v0.4.2

This release focused on tying up what loose ends could be within reason in preparation for the freeze release. Following this release, only dependency updates within reason will be managed. There may be additional feature releases on this edition, but nothing is promised.

POTENTIALLY BREAKING CHANGE - This release upgrades to SQLAlchemy 1.4.x which removes support for the use of postgres:// on database connection URI strings. You must switch to the supported format of postgresql:// to avoid a failure of the connection.

What's Changed

• Updated the OAuth service providers to properly respect the new OAuth auto-configuration settings for each provider. by @AzorianMatt in #1527
• Corrected issue with SERVER_EXTERNAL_SSL setting not being extracted from the app's environment. by @AzorianMatt in #1529
• Fixed issue with all unassigned zones being selected after a new account's name fails to validate by @AzorianMatt in #1530
• Allow all application settings to be configured by environment variables by @AzorianMatt in #1535
• Fix record comment removal by @corubba in #1537
• Automatically focus username field in login view by @roelschroeven in #1549
• Indicate Unsaved Changes by @AgentTNT in #1595
• Remove Misc Code by @AgentTNT in #1597
• Fix non rr_set events in Zone Changelog display by @AgentTNT in #1598
• Update static fonts to use relative paths instead of static by @AzorianMatt in #1703
• Fixes local user setup to perform case-insensitive verification of existing usernames / emails in #1658
• Update index router to replace the use of the deprecated before_app_first_request event with record_once by @AzorianMatt in #1705
• Updated zone type comparison logic in domain router to be case-insensitive by @AzorianMatt in #1706
• Fix zone name encoding for UI XHR requests as well as requests to the PDNS API by @AzorianMatt in #1707
• Added LDAP search filter cleansing mechanism to properly escape special characters by @AzorianMatt in #1726
• Merge zone editor record action controls into single column by @feldsam in #1642
• Fixing new LDAP search filter cleansing mechanism to only target user DN value returned on AD connections by @AzorianMatt in #1727
• Added support for application to run in sub-paths while not breaking the Docker health check by @AzorianMatt in #1728
• Bump mysqlclient from 2.0.1 to 2.2.1 by @dependabot in #1729
• Bump bcrypt from 4.0.1 to 4.1.2 by @dependabot in #1730
• Bump pytest from 7.2.1 to 7.4.4 by @dependabot in #1733
• Bump sqlalchemy from 1.3.24 to 1.4.51 by @dependabot in #1734
• Bump jinja2 from 3.1.2 to 3.1.3 by @dependabot in #1735
• Updated Pip Dependencies (Jinaj2, certifi, cryptography, requests, werkzeug) by @AzorianMatt in #1740
• Bump crypto-js from 4.1.1 to 4.2.0 by @dependabot in #1738
• Updated NPM dependencies (cryto-js) by @AzorianMatt in #1742

New Contributors

• @roelschroeven made their first contribution in #1549

Full Changelog: v0.4.1...v0.4.2

v0.4.1

This release primarily addresses new issues that were brought about with the 0.4.0 release last month such as issues with session expiration and OAuth functionality. Additionally, this release provides some enhancements to existing features such as the authentication settings editor.

Hopefully, this release will provide some stability to the recent OAuth issues that have been popping up since the release of 0.4.0. I have updated the OAuth providers to make exclusive use of either the metadata URL setting OR the token and authorize URL settings. The UI has been updated in such a way that this change becomes much more obvious. I have personally tested the GitHub and Azure OAuth implementations for basic authentication (not including the additional provider specific features) and can assure that it is functioning with the most basic use cases. It was also discovered that logout was failing for the Azure (and possibly OIDC) providers as the session tokens were not being properly cleared. This would result in an instant re-authentication after logging out due to the tokens still be present in the session.

In general, the authentication settings editor should be a much more enjoyable experience as I pulled out all of the existing client-side code that was a mess and implemented the KnockoutJS and jQuery Validation libraries to improve the UI and UX here. The tabs now provide proper deep-linking so browser history / navigation works very well when changing from tab to tab. One can also reload the page without starting back at the first tab every time. Furthermore, data is both loaded and saved with XHR calls instead of full page loads. This change facilitate the ability to switch to a single save button for all tabs of the editor as opposed to the independent forms that were previously present.

What's Changed

• Feature: Add OAuth Setting for Server Metadata URL by @AzorianMatt in #1436
• Added custom header to be used in the created_by column. by @benshalev849 in #1440
• Make the OTP label the same as the site_name #1237 by @subbink in #1444
• Upgrade lxml & python3-saml dependencies with workaround by @nkukard in #1451
• Fix user confirmed column migration issue by @nkukard in #1452
• Basic Auth Exception Handling Improvement by @nkukard in #1453
• PostgreSQL Support Improvement by @subbink in #1434
• Finish Updating Zone Nomenclature From Domain by @subbink in #1441
• Basic Auth Exception Handling Improvement Update by @nkukard in #1454
• Implement password strength & complexity checking by @nkukard in #1457
• Fix LDAP user group search for nested groups by @melck in #1238
• Fix manual session clearing that triggered session expiration bug by @nkukard in #1461
• Fix LDAP group restrictions by allowing the use of any combination of groups. by @nkukard in #1463
• Improve exception handling for invalid UTF-8 encoded X-API-KEY header by @nkukard in #1479
• Fix activity search invalid form markup causing submission failures by @raunz in #1481
• OAuth Settings Updates by @AzorianMatt in #1500
• Fix Zone Type can not be changed from "native" when adding or modifying zones by @subbink in #1502
• Feature Update: OAuth Settings Management / Dual-Schema Support by @AzorianMatt in #1515
• Show the current zone type and soa-edit-api settings on the zone settings page by @subbink in #1504
• Feature Update: Allow more than 100 rows in the zone list view. by @JanKoppe in #1491
• Zone rrset changelog display improvement by @raunz in #1507
• Added support for building ARM64 based Docker images. by @AzorianMatt in #1520
• Updated default value of SERVER_EXTERNAL_SSL environment setting by @AzorianMatt in #1522

New Contributors

• @subbink made their first contribution in #1444
• @nkukard made their first contribution in #1451
• @melck made their first contribution in #1238
• @JanKoppe made their first contribution in #1491

Full Changelog: v0.4.0...v0.4.1

As always, thank you all for being loyal users and contributors of the PDA project! Hopefully it won't be too long until the 0.4.2 release is out!

v0.4.0

First off, thank you all for sticking with the project this long through it's rough patches! As the project has went through a change of ownership last year, there have been many areas that have suffered but it is my goal to turn those problems around and get the project back on a healthy and productive path into the future.

With that being said, there is many areas that still need improvement including the quality of contributions and information tracking. For this reason, this release will not provide the most accurate documentation to all of the changes included in the release, but I will do my best to highlight the most notable that I'm aware of.

Enhancements

• The user interface has been updated to the latest AdminLTE release of 3.2.0.
• The Font Awesome library has been upgraded to the latest 6.3.0 release which overrides the 5.15.4 dependency built in to AdminLTE 3.2.0.
• The user interface has been updated to better support multiple screen sizes included smartphones and tablets. While this is still a work in progress, you will find that most views now work quite well in various screen formats.
• The nomenclature for DNS zones have been updated to utilize the appropriate terminology of "zone" instead of "domain" where the latter is slang. This is a work in progress so there may still be some places that use the old "domain" terminology.
• The nomenclature for history / action auditing has been updated to use "activity" instead of "history." This is a work in progress so not all references may have been updated yet.
• The authentication settings management views have been updated to be more uniform with some amount of field documentation included. This is also still a work in progress as some views still lack useful documentation.
• Performance improvements have been made to the zone record list view so that large data sets don't suffer as much from use of poor coding techniques.
• The statistics and recent activity blocks have been removed from the dashboard to provide greater performance enhancements. It was determined that these features weren't truly useful in practice which was the ultimate driver for their removal.
• API activity auditing has been updated to provide per-record change log entries.
• The user interface has been updated to use the SITE_NAME setting in more appropriate places as opposed to the static text of "PowerDNS Admin."
• Various user interface features were updated to correct minor formatting issues such as a lack of proper text wrapping for the activity details modal.
• Various areas of documentation were updated to be more reliable as well as including some missing information. This is still a work in progress.
• The project WIKI was moved into standard markdown documentation files under docs/wiki as opposed to using the GitHub WIKI feature which will make it easier for contributors to provide updates via PRs.

Features

• A CAPTCHA feature has been added to the registration form which can be controlled through the use of environment variables and application settings. This feature is now enabled by default.
• A session storage setting has been added through the use of environment variables and supports multiple mediums such as database and file system. The default is configured to use the database which will result in the "sessions" table being automatically created!
• A configuration setting has been added for controlling the OIDC OAuth Metadata URL for authentication.
• A search function was added for IDN searches.

Bug Fixes

• The auto-PTR record logic has been updated to remove, then add records in order to address scenarios that would create undesirable record changes that didn't fit logical expectations.
• Fixed issue where OTP_FORCE setting was being applied to OAuth flows which was not appropriate.
• Many other minor bug fixes were made but there is currently a lot of lacking documentation available to make documenting these fixes here a bit easier.

Security Fixes

• Most dependencies have been updated to their latest or near-latest versions.

As the project gets back on track, so will it's organization which should result in more frequent minor and patch releases with greater detail in release notes. Thank you again for being a PDA user!

v0.3.0

Upgrade path

• This release includes upgrades of some Javascript libraries. In order to upgrade your installation, you need to run the following commands:
  • Install rjsmin from the requirement file into your virtualenv: pip install rjsmin
  • Upgrade yarn packages: yarn install --pure-lockfile
  • Rebuild Flask assets: export FLASK_CONF=../configs/production.py; export FLASK_APP=powerdnsadmin/__init__.py; flask assets build
• You have to upgrade your database to update your history (#1199): export FLASK_CONF=../configs/production.py; export FLASK_APP=powerdnsadmin/__init__.py; flask db upgrade

Restarting the web server should not be necessary

Features

• Added an option to forbid the creation of domain if it exists as a record (#1127)
• SAML provisioning can now set Operators from a group (#1205)
• Added an option to allow underscores, hyphens and dots in account names. Please pay attention if you enable this feature as it can break your setup if you use autoprovisionning (#1047)

Enhancements

• PDA API now has /api endpoint to improve compatibility with LEGO clients (#1206)
• API now allows record type according to enabled record types from settings (#1089)
• API now only allows record TTL according to configured TTL in the settings (can be disabled) (#1089)
• PDA now caches account id when updating the domains (from the dashboard), which enhance performance when managing a lot of domains (#1218)
• Code has been updated to improve api calls to the backend when editing domains from the UI (#1201)
• You can now directly create domains with their full fqdn (with the termination dot) (#1227)

Bug Fixes

• Saml issues behind a reverse SSL Proxy / Improved documentation and defaults (#1203)
• Replaced idna library to fix translation issues (#1163)
• Fixed parsing of X-Forwarded-For headers with DynDNS2 (#1214)
• Replaced "rrests" occurences with "rrsets" (#1199)

Security Fixes

• Updated Javascript libraries (#1213)
• Updated cookies configuration to make them more secure (#1211)

Notes

We would like to thank active contributors for their precious help to improve PowerDNS Admin

v0.2.5

Important note

It has not been followed in the past, but this release clearly drops support for Python < 3.6. Python 2 is EOL since January 2020, and recent distributions (Debian 10/Ubuntu 19) are packaged with Python > 3.7. We encourage you to update your servers/virtualenvs to a modern version.

Features

• OTP can be enforced by a setting (#1051)
• History has been refactored (#1042)
• API Keys can now be associated with accounts, as domains can (#1044)
• API now has a /health endpoint (authenticated) to check the backend's health (at least one domain must exist in the backend) (#1172)

Enhancements

• Use secrets module for generating new API keys and passwords (#1035)
• Oidc Autoprovisioning now allows binding of a user to multiple accounts (#994)
• Replaced Datepicker (#1059)
• The "Admin" button has been added to domain edition page (#1076)
• Unauthentified Dyndns requests are now answered with www-authenticate headers
• Enabling DNSSEC on a domain is now recorded in the history (#1123)
• API's /ping endpoint is not protected by authentication anymore (#1174)
• Improved k8s deployment support (#1216, #1217, #286)

Bug Fixes

• Sort accounts in Domain creation page (#1049)
• Login page is reloaded in background before CSRF token expires to prevent 403 error after a successfull but late login (#1124)
• Domain deletion from API crash (#1101)
• LDAP login in history are now correctly displayed (#1122)
• Active Directory group resolution now uses native AD nested group resolution that prevents infinite loops (#1118)
• HTML entities are now correctly handled in domain edition page (#1159)
• Application/Json content type is now set on all outgoing API calls to enable the use of another PDA instance as a backend (#1154)
• Account deletion via API now dissociates domains to allow the account to be deleted (#1134)

Security Fixes

• Render domain data table fields only as text (#1158)
• Replace pyOpenSSL with cryptography (#1188)

Documentation

The documentation has been slightly improved in distinct PR and the ones mentioned in this release notes. Further work is planned in summer to add details and more complete examples.

PowerDNS-Admin v0.2.4

In this release:

• bug fixes #916 #936
• Security fix #970
• Allow user role to view history #890
• Allow users to remove domains #952
• Templating improvements with [ZONE] placeholder #960
• API improvements #858 #868 #878 #950 #996
• Setting to disable OTP field #942
• Custom css support #944
• Background jobs for docker #940
• Changes to bg_domain_update #962 #993
• Overriding setting from database using environment variables #1030

PowerDNS-Admin v0.2.3

In this release:

• Bug fixes #752, #814
• Dockerfile update #815, #818
• Python libraries updated #823 , #824
• Implement account update method #801
• Link API key to account/user #803
• Add API key stuff UI #804

PowerDNS-Admin v0.2.2

In this release:

• User email validation #622
• Verify secured PDNS API address #644
• Offline mode #700
• Authentication improvements
• Docker stuff adjustment
• Bug fixes

PowerDNS-Admin v0.2.1

• Fix domain creation from a template with SOA enabled #613
• Fix enabling DNSSEC #614
• Update domain serial column datatype #529
• Improve SAML (certificate and attributes) #617
• Update Dockerifle #621

PowerDNS-Admin v0.2

In this release:

• Code refactoring #586
• Add record comment feature #598
• Add global search feature #599
• Add session timeout warning feature #610
• Add Azure OAuth support #591
• Adjustment in the domain's record applying #604
• Adjustment in History feature
• Adjustment in Dockerfile #607
• Drop PDNS 3.x support #604
• Drop avatar uploading feature
• SAML fixes and enhancement #605 #612
• Bug fixes