Merge branch 'feature/PB-33112_52-Publish-production-API' into 'master'

PB-33112 Publish production API (v4.7.0)

See merge request passbolt/passbolt-ce-api!279

Author: cedricalfonsi

.gitlab-ci/jobs/help_site_notes.yml

@@ -12,7 +12,7 @@ help_site_notes:
       exit 0
     fi
     apt update && apt install -y git curl gpg
-    curl -L https://gitlab.com/gitlab-org/cli/-/releases/v1.30.0/downloads/glab_1.30.0_Linux_x86_64.deb  --output glab.deb
+    curl -L https://gitlab.com/gitlab-org/cli/-/releases/v1.38.0/downloads/glab_1.38.0_Linux_x86_64.deb  --output glab.deb
     dpkg -i glab.deb
     cat "$HELP_SITE_GPG_KEY" > "$GPG_KEY_PATH"
     bash .gitlab-ci/scripts/bin/help_site.sh

.gitlab-ci/scripts/bin/help_site.sh

@@ -14,7 +14,7 @@ GIT_CI_TOKEN_NAME=${GIT_CI_TOKEN_NAME:-gitlab-ci-token}
 ACCESS_TOKEN_NAME="help-site-bot"
 HELP_SITE_REPO="gitlab.com/passbolt/passbolt-help.git"
 RELEASE_NOTES_PATH="../RELEASE_NOTES.md"
-
+TARGET_MR_BRANCH="develop"
 
 function create_release_notes() {
     title="$(grep name ../config/version.php | awk -F "'" '{print $4}')"
@@ -25,7 +25,7 @@ function create_release_notes() {
     permalink="/releases/$PASSBOLT_FLAVOUR/$(grep name ../config/version.php | awk -F "'" '{print $4}' | tr ' ' '_' | tr '[:upper:]' '[:lower:]')"
     date="$(date +'%Y-%m-%d')"
 
-    cat << EOF >> _releases/"$PASSBOLT_FLAVOUR"/"$CI_COMMIT_TAG".md
+    cat <<EOF >>_releases/"$PASSBOLT_FLAVOUR"/"$CI_COMMIT_TAG".md
 ---
 title: $title
 slug: $slug
@@ -40,7 +40,7 @@ date: $date
 ---
 EOF
 
-    cat $RELEASE_NOTES_PATH >> _releases/"$PASSBOLT_FLAVOUR"/"$CI_COMMIT_TAG".md
+    cat $RELEASE_NOTES_PATH >>_releases/"$PASSBOLT_FLAVOUR"/"$CI_COMMIT_TAG".md
 }
 
 setup_gpg_key "$GPG_KEY_PATH" "$GPG_PASSPHRASE" "$GPG_KEY_GRIP"
@@ -55,6 +55,6 @@ git checkout -b release_notes_"$CI_COMMIT_TAG"_"$PASSBOLT_FLAVOUR"
 git add _releases/"$PASSBOLT_FLAVOUR"/"$CI_COMMIT_TAG".md
 git commit -m ":robot: Automatically added release notes for version $CI_COMMIT_TAG $PASSBOLT_FLAVOUR"
 glab auth login --token "$HELPSITE_TOKEN"
-mr_url=$(glab mr create -s release_notes_"$CI_COMMIT_TAG"_"$PASSBOLT_FLAVOUR" -b master -d ":robot: Release notes for $CI_COMMIT_TAG $PASSBOLT_FLAVOUR" -t "Release notes for $PASSBOLT_FLAVOUR $CI_COMMIT_TAG" --push --repo "passbolt/passbolt-help" | grep 'https://gitlab.com/passbolt/passbolt-help/-/merge_requests/')
+mr_url=$(glab mr create -s release_notes_"$CI_COMMIT_TAG"_"$PASSBOLT_FLAVOUR" -b "$TARGET_MR_BRANCH" -d ":robot: Release notes for $CI_COMMIT_TAG $PASSBOLT_FLAVOUR" -t "Release notes for $PASSBOLT_FLAVOUR $CI_COMMIT_TAG" --push --repo "passbolt/passbolt-help" | grep 'https://gitlab.com/passbolt/passbolt-help/-/merge_requests/')
 cd -
 bash .gitlab-ci/scripts/bin/slack-status-messages.sh ":notebook: New helpsite release notes created for $CI_COMMIT_TAG $PASSBOLT_FLAVOUR" "$mr_url"

CHANGELOG.md

@@ -2,6 +2,79 @@
 All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).
 
+## [4.7.0] - 2024-04-30
+### Added
+- PB-30330 Add HTTP HEAD method support to /healthcheck/status.json to support more uptime monitoring tools (GITHUB #507)
+- PB-26156 As an administrator I can configure SMTP to use TLS with a self-signed cert on my mail server (GITHUB #498)
+
+### Security
+- PB-30255 As an authenticated user I cannot access to the healthcheck endpoint when debug is on
+
+### Fixed
+- PB-30379 As an authenticating user I should not get a 500 if the gpg_auth is not an array
+- PB-32889 As an administrator I should not get an exception when running core healthcheck and the host cannot be resolved
+- PB-32928 As user I should see the accurate URL in the email footer when passbolt runs on multiple instances
+- PB-32566 As a user setting up my account I should not get an unexpected 500
+- PB-32903 Fix deprecation error on password expiry settings validation
+
+### Maintenance
+- PB-29983 Refactor health check code domain for better maintenance
+- PB-30394 Moves code in ActionLogsModelListener into a dedicated service
+- PB-32881 Disable by default all plugins in integration tests
+- PB-32978 Use dependency proxy to reduce docker pull limit
+- PB-22605 Refactor ShareSearchControllerTest, SecretViewControllerTest and GroupsDeleteControllerTest with fixture factories
+- PB-32594 Add tests for SecretCreateService
+
+## [4.7.0-rc.1] - 2024-04-26
+### Added
+- PB-30330 Add HTTP HEAD method support to /healthcheck/status.json to support more uptime monitoring tools (GITHUB #507)
+- PB-26156 As an administrator I can configure SMTP to use TLS with a self-signed cert on my mail server (GITHUB #498)
+
+### Security
+- PB-30255 As an authenticated user I cannot access to the healthcheck endpoint when debug is on
+
+### Fixed
+- PB-30379 As an authenticating user I should not get a 500 if the gpg_auth is not an array
+- PB-32889 As an administrator I should not get an exception when running core healthcheck and the host cannot be resolved
+- PB-32928 As user I should see the accurate URL in the email footer when passbolt runs on multiple instances
+- PB-32566 As a user setting up my account I should not get an unexpected 500
+- PB-32903 Fix deprecation error on password expiry settings validation
+
+### Maintenance
+- PB-29983 Refactor health check code domain for better maintenance
+- PB-30394 Moves code in ActionLogsModelListener into a dedicated service
+- PB-32881 Disable by default all plugins in integration tests
+- PB-32978 Use dependency proxy to reduce docker pull limit
+- PB-22605 Refactor ShareSearchControllerTest, SecretViewControllerTest and GroupsDeleteControllerTest with fixture factories
+- PB-32594 Add tests for SecretCreateService
+
+## [4.7.0-test.2] - 2024-04-26
+### Fixed
+- PB-33084 New release with fixed release pipes
+
+## [4.7.0-test.1] - 2024-04-24
+### Added
+- PB-30330 Add HTTP HEAD method support to /healthcheck/status.json to support more uptime monitoring tools (GITHUB #507)
+- PB-26156 As an administrator I can configure SMTP to use TLS with a self-signed cert on my mail server (GITHUB #498)
+
+### Security
+- PB-30255 As an authenticated user I cannot access to the healthcheck endpoint when debug is on
+
+### Fixed
+- PB-30379 As an authenticating user I should not get a 500 if the gpg_auth is not an array
+- PB-32889 As an administrator I should not get an exception when running core healthcheck and the host cannot be resolved
+- PB-32928 As user I should see the accurate URL in the email footer when passbolt runs on multiple instances
+- PB-32566 As a user setting up my account I should not get an unexpected 500
+- PB-32903 Fix deprecation error on password expiry settings validation
+
+### Maintenance
+- PB-29983 Refactor health check code domain for better maintenance
+- PB-30394 Moves code in ActionLogsModelListener into a dedicated service
+- PB-32881 Disable by default all plugins in integration tests
+- PB-32978 Use dependency proxy to reduce docker pull limit
+- PB-22605 Refactor ShareSearchControllerTest, SecretViewControllerTest and GroupsDeleteControllerTest with fixture factories
+- PB-32594 Add tests for SecretCreateService
+
 ## [4.6.2] - 2024-04-11
 ### Security
 - PB-32932 Fix error template title

RELEASE_NOTES.md

@@ -1,9 +1,28 @@
-Release song: https://youtu.be/3WOZwwRH6XU?si=jvTiezg7eEEpEh-S
+Release song: https://youtu.be/3L4YrGaR8E4
 
-Passbolt is pleased to announce the immediate availability of version v4.6.2. This version is a targeted security release of both the API and the browser extension focusing on fixing security issues reported by security researchers.
+Passbolt Community Edition v4.7 is a maintenance release that resolves multiple issues identified by the community. Furthermore, this release supports the commitment to improving customization options and integration features, making it easier for organizations to tailor the system to their specific needs.
 
-We would like to express our appreciation to the community for their assistance in making Passbolt more secure. Further details about the issues will be shared in a separate communication.
+A key enhancement in this release is the ability to use custom SSL certificates for SMTP server connections. This long-awaited feature is particularly beneficial for organizations operating in air-gapped environments or those using their own root CAs, enabling passbolt to more securely integrate with internal tools.
+
+## [4.7.0] - 2024-04-30
+### Added
+- PB-30330 Add HTTP HEAD method support to /healthcheck/status.json to support more uptime monitoring tools (GITHUB #507)
+- PB-26156 As an administrator I can configure SMTP to use TLS with a self-signed cert on my mail server (GITHUB #498)
 
-## [4.6.2] - 2024-04-11
 ### Security
-- PB-32932 Fix error template title
+- PB-30255 As an authenticated user I cannot access to the healthcheck endpoint when debug is on
+
+### Fixed
+- PB-30379 As an authenticating user I should not get a 500 if the gpg_auth is not an array
+- PB-32889 As an administrator I should not get an exception when running core healthcheck and the host cannot be resolved
+- PB-32928 As user I should see the accurate URL in the email footer when passbolt runs on multiple instances
+- PB-32566 As a user setting up my account I should not get an unexpected 500
+- PB-32903 Fix deprecation error on password expiry settings validation
+
+### Maintenance
+- PB-29983 Refactor health check code domain for better maintenance
+- PB-30394 Moves code in ActionLogsModelListener into a dedicated service
+- PB-32881 Disable by default all plugins in integration tests
+- PB-32978 Use dependency proxy to reduce docker pull limit
+- PB-22605 Refactor ShareSearchControllerTest, SecretViewControllerTest and GroupsDeleteControllerTest with fixture factories
+- PB-32594 Add tests for SecretCreateService

config/default.php

@@ -289,7 +289,13 @@
             ],
             'smtpSettings' => [
                 // A typo is here covered for backward compatibility
-                'enabled' => filter_var(env('PASSBOLT_PLUGINS_SMTP_SETTINGS_ENABLED', env('PASSBOLT_PLUGINS_SMTP_SETTINGS', true)), FILTER_VALIDATE_BOOLEAN)
+                'enabled' => filter_var(env('PASSBOLT_PLUGINS_SMTP_SETTINGS_ENABLED', env('PASSBOLT_PLUGINS_SMTP_SETTINGS', true)), FILTER_VALIDATE_BOOLEAN),
+                'security' => [
+                    'sslVerifyPeer' => filter_var(env('PASSBOLT_PLUGINS_SMTP_SETTINGS_SECURITY_SSL_VERIFY_PEER', true), FILTER_VALIDATE_BOOLEAN),
+                    'sslVerifyPeerName' => filter_var(env('PASSBOLT_PLUGINS_SMTP_SETTINGS_SECURITY_SSL_VERIFY_PEER_NAME', true), FILTER_VALIDATE_BOOLEAN),
+                    'sslAllowSelfSigned' => filter_var(env('PASSBOLT_PLUGINS_SMTP_SETTINGS_SECURITY_SSL_ALLOW_SELF_SIGNED', false), FILTER_VALIDATE_BOOLEAN),
+                    'sslCafile' => env('PASSBOLT_PLUGINS_SMTP_SETTINGS_SECURITY_SSL_CAFILE', null),
+                ],
             ],
             'selfRegistration' => [
                 'enabled' => filter_var(env('PASSBOLT_PLUGINS_SELF_REGISTRATION_ENABLED', true), FILTER_VALIDATE_BOOLEAN)

config/routes.php

@@ -164,7 +164,7 @@
     $routes->setExtensions(['json']);
 
     $routes->connect('/status', ['prefix' => 'Healthcheck', 'controller' => 'HealthcheckStatus', 'action' => 'status'])
-        ->setMethods(['GET']);
+        ->setMethods(['GET', 'HEAD']);
 
     $routes->connect('/', ['prefix' => 'Healthcheck', 'controller' => 'HealthcheckIndex', 'action' => 'index'])
         ->setMethods(['GET']);

config/version.php

@@ -1,8 +1,8 @@
 <?php
 return [
     'passbolt' => [
-        'version' => '4.6.2',
-        'name' => 'One Nation Under A Groove',
+        'version' => '4.7.0',
+        'name' => 'Bulls On Parade',
     ],
     'php' => [
         'minVersion' => '7.4',