1.36.0 (2026-06-05)
- enrolment: Add is_part_of_cultural_route boolean field support (589d3c1)
1.35.3 (2026-05-19)
1.35.2 (2026-05-11)
1.35.1 (2026-04-20)
- Bump authlib from 1.6.9 to 1.6.11 (e7b4689)
1.35.0 (2026-04-14)
- Add password login allowlist (c15e3be)
1.34.1 (2026-04-14)
1.34.0 (2026-04-02)
- Remove django-axes (03bdcbb)
- Use django-helsinki-health-endpoints for readiness and healthz (e26ff93)
- Bump ecdsa from 0.19.1 to 0.19.2 (15d8db3)
- Bump requests from 2.32.5 to 2.33.0 (9abefe2)
- Bump requirements (6762d72)
- Remove redundant django-ipware (56d169b)
1.33.1 (2026-03-25)
- Add django-ipware (191379b)
1.33.0 (2026-03-24)
- Django-axes prefers forwarded ip address (0a6bd10)
1.32.1 (2026-03-18)
- Bump authlib from 1.6.7 to 1.6.9 (0e865b6)
- Bump pyasn1 from 0.6.2 to 0.6.3 (cb990bb)
- Bump pyjwt from 2.10.1 to 2.12.0 (3c8773c)
1.32.0 (2026-03-13)
- Disable django admin password login (a6563cd)
1.31.1 (2026-03-09)
1.31.0 (2026-02-18)
- Enable resilient logger (37a8ab8)
- Bump sqlparse from 0.5.3 to 0.5.4 (0215bc0)
1.30.1 (2026-02-04)
1.30.0 (2026-01-27)
- Disable new audit logging cron tasks (db89bbc)
1.29.0 (2026-01-23)
- Handle LinkedEvents API timeouts for popular keywords (54dcdf7)
- Use django-resilient-logger for audit logging (957bda3)
- Make LinkedEvents API timeout configurable (25f4096)
- Treat LinkedEvents 404/410 as ObjectDoesNotExistError (9724b21)
- Bump wheel from 0.45.1 to 0.46.2 (c9060e5)
1.28.0 (2026-01-21)
- Remove audit logging from enrolment report view (eb07236)
- Handle 410 Gone statuses in API calls (76401fa)
- Prevent TypeError with null enrolment_end_days (26b1994)
- Bump authlib from 1.6.5 to 1.6.6 (847d45c)
- Bump pyasn1 from 0.6.1 to 0.6.2 (43ea93f)
- Bump urllib3 from 2.5.0 to 2.6.0 (afed584)
- Bump urllib3 from 2.6.0 to 2.6.3 (#449) (0f95549)
1.27.1 (2025-12-04)
- Bump django from 5.2.8 to 5.2.9 (9f79301)
1.27.0 (2025-11-27)
- Allow Sentry uWSGI-plugin to be optional (2f5a011)
- Change log format to json (0310667)
- sentry: Update sentry configuration (acdf4fb)
- dev: Bump pip-tools from 7.5.1 to 7.5.2 (4d49f66)
1.26.2 (2025-11-10)
1.26.1 (2025-10-13)
- Bump social-auth-app-django from 5.5.1 to 5.6.0 (04ddc74)
1.26.0 (2025-10-09)
- Migrate to django-csp 4.0 (d313c9a)
- Remove deprecated PickleSerializer (0ebb1fb)
- Update time-filtering for Django 5 (d0b3289)
- Update verification token settings (2484b23)
- Bump django 5.2 and requirements (dbc8191)
- Bump django from 4.2.24 to 4.2.25 (fee3462)
- Bump django-csp to 4.0 (0ed736a)
1.25.2 (2025-09-23)
- readme: Update parts regarding code and git commit message formats (943f601)
- Remove contact information from README (3422570)
1.25.1 (2025-09-10)
- Bump django from 4.2.22 to 4.2.24 (fd480fb)
1.25.0 (2025-09-08)
- Event with ongoing occurrences can have space for enrolment (4405b23)
1.24.1 (2025-08-28)
- Add person to contacts only when it exists (c8fffac)
- Update person retention period deletion logic (723b9e0)
1.24.0 (2025-08-20)
- Improve uWSGI options (c3e849e)
- Csv endpoints incorrectly responding with 403 (30d5348)
- Add uwsgitop (f28e0be)
- Bump django from 4.2.21 to 4.2.22 (3f34592)
- Bump requests from 2.32.3 to 2.32.4 (8ffe381)
- Bump urllib3 from 2.3.0 to 2.5.0 (9b64ce2)
1.23.0 (2025-06-05)
- Remove persons with cronjob when retention period has exceeded (d211e7f)
- Csp rules for notification importers preview view (3c81303)
1.22.1 (2025-05-28)
- Add is_event_admin column to user admin list (80e9f26)
- Add gruppo to architecture README (464197b)
1.22.0 (2025-05-27)
- browsertest: Authenticate user as event staff with organisations (37b633c)
- organisation: Make order predictable, index name & publisher_id (5532d74)
- Bump django from 4.2.20 to 4.2.21 (d1e48f5)
1.21.0 (2025-05-19)
- Authenticate symm. signed JWT with shared secret for browser tests (465c4f4)
- Migrate to new field to indicate whether User is an event admin (42c696a)
1.20.0 (2025-05-05)
- openapi: Add schema extensions for API docs generation (21f17d7)
- openapi: Serve API schema and Redoc UI (81f7dc0)
- openapi: Use schema extensions for custom fields in reports (5c760e1)
1.19.0 (2025-04-28)
- Add gitlint & md-toc to pre-commit hooks, update related README (c09351f)
- auditlog: Common mixin to write accesslogs of REST list views (1fa359f)
- auditlog: Install and configure auditlog (3153f61)
- auditlog: List view read logging in EnrolleePersonalDataAdmin (1609ca1)
- auditlog: Write access auditlogs in report views (0be21ab)
- auditlog: Write access log in GraphQL endpoint (c648589)
- auditlog: Write auditlogs about reads on admin-site (cfe7a8a)
- csp: Install and configure CSP-plugin (1399719)
- dependabot: Configure dependabot using .github/dependabot.yml (dbe9147)
- health: Improved health check to check database connection (86b8cbc)
- python: Upgrade python from 3.11 to 3.12 everywhere in codebase (cd87b14)
- sonarcloud: Add sonar-project.properties to configure SonarCloud (8c9810b)
- auditlog: Auditlogging in user deletion process (be74fa7)
- Gdpr accessor for event contact person (ef9dfe1)
- license: Update license year to current year of 2025 (15659a5)
- Null pointer exceptions in some models str (cdc24cd)
- Order StudyGroups by (created_at, group_name) for predictability (3c9482c)
- Possible null pointer exception issue in place handling (3177443)
- Remove dependabot reviewers, set comment for PT-1887 (6181a0d)
- Remove port from the response of
get_client_ip(6c3eb83) - sonarcloud: Add alt texts to <img> tags in email templates (dbb6177)
- sonarcloud: Add lang & xml:lang to email templates' html tags (8105034)
- sonarcloud: Allow deprecated attributes in email templates (5f275db)
- sonarcloud: Allow deprecated elements in email templates (7ac1945)
- sonarcloud: Allow tables without headers in email templates (b9071d2)
- sonarcloud: Don't hardcode debug mode SECRET_KEY, update README (0792782)
- sonarcloud: Fix margin CSS styles in email templates (f22890a)
- sonarcloud: Fix rest of the margin CSS styles in email templates (2700840)
- sonarcloud: Generate PEM key pair in tests instead of hardcoding it (6194e23)
- sonarcloud: Ignore false positive "wrap <li> with <ul>" warnings (343c172)
- sonarcloud: Move DATABASE_URL default to .env.example (2ddc4fc)
- sonarcloud: Use safe HTTP methods with healthz/readiness endpoints (0cab943)
- sonarcloud: Use signed & verified JWT token in tests (94c09d4)
- sonarcloud: Use tempfile for creating MAILER_LOCK_PATH default (8656420)
- sonarcloud: Use zoneinfo.ZoneInfo instead of pytz.timezone (3c265a0)
- Upgrade deps, fix Dockerfile, update ignores, unify env files (d5e43a0)
- Variable typing (c1beac6)
- auditlog: Add django-auditlog and django-auditlog-extra (acd7d89)
- auditlog: Add auditlog to README (11ae0db)
- Improve readme with architecture image and release & deployments (ecfc226)
1.18.0 (2024-10-31)
- Deactivated person should not be listed from API (fe515f8)
1.17.0 (2024-10-21)
- Upgrade all dependencies, PostgreSQL 10->13, use ruff (bcbf88b)
- Upgrade Python 3.9 -> 3.11 (b736d8a)
- Execute_graphql_request() has no
invalidmember (fe1ee4f) - Keyword set enum usage (c8b133d)
- Upgrade django-ilmoitin to fix migration issues (ba7ac5d)
1.16.0 (2024-09-26)
- Add serializable GDPR API fields for models of Occurrences package (56a8f7f)
- Add serializable GDPR fields for Person model (acbcd9e)
- Add serializable GDPR fields for the User model (952f512)
- Add uuid to the user admin list display (0eea17e)
- Delete user when gdpr delete is requested (bdf0172)
- Enable Helusers user migration (bbd4e31)
- Improve admin site performance by auto complete fields & inlines (3ffd690)
- Improvements to person admin (84670ca)
- Install latest django-helusers and helsinki-profile-gdpr-api (72a4c99)
- Install requests-mock for gdpr unit testing (cf42ec2)
- Occurrences are listed in inline component in palvelutarjotin event admin (26acf88)
- Resolve if pEvent has any spaces left for enrolment (cd54060)
- Deprecation warnings and upgrade the django-ilmoitin (bfa44c9)
- Heluser settings for user migration and logout (88e5a8f)
- Oidc audience env variable was always read as a string when it can also be a list (abe0806)
- User deleted via GDPR API should not be relinkable to Helsinki Profile (dbeefda)
1.15.0 (2024-09-16)
- Change domain to hel.fi (bdc2e75)
1.14.1 (2024-06-19)
- Remove CREATE_SUPERUSER variable and its use (c5a1ea1)
1.14.0 (2024-05-16)
- Use palvelukarttaws v4 service instead of servicemap v2 (29fbc19)
- Updated the servicemap api root url to env file examples (73478ce)
1.13.0 (2024-04-26)
- Add is_queueing_allowed & preferred_times fields (60cb87f)
- Use correct keyword set IDs (no "qq:" prefix), remove qq altogether (f931384)
- Use correct Linked Events test URL in testing (cf851bc)
- Tidy up README.md, word wrap, fix data source, shorten wordings (2c8f318)
1.12.1 (2024-03-14)
1.12.0 (2024-02-26)
- Add keyword_OR_set event query parameters (d704598)
- Event queue enrolment counts are included in the enrolment summary (b0768f2)
- Fix OIDC tests by setting token auth settings properly in tests (b9dbbde)
1.11.0 (2023-12-21)
- Filter events with contact info query (c2e2437)
1.10.0 (2023-12-11)
- Add send_upcoming_occurrence_sms_reminders management command (a441f1b)
- Type hint that does not work in CI (065321f)
- Use term "place" instead of an event when place fetching fails (98bde29)
1.9.0 (2023-09-19)
- Enforce non-empty publisher ID in organisation & new/updated event (9f5510a)
1.8.2 (2023-08-23)
- App version number PT-1652 (#321) (ff8c5a4)
- Don't paginate Organisations query and persons in organisations (cbc11b8)
- Review fixes for api/version PT-1652 (#323) (051ccbf)
1.8.1 (2023-06-29)
- Allow enrolling to occurrence without notifications sending
- Fixes to the enrolment queue implementation
- Add the GDPR-person-deletion feature to the event queue enrolments
- Add PickEnrolmentFromQueueMutation to convert an event queue enrolment to an occurrence enrolment
- Removed the enrolments, the studyGroups and the studyGroup (single) query fields from the occurrences API
- Improved data security by restricting the enrolments and study groups data with new permission checks
- Added event queue enrolments
- Refactored the long occurrence schema and test files by splitting content to new files
- Platta configurations
- Remove beta status (affects notification templates)
- Support for person deletion
- Support for event contact info deletion
- Add management command for deleting too old contact info
- Add enrollee person data to admin UI
- Add retention period exceeding contact info deletion cronjobs
- Filter the enrolment reports in admin by "has publisher" -filter
- Save user's last activity if the configured interval has passed
- Important fixes to test mocks
- Tweak event enrolments CSV
- Add amount of adults to notifications
- Disallow enrolling with an empty group
- SMS-service can be configured off
- On multi occurrence enrolment, the related notifications are sent after all the enrolments are validated and saved
- Dropdown filter for organisations in the person admin view
- Export features for persons in the person admin view
- Event list requests to Linked events always include data source parameter
- Only sanitize keys in JSON responses from linked events
- Added more resources to the production environment
- Prevent calling LinkedEvents API with illegal null ids
- Raising the errors from connection issues to LinkedEvents API when fetching data from there.
- Added more memory to production service.
- Deleting the one sided events from LinkedEvents API if an error occures while creating a PalvelutarjotinEvent to Kultus DB.
- Some fixes to possible null pointers.
- Fixed some setting imports for better testing abilities.
- Places and events should not be fetched when the place ids are not given
- Search nearby events feature in API.
- Enrolment reports can be filtered with a LinkedEvent id (in admin).
- Enrolment report divisions information given in more detailed format.
- Enrolment report location information given in more detailed format.
- Added translatable auto acceptance message field to PalvelutarjotinEvent.
- Upcoming occurrences filter returns also the ongoing occurrences.
- Handle HTTP410 from LinkedEvents when sending enrolment reports summary.
- Enrolment reports model and interfaces.
- Extra needs -field added to the Enrolment report cvs's.
- Schools and kindergartens query makes a recursive load from the Service map and returns all the results with a single query.
- Occurrences "upcoming" -filter is now renamed to "enrollable" and a new upcoming -filter that ignores the enrolmen days is created.
- Upcoming occurrences meta -field is replaced with a new pageInfo Node.
- Refactored and fixed the enrolment summary notifications: Only the upcoming occurrences are now summarized.
- Fixed the Graphql API enrolment groups size validation.
- The published occurrences can now be updated if there are no enrolments yet, and deleted if they are first cancelled. New occurrences can also be added to a published event.
- Events will be republished to LinkedEvents API if the occurrences are saved and the event time range changes.
- A full Place can now be linked to a study group instead of a just name.
- Servicemap rest-client and graphql schema for schools and kindergartens query
- Improved error handling on LinkedEvents API calls.
- Old Course-extension is removed from the Event interface and the fields are now moved to the root of the event object.
- Unused neighborhoods API is removed.
- Hotfixed PalvelutarjotinNode occurrences limit from 100 to 400 because of a real life use case.
- Report view authentication.
- hel.ninja mail address changed to hel.fi (staging and production).
- LinkedEvents timeout raised to 20s.
- Notification importer: Notification templates can be imported from files (and Google sheets).
- Added connection timeouts to external API requests.
- Upcoming occurrences filter when enrolment end days is null.
- Neighborhood API that fetches a list of city divisions from kartta.hel.fi.
- ExternalEnrolmentUrl field added to PalvelutarjotinEvent to offer different event enrolment types: internal enrolment, external enrolment and nonenrollable event.
- Support for event queries with all_ongoing_AND and all_ongoing_OR params.
- Added place_ids to Person to list persons own places they want to follow.
- Increased production server limits
- Events pagination
- Cancelled occurrences are no longer set as next occurrence or last occurrence.
- Don't log healthchecks in production to avoid spam on server logging.
- Django from v. 2.2.24 to v. 3.2.5
- Django-helusers to v. 0.7.0.
- Django-ilmoitin graphql-api to v. 0.6.0.
- All the dependencies to resolve version missmatches.
- OIDC authentication claims validation's amr-value reading fixed by converting strings to lists.
- Checks the PalvelutarjotinEvent link existence when fetching events from LinkedEvents API.
- Occurrence deletion signals are no longer preventing deletion.
- Enrolment seats taken calculation fixed.
- Organisation proposal model for 3rd party organisations.
- An user can be set as an administrator with a new is_admin -field. Administrators receives emails from new users.
- New users will receive a notification when their account is ready for use after registration.
- New permission "can_administrate_user_permissions" which can be used to limit the editable fields in user admin change form.
- ENVIRONMENT_URL environment variable is set to a new SITE_URL setting, which stores the server domain information.
- Type filter for organisations GraphQL -query.
- Django updated from 2.2.20 to v. 2.2.24.
- Disallowed organisation changes on update my profile mutation. MyProfile mutations does not allow organisation changes anymore, because of security concerns.
- Improvements to multiple admin views.
- Report -app CSV-files support for Microsoft Excel improved.
- Multiple notification templates updated.
- Added no-cache headers to LinkedEvents REST GET calls, since LinkedEvents cache is now more aggressive.
- Add staff-status to MyProfile -query
- JWT authentication to reports view (with DRF APIView)
- Added a contact column to events' enrolments report
- Fixed mass approve mutation custom message
0.3.1 - 5 May 2021
- Dependencies security patches
- Synchronize production and staging environment variables
- Fixed email template to use correct fallback language.
0.3.0 - 27 April 2021
- Send daily enrolment summary query
- Added
categoryandadditional-criterialto p_event - Added support to query events by
keywordAndandkeywordNot - Added occurrence time validations
- Added count seats by number of enrolment
- Added
mandatory_additional_informationto p_event - Added support for teacher to cancel their own enrolment from email
- Added
StudyLevelquery,StudyLevelnow can be dynamically created from database - Added support to sending notification to multiple contact people of a single enrolment
- Added index to
p_event.linked_event_idto improve look up speed - New options to
Venuecustom data - Auto update LinkedEvent languages if occurrence
in_languagechanged - CSV export users data and enrolment data in django-admin interface
- Limit max uploaded file size to 2MB
- Switch pipeline from Gitlab to Github Action
- Better README.md
- The amount of adults are now calculated in total study group size
- Only count the number of seat taken if enrolment is approved
- Update email templates
- Use K8s cronjob instead of uwsgi cronjob
- Staging and Production now use separated Mailgun API Key
- Dependencies security patches
- Better occurrence validation
- Only allow manual approval for single-enrolment-required events
- Improve django-admin usability
- Fixed
divisionsevents filter - Fixed events string argument format
- Fixed captcha handler in local development
- Fixed authentication problem by update
drf-oidc-authversion
0.2.0 - 9 Nov 2020
- API to query keyword sets
- Provider API: Unpublish event API
- Added
outdoor_activityto p_event
- Remove duration field from occurrence
- Move
auto_acceptancefrom occurrence to p_event min_group_sizeandmax_group_sizenow become optional in occurrence- Update README.md
- Make occurrence
seat_takenandseat_approvednot-nullable in the GraphQL API
- Fixed email header in email template
0.1.0 - 2 Oct 2020
- Tunnistamo authentication
- Provider APIs:
- GraphQL API wrapper for LinkedEvent Rest API
- API for signup/login and query provider profile
- API to get/list add/update/delete user organisation
- API to get/list add/update/delete LinkedEvent
- API to get/list add/update/delete native Kultus event (linkedEvent extension data)
- API to get/list add/update/delete event occurrence
- API to view/approve/decline/cancel enrolment
- API to modify study group
- Notification service integration
- Send notifications (SMS/Email) when receive/approve/decline/cancel enrolment
- Send notifications (SMS/Email) when cancel occurrence
- Teacher APIs:
- API to enrol event
- API to query published event
- Filtering published event by name/location/time...