add item_ids query parameter for GET /outgoing_shares as search filter.
Support for OIDC2
Added filter target_id to GET /client_task_queue: GET /client_task_queue?target_id=id
Add GET /event_feed endpoint
Swagger models Slot, Attachment, and DirectAttachment all have a new field: attachment_uid. The function of attachment_uid is to signal whether the actual file referenced from two different attachments is the same or not. In other words, when an attachment is shared to a different user, a new attachment record is created with a new id, but attachment_uid stays the same. This ID cannot be used to retrieve the attachment.
added filter classification_node_names to GET /items: GET /items?classification_node_names=value_1,value_2,value_3
added filter shared_with to GET /items: GET /items?shared_with=user_id. If present, only items will be fetched which have been shared with the given user. Works for items owned by the current user as well as for items owned by someone else and on-shared by the current user.
KeyStore API v5.1.0
Add POST /child_users endpoint
Add POST /delegations endpoint
Add GET, DELETE /delegations/:delegation_token endpoint
Add PUT /delegations/:delegation_token/share endpoint
Add PUT /delegations/:delegation_token/reencrypt endpoint
Rename DELETE /session/all :delete_all_session_params query param to :except_current of boolean type.
Add POST /delegations/:delegation_token/claim endpoint
Added user delegation header Meeco-Delegation-Id. Meeco-Delegation-Id contains the ID of a user that the current user has delegation permissions for. If delegation has been set up correctly, the current user of the action will be the user in Meeco-Delegation-Id
Remove encryption spaces endpoints
Dropped support for POST /keypairs/external_id/:external_id/ decrypt_session_token
Support for OIDC2
External_identitiers in Keypair is a string, not an object.
Private_dek_external_id is added to the response of POST /child_users
Cryppo/JS v2.0.0
Breaking changes: https://github.com/Meeco/cryppo-js/blob/master/README.md​
Encrypt method now accept bytes UInt8Array as input.
Decrypt method now produce bytes UInt8Array as output.
RSA signature also accept bytes UInt8Array as input.
Private key encryption also accepts bytes as input.
File-Storage-Browser, File-Storage-Node v3.0.0
Updated cryppo version 2.0.0
Updated Vault-api-sdk: 19.X.X & keystore-api-sdk: 5.X.X
Cryppo CLI v2.0.0
No functional changes, updated new cryppo version 2.0.0
October 2020
Vault API v16.0.1
On-sharing - the ability to allow other users to share an item that has been shared with you if the item’s owner allows it. This includes a verification step to make sure the on-sharer has not modified the data.
Organizations - you can now create an account for your organisation and add members and services.
Accepting of shares - we’ve identified that sometimes the terms of a share need to be reviewed and explicitly accepted or rejected before seeing the data so we’ve now made this possible.
More efficient file attachments, we now have the ability to receive encrypted chunks of data so an entire file doesn’t have to be encrypted as one before sending it up.
Improved Sharing - sharing is more streamlined, comprehensible and performant than ever before.
Sharing of encrypted files with other users.
Re-encrypting of shared data to cut down on the number of Encryption Keys needed to be stored/managed indefinitely.
Updated to use latest BSON serialization format from Cryppo.
KeyStore API v3.0.0
Remove the shared key endpoints as sharing keys for shares will now happen in the vault.
Removed the encryption_spaces endpoints in favor of just using the Date Encryption Key endpoints.
SDK v1.0.0
Added Item Update function
Added Functions to Retrieve Client Tasks and Execute the Tasks.
Added some Organization related commands where the logic was not just a simple endpoint req
Exposed more methods from the user create and user login flow to allow more control from client applications.
CLI v1.0.0
Added Share Delete command.
Added Item Update function
Added Functions to Retrieve Client Tasks and Execute the Tasks.
Added Commands for Creating and Managing Organizations, Organization Services, and Organization Members.
Added Checking the Client Task Queue after updating an item to see if shares need to be updated.
Added user login and logout methods.
Cryppo/JS v1.0.0
Updated to return null when an empty string is passed in instead of returning a serialized empty string.
Updated to the latest underlying node-forge library.
Update to use BSON serialization.
Better handling of character encoding by forcing UTF-8 where appropriate.
Cryppo/Ruby v1.0.0
Update to use BSON serialization.
Added Checking of the Client Task Queue after updating an item to see if shares need to be updated.
Cryppo CLI v1.0.1
No functional changes, just updated to use new linked libraries.
File-Storage-Browser, File-Storage-Node v2.0.0
Initial release of these browser-js/node-js packages to upload files as chunks of encrypted data.
Style-Kit v1.0.0
Initial release of this html/js library used for adding Meeco’s stylings to your app or components of your app.
Policies - Previous
Developer Policy
Last modified 3mo ago