3.21.4 (2026-06-03)
- Bump cryptography from 46.0.6 to 46.0.7 (6c533ad)
- Bump idna from 3.11 to 3.15 (d2b7965)
- Bump urllib3 from 2.6.3 to 2.7.0 (0c55033)
3.21.3 (2026-05-25)
- audit_log: Exclude last_api_use from audit logging (07065f2)
3.21.2 (2026-05-19)
- Bump authlib from 1.6.11 to 1.6.12 (3344516)
3.21.1 (2026-05-11)
- Bump django from 5.2.13 to 5.2.14 (d9c8ccb)
3.21.0 (2026-05-08)
3.20.1 (2026-04-22)
- Bump authlib from 1.6.9 to 1.6.11 (0637b4c)
3.20.0 (2026-04-14)
- Add password login allowlist (3775ebf)
- Bump django from 5.2.12 to 5.2.13 (4cce168)
- Bump pillow from 12.1.1 to 12.2.0 (6f0daaf)
- Bump pytest from 8.4.2 to 9.0.3 (70fd315)
3.19.0 (2026-04-08)
- Use django-helsinki-health-endpoints for readiness and healthz (f65e659)
- Bump ecdsa from 0.19.1 to 0.19.2 (e56dcd0)
- Bump lodash from 4.17.23 to 4.18.1 in /browser-tests (d542d7b)
- Bump requests from 2.32.5 to 2.33.0 (8d9e4c3)
- Bump testcafe and its vulnerable dependencies (56f6741)
- Bump urllib3, cryptography and pygments (1713a77)
3.18.2 (2026-03-18)
3.18.1 (2026-03-17)
- Bump authlib from 1.6.7 to 1.6.9 (c7fc514)
3.18.0 (2026-03-17)
- Disable django admin password login (72582e6)
- Move ipython to main requirements for better production console (3a370f9)
3.17.6 (2026-03-05)
3.17.5 (2026-02-18)
- Bump sqlparse from 0.5.3 to 0.5.4 (dcceb2b)
3.17.4 (2026-02-12)
- Bump pillow from 12.0.0 to 12.1.1 (63c2414)
3.17.3 (2026-02-04)
- Bump django from 5.2.9 to 5.2.11 (765c2c3)
3.17.2 (2026-01-27)
3.17.1 (2026-01-12)
- Send manual emails only to active users (4ba2cf6)
3.17.0 (2025-11-26)
- Allow Sentry uWSGI-plugin to be optional (0d94fc6)
- sentry: Update sentry configuration (016a04a)
- Use separate AUDIT_LOG_ENV variable (8e2e283)
3.16.1 (2025-11-12)
- Bump django from 5.2.7 to 5.2.8 (1861caf)
3.16.0 (2025-11-05)
- Add resilient_logger for audit log transport (#522) (8bafb61)
- Enable json logging for uwsgi (#521) (9612a4b)
- Transition to structured (json) logging (#508) (2037da4)
3.15.3 (2025-10-22)
- Make admin descriptions django 5.2 compatible (4b9a0f7)
- Adjust README about ruff (5439eb5)
3.15.2 (2025-10-15)
- Switch to psycopg-c (d380aac)
- Use pre-commit ruff (dcb31ac)
3.15.1 (2025-10-13)
3.15.0 (2025-10-03)
- Use DATABASE_PASSWORD if present in env (fe6daa0)
3.14.2 (2025-09-23)
- Bump authlib from 1.5.1 to 1.6.4 (0e0c419)
3.14.1 (2025-09-10)
- Bump django from 4.2.22 to 4.2.24 (4dbb3a3)
3.14.0 (2025-08-05)
- Explicitly define Azure URL expiration time (fc9ea43)
- Prevent SAS token exposure in client URLs (89d2927)
- Simplify Azure storage settings (00d3720)
- Update Azure storage settings (0a74401)
3.13.0 (2025-06-09)
- Reject unenrolments if less than 48h to the event occurrence (f196eba)
- Remove is_obsolete field from user model (9f8e77d)
- Send notification only to active and non-oboleted users (3bb8df6)
- Bump django from 4.2.21 to 4.2.22 (f7f87c5)
3.12.4 (2025-05-14)
- settings: Add missing verification and subscription token settings (c46ab2e)
- Bump django from 4.2.20 to 4.2.21 (e58192e)
3.12.3 (2025-03-10)
- Logout by upgrading deps to latest, incl. django-helusers v0.13.3 (cf4cd41)
3.12.2 (2025-03-07)
- Disable browser tests by default in .env.example (3e7ef79)
- security: Update dependencies to latest (69e42ba)
3.12.1 (2025-03-05)
- keycloak: Use helusers.defaults.SOCIAL_AUTH_PIPELINE (53dde11)
- security: Upgrade all dependencies, incl. python-jose v3.3 → v3.4 (6effbf6)
- sonarcloud: Dockerfile docker:S6504 security hotspots (b7d1645)
- sonarcloud: Don't hardcode debug mode SECRET_KEY, update README (1431d6b)
- sonarcloud: Generate PEM key pair in tests instead of hardcoding it (bb127eb)
- sonarcloud: Ignore ul-wrapping of li with //NOSONAR, django does it (82b09d2)
- sonarcloud: Move DATABASE_URL default to .env.example (0461678)
- sonarcloud: Only allow safe methods for readiness endpoint (085336c)
- sonarcloud: Use faker's random_element, not random.choice (c4f7f0a)
- sonarcloud: Use None for verification_token_user_full_name w/o user (35932bd)
- sonarcloud: Use tempfile for creating MAILER_LOCK_PATH default (2b4e89f)
- sonarcloud: Use zoneinfo.ZoneInfo instead of pytz.timezone (d2937b8)
- Add mention to set secret from the keyvault (e8f3537)
3.12.0 (2025-02-17)
- Enable Helsinki city employees' django-admin Keycloak login (e83b768)
- Django-admin logout by not importing helusers SOCIAL_AUTH_PIPELINE (2d14cbe)
- Updating requirements by moving non-PyPI packages to own .txt file (afb0d4f)
- Bump cryptography from 44.0.0 to 44.0.1 (6ee4a51)
3.11.0 (2025-02-06)
- Add view families permission, restrict child/guardian info with it (e89195b)
- auditlog-extra: Add request path to additional data in LogEntry (59c3d46)
- auditlog-extra: Admin mixin (8f4e56a)
- auditlog-extra: Configuration helper (00165e6)
- auditlog-extra: Decorator (e7b9257)
- auditlog-extra: Middleware (0e63451)
- auditlog: Installed django-auditlog (e0f2f04)
- auditlog: Write access log of restricted graphene nodes (9ba8fad)
- auditlog: Write access logs of restricted admin models (e4fa72d)
- csp: Install and configure django-csp (8c6bb7d)
- devops: Liveness probe to test the database connection (1dcc0ff)
- devops: Readiness probe to give build and release info (f8db348)
- sentry: Ignore authentication expired errors in Sentry (f232111)
- "The USE_L10N setting is deprecated" deprecation warning (9f0abc1)
- /graphql/ GraphiQL interface by changing CSP rules (0a01103)
- Add validation to AssignTicketSystemPasswordMutation (b0aa5e2)
- auditlog-extra: Admin mixin should use get_changelist_instance (7d71f4c)
- auditlog-extra: Duplicated log creation prevention in admin mixin (a427992)
- auditlog-extra: Explicitly define app_label for DummyTestModel (551eb46)
- auditlog: Exclude mailer models from auditlog (3f06c0b)
- config: Admin ui url (f5e0d24)
- csp: Circular import in settings (38ff1b5)
- csp: Spectacular redoc view (f6ee5b6)
- DEFAULT_FILE_STORAGE deprecation warning by using STORAGES instead (808d500)
- Docker-compose.env.example & README.md to work out of the box (444bd2f)
- Docker-compose.env.yaml* → docker-compose.env*, it's not YAML (9167b06)
- docker: Docker compose should use expose 8000 port for prod target (ee8dfae)
- Graphene-django warning that DjangoObjectType needs fields/exclude (8be20af)
- Remove ChildNode deprecation warnings and document fields' behavior (00846ec)
- Report event serializer type hint warning (ebf0b8a)
- Sentry_sdk deprecation warning by using current scope (ebc5d65)
- Update projects to db using migrations and management commands (1ff44a0)
- Bump django from 4.2.17 to 4.2.18 (2fa1cfb)
- "the Tunnistamo" → Tunnistamo, no need for the definite article (f6b08d4)
- Add kukkuu api link (c745b14)
- Add Node.js to requirements because of pre-commit hook's doctoc (3f3acc7)
- Architecture and environments (4a8002e)
- auditlog-extra: Add a note to test schema (cfcc44b)
- auditlog-extra: Add toc, refactor the api section, improve (a5f4c81)
- auditlog-extra: Audit logging principles (0398b3a)
- auditlog-extra: Readme and FAQ (4804965)
- auditlog: Add audit logging to the project readme (fefcfb5)
- Browser testing jwt (bade39f)
- Clarify "Keeping Python requirements up to date" with Docker (81001c0)
- Clarify adding coupon codes for external ticket system events (465338b)
- Clarify how to create a superuser in backend (411fc0e)
- Clarify Keycloak/Tunnistamo use in GDPR/README.md (cbc890c)
- Clarify pre-commit hook section (764e122)
- Correct the facts in readme (caf2fbc)
- Fix GDPR API export ER diagram relationships/cardinalities (1ae9306)
- Fix JWT & Tunnistamo related texts & wordwrap them (07568ee)
- Miscellaneous cleanup / clarifications to READMEs (5fed8be)
- Move "Daily running, Debugging" under "Development without Docker" (2109286)
- Move & expand requirements (bb9163b)
- Notification import source (2c2e677)
- Refactor the content order (c0eefa2)
- Releases, deployments and release-please (ca8e46a)
- Remove redundancy from code linting & formatting section (4645bc5)
- Remove unnecessary link wrappings, fix release-please action link (64d52a5)
- Ticketing systems (cc4c014)
- Update headings and table of contents (23b75fc)
3.10.0 (2024-11-25)
- Add hasAnyFreePasswords to ExternalEventTicketSystem (915e85a)
3.9.0 (2024-10-31)
- Add canSendToAllInProject permission to myAdminProfile query (462f72c)
- Add ticket validity to enrolment admin (623d553)
- Add Ukrainian language to LANGUAGE_CHOICES (1806127)
- Admin view for enrolments (7df154f)
- Attendance information given in ticket verification (8cf9bb1)
- auth: Authentication with graphene_jwt instead of custom implementation (815cb27)
- Autocomplete feature to ticket system admin event field (ff7e4e9)
- Enrolment reference id is viewable from the enrolment admin (616dca1)
- Event report API with event group and venue view sets as helpers (b438915)
- Project message permissions for sending to all (d15578b)
- Tixly ticket system (2e0c9eb)
- Update ticket attended status (b9eefcb)
- admin: Performance and UX issue in messaging admin (4acdc93)
- Browser test resources creation for pytests (3de8cbb)
- Get_translations_dict utility's database usage (81e87d6)
- Upgrade django-ilmoitin to fix migration issues (3c43107)
3.8.0 (2024-09-18)
- Add count field to messages connection (c9a4415)
- Add order_by field to messages query (0cb3bfb)
- Use DjangoFilterAndOffsetConnectionField with messages query (1c38e39)
- Link and subject field in the messaging admin list display (e584d75)
3.7.1 (2024-09-05)
- Logging level default value (42c91a1)
3.7.0 (2024-09-05)
- Add more fields and filters to messaging admin view (d70dfe9)
- Authenticate symmetrically signed JWT with shared secret for browser tests (718d92c)
- Provide initial browser test data automatically (7250605)
- Switch setup.cfg -> pyproject.toml, black/isort/flake8 -> ruff (4d8e834)
- Upgrade Django to 4.2 & upgrade all packages to latest (e5b12aa)
- Upgrade to Python 3.11 (553b964)
- Allow schema introspection for unauthenticated users (e8879aa)
- Default test project creation (ab76ba7)
- Event group creation bug in admin (8ff4042)
- Making event groups events publishable should not clear event group (e00f931)
- Message api filters for protocol and occurrences (9277462)
- Oidc debug extra usage (a9a3d46)
- Oidc debug extra usage (f1265a1)
3.6.0 (2024-07-05)
- Add search and autocomplete fields to user, group and ad groups admin (e576fd0)
- Test auth change notifications command's query count (14c1c7d)
- Improve event and event group admins with safegetters and searches (022ca8d)
3.5.0 (2024-06-14)
- Batch user is_obsolete updating in auth change command (7e89c1b)
- Add missing success messages to user and guardian admin actions (21f4e69)
3.4.0 (2024-06-13)
- Add --obsolete_handled_users & --batch_size to auth change command (272ef3d)
- Add links and filters from guardian to user and vice versa in admin site (9f870f2)
- Send auth service changing notifications from admin (e37c0de)
- Children event history markdown line endings and indentations (efd595d)
3.3.0 (2024-06-12)
- Add AuthServiceNotificationService to mass mail when auth service is changed (1665cd9)
- Add children event history markdown generator (64f5c69)
- Add for_auth_service_is_changing_notification in guardian queryset (6dfcb37)
- Add guardian admin actions to generate auth service changing email (4609f9a)
- Add management command to send auth service changing notifications (4d786aa)
- Use a list of emails to filter recipients on auth service notification (9fd0746)
- Add apps.py for Kukkuu mailer app (8ff158c)
- Improve the django_mailer admin list display view (2cf4be0)
- Remove children_event_history_markdown from notification dummy context (40c4c11)
- Rename kukkuu_mailer to kukkuu_mailer_admin (8722395)
3.2.0 (2024-06-04)
- Add back channel logout support (0d10bf3)
- Add Child.notes TextField, ChildNotes query and update mutation (4476961)
- Add Child.notes TextField, ChildNotes query and update mutation (4ff79c4)
- Add obsoleted props and features to User and Child (cf473de)
- Always use user's email in SubmitChildrenAndGuardianMutation (df89bf9)
- Do not send event invitations to those who have rejected them (75c12c1)
- Replace has_accepted_marketing with has_accepted_communication (d6bfa17)
- Send event and event group publish notification in a thread (5510465)
- Serialize the models used by the GDPR API (9dc697b)
- The GDPR service to clear sensitive fields of user and guardian (6ba1260)
- Add env-variable for GDPR API authorization field (8ac6f45)
- Api authorization field (f0c0528)
- Api authorization field (4ebfe1c)
- Move api authorization field to oidc config (56be176)
- Projects model objects manager (8958aff)
- Upgrade the django-helusers to fix issues with GDPR API auth (56b58dd)
- Add some gdpr api tester app instructions (9dc697b)
- Env-variables for the Tunnistamo and the Keycloak (a7f1109)
- How to integrate with Helsinki-Profile through Tunnistamo (469256f)
- Improvements (2348c1c)
3.1.0 (2024-03-27)
- Add "has accepted marketing" -field to the guardian model (90cc46c)
- Add "has accepted marketing" field to the GuadianInput (46fe887)
- Add accept marketing field to my profile mutation with auth token decoration (826f254)
- Add query and mutation for guardian marketing subscriptions (45a50be)
- Add unsubscribe links to the sendings of the notifications (7d54dfb)
- Auth verification token (2ea2635)
- Decorator that populates context's user from auth token given as an input (242cff0)
- Graphql api for user to unsubscribe from all notifications (7a44a4a)
- User can unsubscribe from all the notifications at once (26ebc3e)
- Username and email available from AdminNode (6b8f90f)
- admin: Search and filter guardians with guardian and user emails (e218f09)
- Build in CI fails because of factory usage during build time (e64fb28)
3.0.0 (2024-02-14)
- prevented email changing with the update my profile mutation
- Get active verification tokens for user (8205b26)
- Prevented email changing with the update my profile mutation (e545b06)
- Request email change token from the graphql-api (dc81c71)
- Send the email change verification token to the new email (bfa37cf)
- Update my email mutation (af91c7f)
- Verification tokens for user email verification (e806cf6)
- Admin site user-group-relationship shouldn't be filtered for admins only (141d308)
- Build issues in CI environment (93c3a32)
2.0.0 (2024-01-22)
- child update mutation input should not have birthdate field
- reporter API's birth_year renamed to birthyear
- change birthyear type from date to integer
- rename the birthdate field of the child model to be birthyear
- rename the first name field of the child model to "name"
- remove the last name field from the Child model
- Change birthyear type from date to integer (e1b6fc2)
- Child update mutation input should not have birthdate field (2005529)
- Remove the last name field from the Child model (aca4664)
- Rename the first name field of the child model to "name" (1b5c7ed)
- Rename the birthdate field of the child model to be birthyear (d9f5b17)
- Reporter API's birth_year renamed to birthyear (b712e73)
- Make more consistent querysets and test for children reports API (c771380)
1.17.2 (2023-12-15)
- Dockerfile base on ubi image DEVOPS-560 (#329) (6c788ee)
- Pagination of the DjangoFilterAndOffsetConnectionField and the Children-query (526055d)
1.17.1 (2023-06-29)
- Add Lippupiste as an external ticket system
- Sastoken is used for Azure storage autentication
- Process notifications sending outside the atomic transaction of saving of events
1.16.0 - 8 Dec 2022
- Add horizontal pod autoscaler
- Add Platta related configurations
- Count ticket system passwords toward yearly enrolment limit
- Add
assignTicketSystemPasswordMutation& tests - Add GraphQL query for fetching a child's all internal and external enrolments
- Add import ticket system passwords mutation
- Add ticket system password counts to event API
- Add external ticket system event URL
- Implement end time handling for external ticket system events
- Fix child enrolment counting related to Ticketmaster events
- Fix
canChildEnrollquery related to Ticketmaster events - Fix free ticket system password detection
1.15.1 - 27 May 2022
- Child can only enroll into published events. Rather small extra check, since unpublished events were not visible.
1.15.0 - 6 Apr 2022
- Republish an event group
- Events occurrences have to be on the same year
- Query for child's upcoming events and event groups
- Ticket is show until 1 hour after the event has ended.
1.14.0 - 9 Mar 2022
- QR-codes used as tickets and sent with emails
- The messaging API supports SMS-messages
1.13.0 - 10 Jan 2022
- Add initial reporting API
- Add feedback notification
- Ignore authentication expired error from Sentry
- Change reminder notification "days in advance" to 1
- Validate that event and occurrences are not given when message is for INVITED
- Fix manual messages directed to INVITED to work with event groups
- Ignore extra cruft coming from graphql-python from Sentry
1.12.0 - 14 Dec 2021
- Renewed authentication implementation
- Fixed projects admin UI language tabs
1.11.1 - 13 Oct 2021
- Fix free spot subscription handling in event group
1.11.0 - 13 Sep 2021
- Add initial external ticket system event support
- Validate that one cannot enrol to multiple events of the same event group
1.10.5 - 10 Jun 2021
- Send free text email messages in an atomic transaction
- Default to sending queued emails
- Increase production CPU and RAM limits
1.10.4 - 26 May 2021
- Send event/event group publish notifications in an atomic transaction
- Increase email sending cronjobs' timeouts to 1h
- Fix a notification context language issue which caused some parts of notifications being sometimes in wrong language
1.10.3 - 23 Mar 2021
- Increase production cpu limit
1.10.2 - 10 Mar 2021
- Fix Mailgun API credentials
1.10.1 - 2 Mar 2021
- Fix GHA production config
- Fix handling of a child's project in admin UI
1.10.0 - 2 Mar 2021
- Add "single events allowed" flag to Project model
- Add permission for managing event groups
- Allow granting publish permission to all projects
- Add GHA production config
- Do not log readiness and healthz endpoints
- Temporary auth fix required by the latest Tunnistamo
1.9.0 - 11 Feb 2021
- Add new permission system
- Multiple minor admin UI enhancements
- Add notification importer that imports email notifications' texts from Google Spreadsheets
- Do not delete past enrolments when child is deleted
- Forbid unenrolling from occurrences in the past
- Delete children when their only guardian is deleted
- Migrate periodic tasks to K8s cronjobs
- Fix UserManager
- Fix notifications' dummy contexts
1.8.0 - 17 Dec 2020
- Add event group functionality
- Add
availableForChild(childId)filter toEventNode
- Disable django-parler caching
- Migrate CI/CD to GitHub actions
- Exclude unenrolled events from
ChildNode.pastEvents() - Add ordering for API's
translationsfields
1.7.0 - 12 Nov 2020
- Add manual message functionality
1.6.0 - 16 Oct 2020
- Add Free spot notification functionality
- Add languages spoken at home for guardians
- Add
get_global_id()to event notifications' contexts - Add occurrence enrol URL to event notifications' contexts
- Add special language "Other language"
- Update default languages
- Fix API version string when running
manage.pyoutside the app directory - Fix occurrence remaining capacity when capacity override is 0
1.5.1 - 30 Sep 2020
- Add localtime function to event notification templates
1.5.0 - 30 Sep 2020
- Add upcoming occurrence reminder notification
- Add
upcoming_with_leewayoccurrence filter - Add enrolled events past enough (default 30 mins from the start) to a child's past events
- Add initial API for subscribing and viewing free spot subscriptions (N.B. the functionality itself has NOT been implemented yet, just the API)
- Do not purge email logs by default in CI/CD config
1.4.0 - 15 Sep 2020
- Add nullable field
capacityOverrideand API for it which allows setting capacity per occurrence - Add ability to search children and guardians in admin UI
1.3.0 - 2 Sep 2020
- Add occurrence url to event notifications' contexts
- Add general support for database stored languages and an API for fetching those
- Add languages spoken at home for children and an API for handling those
- Add new choice "1 child and 1 or 2 adults" to participants per invite choices
1.2.0 - 17 Aug 2020
- Add project filter to children, venues, events and occurrences queries
- Add nullable boolean field
attendedtoEnrolmentmodel and mutationSetEnrolmentStatusfor updating it - Add logging of mutations
- Add "occurrence cancelled" notification
- Add limit/offset pagination to children query
- Change guardians, children, events, occurrences and enrolments viewing and administrative mutations to be allowed only for project admins of the corresponding project. Previously
Usermodel'sis_stafffield was used to give permissions for all projects. - Order venues by Finnish name in API queries
- Change default logging level to INFO
- Hide unpublished events in
ChildNodepast_eventsandavailable_eventsfields for project admins as well
- Fix a bug in
OccurrenceNoderemainingCapacityfield - Fix a bug in
OccurrenceNodeenrolmentCountfield
1.1.0 - 29 May 2020
- Add occurrence language
- Return occurrence & child from unenrolment mutation
- Add null field validation when updating objects
- Add setting to enable graphiql in staging
- Add custom depth limit backend
- Add event filter to occurrences query
- Add
enrolmentCounttoOccurrenceNode - Add
nameto project model - Make event UI URL available to event published notification
- Add
projectstoMyAdminProfileNode - Allow a guardian to change her email when registering and when modifying her profile. A new notification is sent when the latter happens.
- Change mutations'
translationsfield behaviour: from now on, translations for languages that are not sent are deleted - Change event publish notification to be sent to every child of the project
- Remove
translationsToDeletefrom all mutations that had it - Remove
usersfromProjectNode - Remove
isProjectAdminfromMyAdminProfileNode
- Fix required fields in occurrence mutations
- Use
ParticipantsPerInviteenum in event mutation inputs
1.0.0 - 30 Mar 2020
- Add availableEvents and pastEvents to child query
- Add translation fields as normal fields into Venue and Event
- Add occurrence filters (date/time/venue)
- Add remaining capacity to occurrence node
- Add CDN for image storage
- Add MyAdminProfile API query
- Add version/revision number to admin interface
- Add translation validations
- Add better GraphQL error code
- Update Django to 2.2.10
- Update README.md
- Fix API queries to use RelationshipTypeEnum like mutations do
- Better UWSGI cron job to handle email sending
- Make LanguageEnum required in some queries
- Email goes to spam in some strict filter
- Minor gitlab config fixes
0.2.0 - 17 Feb 2020
- Add enrolment API for child to enrol event occurrences
- Add support to update event image
- Add event capacity validation to event
- Add publish events API
- Add Django Admin publish event action
- Send notifications to guardians when an event published
- Update API to support nested fields update/delete
- Fix API queries to use RelationshipTypeEnum like mutations do
- API for signup/login and query my profile
- Send notifications when signed up successfully
- API to query, add, update and remove children
- API to query, add, update and remove events
- API to query, add, update and remove occurrences
- API to query, add, update and remove venues