22.06

A mailer, member database, and so much more, for digital activism.

22.06

Potentially Breaking Changes

Overview

This release is the final release managed by the OPEN tech team. From now on, the Independent Identity cohort will decide on the format, process and frequency for releases. The focus for this release was on stability and closing off loose ends, leaving the codebase in a clean, maintainable state.

Even with a focus on stability, this release includes a wide variety of improvements:

New Features

SMS improvements

The SMS blast functionality had falled into disrepair, thanks to Andy South for fixing things up and contributing these improvements

De-modularisation

Based on feedback from some network organisations and recently onboarded developers, this release includes a number of changes designed to simplify identity’s codebase for both new and existing developers. A large pain point has been modularisation - both the separate databases and (fuzzy) interface/boundary between the mailer gem and core. The following changes strike a balance between simplifying our code, and maintaining existing functionality and stability.

Security improvements

Small fixes and updates

Dependency Updates

All Pull Requests

22.04

Potentially Breaking Changes

The above changeset includes an upgrade to Sidekiq Unque Jobs which has caused a variety of issues. As a result, we have reduced our usage of this dependency, and changed how we configure it. Early problems, which are now fixed, included:

You should still expect to see an uptick in jobs landing in the Dead queue - this is because of a conflict strategy added to resolve the above issues. Instead of locking forever, a job may land in the dead queue, unlocking in the process, and allow the next attempt to run successfully.

Overview

This release was delayed because testing by organisations close to the main branch threw up issues with Sidekiq Unique Jobs and the ruby upgrade. In general, this is a stabilisation release, it includes a large number of dependency updates, and associated fixes. The highlights are larger upgrades, and configuration improvements.

With this release you can look forward to logging in both sidekiq and web processes properly respecting your configured log level, and the new documentation on Redis configuration is well worth a read to make sure you have the most robust setup possible.

All Pull Requests

21.10

Potentially Breaking Changes

Overview

The main change in this release is the removal of the Classic Renderer, from now on only Liquid will be used for rendering mailings. There are also a number of fixes and improvements included:

All Pull Requests

21.08.1

This hotfix release includes multiple important fixes:

If you are having issues with SSL requests due to an expired Let’s Encrypt root cert, this release fixes that.

21.08

Potentially Breaking Changes

The syncs for both Typeform and SurveyGizmo were broken in this release. This will cause an error in your clock process, blocking all other periodic functionality including mailing stats processing, if you have either Typeform or SurveyGizmo integrations enabled. If you rely on either integration, avoid this version.

Liquid

We originally planned for the removal of the Classic rendering option in this release. While testing that change, we discovered a problem with mailing archival which means we need to postpone that plan for one more release cycle. You may have noticed issues with mailing archival - either with the data used or archival not happening automatically after sends. These are both fixed in this release, and if you haven’t run the archival rake task for historic mailings yet (rake backfill:save_mailings_rendered), we recommending upgrading to 21.08 first, so you can run it with the correct sample data.

Overview

This release includes several important fixes and one new feature:

All Pull Requests

21.07

Potentially Breaking Changes

There are no known breaking changes in this release

Overview

This release includes a collection of smaller changes, there are no liquid changes apart from a UI update reflecting the updated timeline (classic removal at the end of August, not July). Changes include a database migration to keep sources unique, improved UI error reporting when subject lines or datasets are empty, and the addition of a campaign ID column to mailings.

All Pull Requests

21.06

Potentially Breaking Changes

Orgs using the simplemde/easymde editor should pay attention to this change adjusting the html saved for mailings.

Liquid

This release includes a number of Liquid updates. There are a number of new Liquid merge tags, covering all functionality previously available in the classic renderer. We also have some additional warning messages in the UI, and the default renderer for new mailings is now liquid. The current plan is to remove the Classic renderer in the next release (21.07 at the end of July)

All Pull Requests

21.05

Potentially Breaking Changes

This release includes a configuration update so identity will begin sending Content Security Policy (CSP) headers. This helps to prevent certain client side attacks. However, the policy is based on a finite allowed list of hosts for different kinds of content (e.g., images, javascript, styles), and so there is a risk that some identity features or integrations will stop working if they rely on a host excluded from this list. If you notice issues with this release, check your JavaScript console for messages including “violates the following Content Security Policy directive”. If you do encounter such a problem, please take these 2 steps to fix it:

Fixes and small improvements

All Pull Requests

21.04

Potentially Breaking Changes

If you are using the Simple MDE (e)ditor, you may have noticed some problems in an earlier release (21.02) when identity upgraded to Font Awesome 5. Simple MDE is no longer being updated and it does not support FA 5, however there is a fork - Easy MDE, which does support FA 5. Everything should work the same, but it’s still a risk in terms of switching editors, so it’s recommended you double check.

Liquid Changes

This release includes #3149: Use separate list for Liquid merge tags, an update to how merge tags are presented to campaigners when using the liquid renderer. As a reminder/convenience, merge tags are displayed in the sidebar on the right and (if using summernote text editor), in the “nugget” snippet insertion menu. Both locations are updated in this release:

Fixes and small improvements

All Pull Requests

21.03.1

Hotfix release to pin version of interact.js. Incompatible updates to a dependency of identity (interact.js) were released. Instead of pulling the latest version, this hotfix now holds us to the known working version 1.10.8

21.03

Potentially Breaking Changes

Fixes and small improvements

Several small improvements included in this release. For liquid users, the preview/samples and send steps all now clean up any inappropriate html tags or tokens inside your liquid merge tags, so you won’t need to spend so much time unlinking anchor tags or cleaning up   characters.

All Pull Requests

21.02.2

Hotfix release to deal with the package mimemagic being yanked from rubygems.org. There are no essential fixes here, but you may have problems deploying code based on earlier versions, as the deploy will attempt to fetch a version of mimemagic which no longer exists. If you’re making active deploys/changes based on 21.02.1 and they break, simply rebase on this version and you should be unblocked. If you’re not currently making changes/deploys, you can ignore this release.

21.02.1

Hotfix release to deal with cloning Liquid mailings. Cloned mailings now copy the renderer of their parent. This improves usability for admins cloning mailings, but critically allows for recurring mailings to use liquid, and have the children correctly use liquid as well.

21.02

Potentially Breaking Changes

NOTE: All new mailings default to the classic renderer, including clones. This means liquid should not be used for recurring mailings. NOTE: This release includes an upgrade to Font Awesome 5 (FA 5). This may impact some icons, and specifically breaks the Simple MDE WYSIWYG editor for editing mailings. If you use Simple MDE, you may want to jump to 21.04, when that issue is fixed.

Liquid Changes

This release marks the Liquid rendering engine as stable. It is ready for use and testing by all orgs. You should expect standard merge tags such as {{ first_name }} to continue working as they always have, but any custom component merge tags will not work with Liquid. You will need to port these by creating custom Liquid Tags. As an example, see Uplift’s custom tags in #3036. Further, while {{ }} will work for some simple “data” tags like {{ first_name }}, it is recommended to use {% %} for all liquid tags, which will work more consistently.

Also included in this release - a backfill for saving old mailing renders. Currently, when you go to view old mailings, we need to re-render them. This is fragile for a few reasons - as we change and anticipate removing the Classic renderer, and also as mailing templates and custom components change over time. To mitigate this risk, we’ll now save a fully rendered version of mailings when they are sent. To fully render a mailing, you need a member, you should configure which member is used for this purpose on the settings page. Once you’ve done this, it’s worth backfilling a render for all your older mailings so you can still view them after the Classic Renderer is removed. You can do this by running rake backfill:save_mailings_rendered. When viewing old mailings, Identity will attempt to re-render, and display this saved render as a fallback.

Fixes and small improvements

This release includes a few helpful fixes and improvements. You might notice the updated search UI, and if you integrate CSL it’s worth taking a look at the new configuration for skipping older data imports. Most orgs ignore full CSL imports because they’re too expensive, this new config may allow you to balance redundancy/resilience (catching events missed during the day) with practicality (not attempting to re-import events more than e.g., a month in the past).

All Pull Requests

21.01

Potentially Breaking Changes

New Features

Fixes

All Pull Requests

20.12

Potentially Breaking Changes

New Features

Fixes

Dependency Updates

All Pull Requests

20.11

Potentially Breaking Changes

Upgrading to Rails 6 we decided to use the new default Zeitwerk autoloader. This has stricter rules around naming of classes/modules and their corresponding file locations, so many files have been moved and classes namespaced into modules. Whilst every care has been taken to make this change non-breaking, it’s possible that this could introduce some breakages not discovered during QA.

Highlights

Rails has been upgraded to version 6 and Ruby has been upgraded to 2.7.2. This brings a bunch of performance and security improvements as well as some new features. (See Rails release notes for more details)

The new security permissions system has been extended to User permissions (as opposed to API token permissions). You can now grant users access to only specific parts of Identity they need to do their jobs, to increase security. More details on how to configure this in the Security docs.

It’s now possible to use a separate Redis instance for Sidekiq jobs, which could allow you to reduce the amount of space you need to allocate to your persistent Redis instance.

All PRs

Features

#2825 Upgrade Ruby & Rails by ootoovak #2837 New app settings by francesmcmullin #2864 Allow a separate redis queue to be used for sidekiq jobs by shinyshez #2874 Add latitude and longitude to basic data to be ghosted by shinyshez #2858 Run a single SQL query per search by jamesr2323 #2718 More granular user permissions by francesmcmullin #2850 Add warnings about fake mailing backend to mailer pages by francesmcmullin #2849 GoCardless chargebacks now handled by Identity by francesmcmullin

Fixes

#2902 Don’t strip whitespace on sent mailings by francesmcmullin #2928 Add nightly reindex to mailing_logs table by jamesr2323 #2927 Relase hotfix: Display the value if a corresponding option label cannot be found by francesmcmullin #2918 Bug/permissions fixes by francesmcmullin #2917 [Rails upgrade/namespacing] Fix donations create bug from model namespacing by francesmcmullin #2920 Fix/regular donations name by weatherpixie #2919 Allow Redshift to cancel queries by jamesr2323 #2913 Fix call to Sidekiq::UniqueJobsCleanupWorker by jkhulme #2912 Fix syncs pushing to external systems by jkhulme #2903 Update controlshift_api/v1_spec.rb to use more explicit mode by jkhulme #2900 * add an explicit analyze after the vacuum for mailing_logs by shinyshez #2875 Bug: Only update mailing statuses when send prep is complete by francesmcmullin #2871 Back merging 20.10 Release Notes into main branch by ootoovak #2895 Filter/reduce some errors sent to airbrake by jkhulme #2847 Strip whitespace from Mailing fields by jkhulme

20.10

Potentially Breaking Changes

Highlights

New Features

Fixes

All Pull Requests

20.09

Potentially Breaking Changes

New Features

Donations Improvements

Fixes

Dependency Updates

All Pull Requests

20.08

Notes

Documentation

Our github pages site was temporarily broken but it’s back now! This shows the docs for the latest stable version. Recent updates include the SECURITY page and the UPDATING_CONSENT_TEXTS page. For those with github access, you can view these docs in markdown format along with their history on github and you can also take a look at our new and growing wiki, feel free to add or update any pages there!

Search Filter updates

Miscellaneous

All Pull Requests

20.07

Notes

Add b-tree index to members guid column

Spotted that /api/member/details was often slow for Uplift, and it turns out that looking up by guid (twice!) can be quite expensive. After getting some great help on slack to apply the proper index, we saw a substantial improvement!

Big Pundit Clean-up

This release includes a large bundle of security changes. We’ve increased consistency in how authentication (who you are) and authorisation (what you are permitted to do) are handled, locked down a few open or semi open endpoints and improved login redirects. If you have identity integrations which access the API, you will need to configure (or reconfigure) API tokens for each of those integrations. Instructions for doing so are included in SECURITY.md. Integrations requiring API users include Speakout, CSL, ECC, Alexa, Freshdesk, GoCardless, Twilio, Paypal, Stripe, Razorpay, Nexmo, Plivo, Mailjet.

NOTE: While some endpoint security has been increased, none of the previously open endpoints permitted access to member data (as opposed to, for example, a list of action names). These changes are good housekeeping in terms of consistency and defaults (endpoints require a login or API token by default now), but they are not a response to any breach or vulnerability.

High-level points:

Remove support for unauthorized CSL packets via SQS

This is a breaking change for orgs which use the CSL -> AWS -> Identity path for CSL data!

Such orgs (believed to be just 38D & LeadNow) should ensure they have previously deployed the changes and followed the instructions in this PR: #2597

Assuming the above has been done, nothing else is required to deploy this change.

This change has no impact on orgs who do not use the CSL -> AWS -> Identity path.

Remove member unsubscribe holding pen

Removes the member_unsubscribe_holding_pen. This was something used when GDPR was coming in to effect and is not needed anymore. This includes a migration that will unsubscribe anyone who was subscribed and in the member_unsubscribe_holding_pen. If your org does not use this feature then do not worry.

Events, Contact Campaigns interfaces

Add views to list, show, and search through events, and contact campaigns Also refactor the navbar to show a drop down, instead of each individual menu item.

Typeform Integration

This adds a new gem identity-typeform, within the gems/ folder. In order to turn it on you must add a Typeform API key and enable the Typeform external service in the Settings file.

It loops through all forms on the associated Typeform account and sends details of the responses to RecordActionWorker for further processing. Because it uses the RecordActionWorker exclusively, it does not depend on any implementation details of Identity. The tests are focused on ensuring it passes the correct payload to RecordActionWorker.

API to bulk upsert members

The adds a new API route that will bulk upsert members and call back a provided URL on completion.

Delete associated facebook lookalike audiences

We can’t delete custom audiences if they were used to create lookalike audiences Eventually we’ll hit the audience limit again.

Now, if a custom audience matches our should be deleted criteria we will delete any lookalike audiences first, then delete the custom audience. So it will be successful

All Pull Requests

20.06

Notes

Core

Mailer

New Settings

New Features

Pull Requests

Core

Mailer

20.05

Notes

Core

New Features

Fixes

Maintenance & Infrastructure

Mailer

Fixes

Pull Requests

Core

Mailer

20.04

Notes

New Features

New Search Filters

New settings and defaults

Rate Limiting ControlShift

Action and Donation Rates

Pull Requests

New Features

Core

Mailer

Fixes

Core

Mailer

Maintenance & Infrastructure

Core

Mailer

20.03.3

Hotfix

20.03.2

Hotfix

20.03.1

Hotfix

20.03

Breaking changes

New settings and defaults

New features

#2197 Add support for mailing-specific reply-to by rob-as #2041 Add feedback when sending mailing samples by robbl-as #2157 Allow subadmins to view and list mailings by jkhulme #2162 Make UpdateAllMailingStatsWorker configurable by lowlandjuju #2155 Feature/updated unsubscribe controller by jkhulme

Add some more validation to SubscriptionsController#unsubscribe

check that emails have been submitted check that the user hasn’t submitted too many emails check that the emails are valid emails

#2125 Add composite indexes to member_mailings by jkhulme #2137 Send unsubscribe confirmation emails by jkhulme #2055 Allow redirection of a user after login by lowlandjuju #2140 Add UnsubscribeAttemptLog by jkhulme #2092 Auto Delete Facebook Audiences by jkhulme #2153 Add the 38 Degrees post_json_unsubscribe endpoint by jkhulme This was added before the api controller supported unsubscribes Long term we will switch over to that and this method can be removed This is used by some of our freshdesk integrations, for auto unsubscribing people.

#1999 Pull issue categories from csl & speakout by francesmcmullin In a nutshell, this is a set of changes designed to populate the issue_categories table and issues_issue_categories join table. Since we already had a bunch of things called categories set in CSL, I started off by pulling those. With that working, I was on a roll and added categories to speakout, and got identity to pull those too (also included here).

#2017 Feature/enhanced member data export by lowlandjuju Reason: Admins may want to request member data to be sent to them before/instead of being sent to the member directly. This PR includes a UI component allowing for the data to be sent to the member or the admin. #2097 Add a setting to not process petition author by jkhulme

Refactor / tech debt

#2193 Use RSpec JSON Expectations matchers for tests by ootoovak #2194 Implement the new email strategy in the settings for OPEN by gordan43dom #2180 Move amandla specific views files to the idlayout gem by gordan43dom #2205 Remove redundant subscriptions view by lowlandjuju #2192 Move RSpec Request specs into correct folder by ootoovak #2195 Remove Mailer::List by rob-as #2202 Update brakeman ignore file by jkhulme #2198 Feature/misc whitespace changes by jkhulme #2121 Feature/upgrade sidekiq 6 by jkhulme #2189 Replace binding with explicit variables by jkhulme #2158 Extract generation of email feedback headers by rob-as #2012 Set the synced_to_redshift flag in a few places by jkhulme #2168 Remove caching from mail backend strategy factories by robbl-as #2161 Convert modularization related mailer database columns to text by rob-as #2103 Retry send mail every 30 minutes by jkhulme #2156 Extract list member_count by rob-as #2124 Remove unique constraint from clicks and opens by jkhulme Checking that updated_at is unique across mailings is an odd thing to be doing.

It is not enforced at the database level, so duplicates can still end up in the database

#2154 Mailer: Extract guid generation by rob-as #2120 Use class reference when bulk pushing MailSenderWorker jobs to queue by rob-as #2112 Clean up some JS around pinned and permanent searches by jkhulme #2127 Optional parent_member_action_consent relation by jkhulme #2160 Tidy up duplicated mailing api specs by francesmcmullin #2149 Add a note to the install docs to help reduce memory usage. by vimto #2122 Change spec description by jkhulme #2138 Update text on some 38degrees templates by jkhulme #2115 Improve mailer mailing link specs by robbl-as

Fixes

#2203 Fix a possible XSS vulnerability in ActionView by ootoovak #2187 Fix date_joined merge tag by jkhulme #2093 Re-add the in_list merge tag by jkhulme #2102 Add default values for source and medium by jkhulme #2179 Fix signature of GhostUnengagedMembersWorker by tomm #2178 Install chrome in vagrant by jkhulme #2071 Mailings consistency by francesmcmullin #2167 Remove unused variable from spec by jkhulme #2070 Handle viewing mailings before lists are built by jkhulme #2147 Update mailer json gem by francesmcmullin #2141 Ignore order in pushing members to facebook spec by francesmcmullin #2148 Fix member data export for single email. by jkhulme #2098 Catch a no method error in Member#record_action by jkhulme #1956 Fix issue where white spaces screws up searches (second attempt) by gordan43dom #2123 Only pageinate if there are recurring mailings by jkhulme #2129 Ignore array order in sync spec by francesmcmullin #2132 Fix a minor typo in README by SandeepTuniki #2105 Improve spec reliability and tidy up by francesmcmullin

20.02

This is the second stable release with the modularised mailer code. With that, there are some legacy settings being deprecated in this relase so please read the “Breaking Changes” section carefully.

Themes
Ruby Version Upgrade

Ruby version has been bumped to 2.6

Breaking Changes

Area Memberships Data Fix

A fix has been put in place for bug which meant updating a members address back to an old/existing address would not trigger an update of AreaMemberships. #2033 It is suspected that the bug would only impact a small proportion of people. If it’s important for an org to have up-to-date area_membership records for everyone immediately, then it is suggested that running a job to update all area_memberships would solve this legacy data issue. At the moment there is not an existing rake task for this.

New settings

New features

#2101 Batch push Mailer::MailSenderWorker onto mailer queue by francesmcmullin #2050 Add the opt-in search to 38d org specific searches by jkhulme #2056 Push sidekiq jobs onto queue in bulk by jamesr2323 #1919 Add member action to regular donations by francesmcmullin #2042 Codemirror formatting by francesmcmullin #1998 AWS S3 CSV upload security by ootoovak #2015 Copy external_slug when cloning mailing by jkhulme #2009 Mailing search filters check sub-mailings by jkhulme #2014 Remove useless assign in sendrid_api by jkhulme #2010 Add an endpoint for getting campaign details by jkhulme #2013 Only do search test run if the rules have changed by jkhulme #2023 Add geographic targetting searches for Jhatkaa by SandeepTuniki #2011 Audit the member import process by jkhulme #2020 Extend member actions feed to include CSL URLs by SandeepTuniki #1958 Scripts and configuration for Heroku Review Apps and Continuous Deployment by ootoovak #1957 Change name of the Event start time field from CSL to start_at (old name was start)-o by gordan43dom #1920 Upsert member action source data by francesmcmullin #1923 Add Razorpay to receive recurring donations for Jhatkaa by SandeepTuniki #1940 Add searches filters for phone circles by SandeepTuniki #1859 Feature/phone circles and do not disturb by PraneethaML #1917 Restrict tracking params to apps on the same domain by francesmcmullin

Refactor/ Tech Debt

#1977 Ghosting refactor by jkhulme #2049 Vagrant - Auto cd into correct directory by jkhulme #2019 Style fixes for request auth specs by jkhulme #2002 Add not null constraint to amounts on donations by jkhulme #2018 Update request/members_spec.rb by jkhulme #2003 Convert deletes done via GET to use DELETE by jamesr2323 #2021 Fix data format inconsistency between vendors by SandeepTuniki #2004 Remove unneeded CSV download links that no longer work post-mod by jamesr2323 #2006 Replace cache_method with Rails.cache by hiemanshu #2000 Use correct action types when identifying actions as donations by francesmcmullin #1991 Switch from find to find_by in api subscriptions controller by jkhulme #1970 Misc Crump changes by jkhulme #1980 Release candidate changes back into master by jamesr2323 #1961 Simplify deployment process and instructions for SSL by jamesr2323 #1932 A potential Redirect security vulnerability flagged by Brakeman by ootoovak #1944 Rollback modularised database by jkhulme #1897 Refactor feature/phone circles by PraneethaML #1945 DOCS: Pre Release/Pre Upgrade Checklist Draft 1 by hiemanshu #2024 Update upgrade guide for multi schema db setup by francesmcmullin #2028 Upgrade to Ruby 2.6 by ootoovak

Fixes

#2107 Fix schema extensions issue by SandeepTuniki #2087 Adjust API spec to not assume response order by francesmcmullin #2036 Avoid warnings in CanonicalAddress by asibs #2034 Fix some test warnings by asibs #2033 Fix bug in member#upsert_areas by asibs #2037 Fix CircleCI Postgres install by jamesr2323 #1987 Fix: Phone number validation silently fails by hiemanshu #2001 Fix issue with escaping strings in Member#vocative_or_first_name by tomm #2007 Remove another lock from core mailing model by jkhulme #1997 Add setting for ignoring stripe one off donation webhooks and avoid duplicates by francesmcmullin #1976 Feature/more permissions by jkhulme #1990 Make cleanser strip all whitespace not just spaces by jkhulme #1968 Catch 404 errors by jkhulme #1985 Fix: Upload Member Actions using the wrong path variable by hiemanshu #1969 Cast request params to strings by jkhulme #1979 Fix failing Rubocop errors on master by SandeepTuniki

Mailer work

#2044 Add mailing preparation feedback layer by rob-as #1727 Improved preview mail syntax error handling by rob-as #2047 fixing things so mailings delete all their children properly and the … by weatherpixie #2046 Configure action mailer smtp by robbl-as #2008 mailing ui improvements by jkhulme #2045 Proper namespacing within mailer by robbl-as #2040 Improve idlayout integration within mailer by robbl-as

20.01

This is the first stable release with the modularised mailer code. So pay careful attention to the upgrade instructions. Additionally, because this is the first release for a while, there are quite a lot of changes. Only changes that are significant and/or create breaking changes will be listed in full.

Ruby has been bumped to 2.4.9 in this release #1741

Breaking changes

New settings

New features

Additional features: #1908 SandeepTuniki, #1573 SandeepTuniki, #1462 marcinkoziej, #1346 tomm, #1352 JoelESvensson, #1311 jkhulme, #1216 denny, #1264 denny, #1126 denny, #1924 SandeepTuniki

Fixes

Additional small fixes: #1918 davecocoa, #1921 davecocoa, #1916 davecocoa, #1898 SandeepTuniki, #1888 ootoovak, #1853 ootoovak, #1884 hiemanshu, #1848 jamesr2323, #1614 jkhulme, #1672 davecocoa, #1778 davecocoa, #1777 davecocoa, #1719 jamesr2323, #1652 jamesr2323, #1674 davecocoa, #1657 rob-as, #1545 benmort, #1511 nirentuladhar, #1278 jkhulme, #1625 jkhulme, #1624 jkhulme, #1612 jkhulme, #1157 jkhulme, #1351 jkhulme, #1450 benmort, #1467 denny, #1458 jamesr2323, #1434 jamesr2323, #1411 tomm, #1341 michaelsnook, #1274 tomm, #1299 denny, #1232 tomm, #1301 tomm, #1303 michaelsnook, #1214 jamesr2323, #1189 cindysx89, #1127 tomm, #1265 jkhulme, #1215 denny, #1248 denny, #1206 denny, #1182 denny

Mailer work

The modularised mailer has been a major project, involving all of these PRs:

#1517 hiemanshu, #1936 jamesr2323, #1903 jamesr2323, #1933 davecocoa, #1944 jkhulme, #1852 jamesr2323, #1904 davecocoa, #1887 davecocoa, #1846 jamesr2323, #1865 hiemanshu, #1889 hiemanshu, #1890 hiemanshu, #1891 hiemanshu, #1893 rob-as, #1870 davecocoa, #1873 davecocoa, #1858 jkhulme, #1869 davecocoa, #1800 davecocoa, #1877 davecocoa, #1728 robbl-as, #1864 hiemanshu, #1842 davecocoa, #1817 jamesr2323, #1834 robbl-as, #1835 jkhulme, #1826 robbl-as, #1808 davecocoa, #1742 rob-as, #1673 davecocoa, #1716 jkhulme, #1706 jkhulme, #1726 rob-as, #1744 rob-as, #1536 robbl-as, #1507 Also copy external_slug in mailing clones by JoelESvensson, #1345 hiemanshu, #1533 hiemanshu, #1485 robbl-as, #1503 robbl-as, #1461 robbl-as, #1460 robbl-as, #1375 jamesr2323, #1368 hiemanshu, #1260 davecocoa, #1259 davecocoa, #1245 hiemanshu, #1098 robbl-as, #1084 robbl-as, #1087 robbl-as, #1086 robbl-as, #1085 robbl-as, #1083 robbl-as, #1079 robbl-as, #1015 hiemanshu, #1010 hiemanshu, #890 vimto, #879 hiemanshu, #880 hiemanshu, #849 hiemanshu, #836 hiemanshu, #1960 davecocoa

Rubocop

Rubocop has been upgraded and many more cops enabled, as part of these PRs:

#1828 robbl-as, #1930 jkhulme, #1825 robbl-as, #1824 robbl-as, #1823 robbl-as, #1822 robbl-as

19.03.2 Security release

This fixes a serious security flaw which left API routes open to unauthenticated access. More details here:

This also bumps the nokogiri gem version to address https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-459107

19.03.1 Security release

This is a security patch release.

It includes the following security fixes:

It also includes the following important fix to URL parsing by the link redirector:

19.03

This release includes an extremely important security update to the Rails version - please upgrade as soon as possible!

This release introduces some new database migrations. Make sure to run them.

Features

Fixes

Other Changes

19.02

This release introduces some new database migrations. Make sure to run them.

Setup

Features

Fixes

Changes

19.01.1

Fixes

19.01

Breaking Changes

Set Up

New settings added:

Features

Fixes

Changes

18.12.1

This release contains some important bug fixes. See the pull requests for more details on each fix.

18.12

Breaking Changes

Set up These new settings have been added, they may enable or disable features you’re interested in:

Features

Fixes

18.11

Breaking Changes

Set up

Features

Fixes

18.10

Features:

Fixes:

18.09

This is the first release with the new Ubuntu-style version-numbering.

Potential breaking changes in this release:

More details below the change list.

Features:

Changes:

Fixes:

More detailed release notes, copied from PRs:

This release includes contains a migration to add unique index on membersubscriptions[:member_id, :subscription_id]. Orgs should check and fix any data that violates this beforehand. This query should help identify duplicates: select member_id, subscription_id, count() from membersubscriptions group by member_id, subscription_id having count() > 1.

This release includes a change where members signing CSL petitions are looked up by an external CSL member_id (rather than just email) when being upserted. This allows us to retain a link between members in the two systems when a member email is updated. However the PR also fixes a bug where an incorrect value was being used for this CSL member_id in the Identity member_external_ids table. (mistakenly using CSL user_id). So all orgs syncing with CSL will need to delete existing controlshift member_external_ids to avoid syncing CSL data for the wrong members. There is a rake task included with the PR to do this, which can be run with the command be rake delete_csl_member_external_ids.

0.15.0

Features:

Changes:

Fixes:

0.14.0

Features:

Changes:

Fixes:

0.13.1

Fixes:

0.13.0

Features:

Changes:

Fixes:

0.12.0

Some notable changes to be aware of with this release:

Fix un-scoped dataset lookups (#548)

This bug may have lead to incorrect Dataset values being merged into Mailings. Here is a more detailed write-up of the issue and possible impact.

Prevent race conditions leading duplication Actions (#565)

This fix adds a new unique index to the Actions table, which may not be possible if this table already contains duplicate data. The PR includes rake tasks to check and patch any duplicate Actions before running the migration.

Fix corrupt migration filenames (#560, #561)

A recent migration was created using a badly formatted timestamp. This caused subsequent migrations to be generated by Rails using incrementing numbers rather than timestamps, leading to migration conflicts. The PRs fix the issue by renaming the migration filenames and updating the schema_migrations table in a migration itself. The change has been tested and should work fine, just one to keep an eye on.

Features:

Changes:

Fixes:

0.11.0

Some potentially breaking changes to be aware of with this release:

Add database foreign keys (#291, #471, #500, #508)

This is a big change that should be approached with healthy caution. It will bring major improvements to data-integrity so is well worth the effort. There is a separate doc with guidance on running the migrations..

Add a Heroku release phase command (#494)

If you are deploying to Heroku, migrations will now be run automatically. More information on finer-grained controlled and troubleshooting can be found in the Heroku Release Phase documentation.

Overwrite conditional lists if they are created with the same name (#450)

A minor change in behaviour that shouldn’t cause any issues, but worth being aware of.

Track code coverage during CI (#475, #501)

Now that we’re tracking test coverage as part of CI, any PRs that lower the overall coverage level will fail GitHub checks.

Features:

Changes:

Fixes:

0.10.0

Features:

Changes:

Fixes:

0.9.1

Fixes:

0.9.0

Changes:

Fixes:

0.8.0

Changes:

Fixes:

0.7.0

Features:

Changes:

0.6.0

0.5.0

Features:

Changes:

Fixes:

0.4.0

Features:

Changes:

Fixes:

0.3.0

Features:

Changes:

Fixes:

0.2.1

Features:

Changes:

Fixes:

0.2.0

Features:

Changes:

Fixes:

0.1.3

Features:

Fixes:

0.1.2

Features:

Changes:

Fixes:

0.1.1

Fixes:

0.1.0

Initial Release