Maj terminée. Pour consulter la release notes associée voici le lien :
https://about.gitlab.com/releases/2021/07/07/critical-security-release-gitlab-14-0-4-released/

CHANGES.md 14 KB
Newer Older
1 2
1.16 (2021-07-19)
=================
Stephane Glondu's avatar
Stephane Glondu committed
3 4 5 6 7

 * Check secret credentials in belenios-tool (GitHub issue #31)
 * Optimize log computation during decryption
 * Majority Judgment: compute explicitly valid and blank votes
 * Web server:
8
   + Port to (cohttp-based) ocsigenserver 3.0.0
Stephane Glondu's avatar
Stephane Glondu committed
9 10 11 12 13 14 15 16
   + New voting interface for classic and Majority Judgment votes
   + Add a way to specify counting method of alternative questions
     (only Majority Judgment is supported at the moment)
   + Add possibility to customize email sender name (GitHub issue #30)
   + Add possibility to customize footer
   + The maximum total weight is now 10^11 (instead of 10^5)
   + `<br>` are interpreted as line breaks in election names,
     descriptions, questions and answers
17 18
   + Add possibility to localize configurable snippets
   + Better behaviour when sending a confirmation email fails
Stephane Glondu's avatar
Stephane Glondu committed
19 20
   + Many cosmetic changes in administrator's and voter's workflows

21 22
1.15 (2021-05-04)
=================
Stephane Glondu's avatar
Stephane Glondu committed
23

24
 * Update OCaml stack to 4.11.2
Stephane Glondu's avatar
Stephane Glondu committed
25
 * Improve support for weighted votes:
26
   + Update instructions and interface for editing voters
Stephane Glondu's avatar
Stephane Glondu committed
27 28 29 30 31 32 33 34 35 36 37 38
   + Update monitoring scripts
   + Update specification
 * Add documentation and scripts for deploying using systemd-nspawn
 * New format for private credentials
 * Web server:
   + Check consistency of voter list
   + Add a generic service for computing and comparing fingerprints
   + Remove "Archive election" button
   + Change sign up and password change workflows
   + New format for voter passwords
   + Admin home page now shows login form of the first auth system
   + Add possibility to export auth systems to election administrators
Stephane Glondu's avatar
Stephane Glondu committed
39 40 41 42 43 44 45
   + Add authentication by e-mail
   + Add possibility to remove built-in voter auth systems
   + Do no longer send automatic warning e-mails
   + Show cookie disclaimer only when logged in
   + Add possibility to customize admin home page
   + Rephrase e-mails sent to voters
   + Add a template e-mail to be sent to the credential authority
Stephane Glondu's avatar
Stephane Glondu committed
46
 * Translations:
Stephane Glondu's avatar
Stephane Glondu committed
47
   + Add Greek (el), Dutch (nl), Slovak (sk), Finnish (fi), Polish (pl)
Stephane Glondu's avatar
Stephane Glondu committed
48

Stephane Glondu's avatar
Stephane Glondu committed
49 50 51 52 53 54 55
1.14 (2021-02-09)
=================

 * Add experimental support for weighted votes: a weight can be
   assigned to a voter with the syntax "address,login,weight" or
   "address,,weight"

Stephane Glondu's avatar
Stephane Glondu committed
56 57
1.13 (2020-12-02)
=================
Stephane Glondu's avatar
Stephane Glondu committed
58

Stephane Glondu's avatar
Stephane Glondu committed
59
 * Update OCaml stack to 4.11.1
Stephane Glondu's avatar
Stephane Glondu committed
60 61 62 63
 * Handle mix of Single and Pedersen trustees thoughout codebase and
   specification
 * Add support to apply various counting methods to a set of ballots
   coming out of an non-homomorphic question, in the command-line tool
64 65
   and the web server: Condorcet-Schulze, Majority Judgment and Single
   Transferable Vote
Stephane Glondu's avatar
Stephane Glondu committed
66 67 68 69 70
 * Web server:
   + In threshold mode, add a mandatory server-owned key
   + Accept only ballots in canonical form
   + Do not allow change of trustee public key once one has been
     received
71
   + Add Belenios-* headers to all sent e-mails
Stephane Glondu's avatar
Stephane Glondu committed
72 73 74 75
 * Translations:
   + Switch i18n to gettext and use Weblate
   + Add support for translating the admin interface
   + Add Norwegian Bokmål (nb), Spanish (es), Ukrainian (uk),
Stephane Glondu's avatar
Stephane Glondu committed
76
     Czech (cs), Occitan (oc)
Stephane Glondu's avatar
Stephane Glondu committed
77 78 79 80 81 82 83
 * Tests:
   + Add monkey testing
 * Contributed scripts:
   + check_hash.py: use an external reference file with hashes
 * Switch the build system to dune
 * Drop support for old-style UUIDs

Stephane Glondu's avatar
Stephane Glondu committed
84 85 86 87 88 89 90 91 92 93 94 95 96
1.12 (2020-08-31)
=================

 * Web client:
   + Harden against browser extensions that pollute the global
     namespace
   + Use pristine sources of JavaScript libraries in the build process
 * Web server:
   + Do not allow to set credential authority name in automatic mode
   + Remove useless CalendarLib initialization (it was causing errors
     in some time zones)
 * Minor changes in tests and doc

Stephane Glondu's avatar
Stephane Glondu committed
97 98
1.11 (2020-05-25)
=================
99

Stephane Glondu's avatar
Stephane Glondu committed
100 101 102
 * Update OCaml/Eliom stack to 4.08.1/6.12.0
 * In `opam-bootstrap.sh`, enforce a specific revision of
   opam-repository for reproducibility
103 104 105
 * Switch to unified trustees: handle trustees with a single kind of
   file `trustees.json` instead of previously `public_keys.jsons` or
   `threshold.json`
Stephane Glondu's avatar
Stephane Glondu committed
106 107 108 109
 * Add monitoring scripts
 * Documentation:
   + Add _Who does what during a Belenios election?_ (in English and
     French)
110 111 112 113 114 115 116
 * Command-line tool:
   + Add `mktrustees` command to generate `trustees.json` from one
     of the two previous files
   + Add `checksums` command to compute all checksums relevant in
     auditing an election
   + In `credgen`, do no longer generate file with individual public
     credential hashes
Stephane Glondu's avatar
Stephane Glondu committed
117 118 119
   + Add `compute-voters` command to compute the voter list (to be
     executed by the credential authority)
   + Add `sha256-b64` command
120 121
 * Web client:
   + Use JavaScript's native BigInt when available
Stephane Glondu's avatar
Stephane Glondu committed
122
   + Import SJCL sources for DFSG compliance
123 124 125 126 127 128 129 130 131 132 133
 * Web server:
   + Fix a vulnerability in the authentication system
   + Add a temporary automatic migration procedure of an election pool
     to unified trustees
   + Add public names to the election administrator and the credential
     authority (they are stored in `election.json`)
   + Add public names to trustees (they are stored in `trustees.json`)
   + Record shuffling order in `result.json`
   + Remove the possibility to replace a credential in a validated
     election
   + Add (much) more auditing data to election home
Stephane Glondu's avatar
Stephane Glondu committed
134 135 136 137 138 139 140 141 142 143 144 145 146
   + Add the possibility to download private credentials in automatic
     mode
   + Voters must always log in to confirm their vote
   + Export `shuffles.jsons` during the shuffling phase, show applied
     shuffles even before the final result is released
   + For alternative questions, offer a direct link to results instead
     of giving a JS query
   + Allow administrators to log in with their email address
 * Tests:
   + Load testing support:
     - Add Selenium scripts to create and populate an election with
       many voters
   + Allow testing with a prepared database
147

Stephane Glondu's avatar
Stephane Glondu committed
148 149 150 151 152 153
1.10 (2019-12-09)
=================

 * Add support for non-homomorphic questions (experimental)
 * Check group membership of signature verification key more often
 * Command-line tool:
154
   + Assume there is no ballots when `ballots.jsons` is missing
Stephane Glondu's avatar
Stephane Glondu committed
155 156 157 158 159 160 161 162 163
 * Web server:
   + Move setting of maxrequestbodysizeinmemory to configuration
   + Rework presentation of links that must be sent to third-parties
   + Bugfixes in the data policy loop:
     - its first iteration was done with the wrong spool dir
     - it died when trying to send warning e-mails
   + Update JSBN
   + Importing non-threshold trustees replaces current trustees

Stephane Glondu's avatar
Stephane Glondu committed
164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182
1.9.1 (2019-10-24)
==================

 * Specification:
   + Link to Meadows instead of eprint (easier to read)
   + Be more verbose about checks to do during the election
 * Web server:
   + Avoid error 500 on "accepted ballots" page when no ballots have
     been cast
   + Trim usernames and passwords before checking them
   + Trim and check CAS server addresses
   + Case-insensitive comparison of usernames
   + Set a limit on election names to prevent abuse
   + Protect third-party pages (creds, trustee) from authenticated
     users
   + Avoid error 500 when attempting to authenticate several times in
     a row
 * Use opam 2.0.5 in bootstrap script

Stephane Glondu's avatar
Stephane Glondu committed
183 184 185 186 187 188 189 190 191 192 193 194
1.9 (2019-05-28)
================

 * Fix use of SOURCE_DATE_EPOCH
 * Web server:
   + Fix a bug that seldom caused the server to not perform its
     partial decryption
   + Check that cookies are not blocked on ballot submission
   + Add the possibility to temporarily hide the result from the
     public

1.8 (2019-02-04)
Stephane Glondu's avatar
Stephane Glondu committed
195 196 197
================

 * Add the possibility to override sendmail via an environment variable
Stephane Glondu's avatar
Stephane Glondu committed
198
 * Use SOURCE_DATE_EPOCH if available
Stephane Glondu's avatar
Stephane Glondu committed
199 200 201 202 203 204 205
 * Use opam 2.0.0 in bootstrap script
 * Web server:
   + Add some automated tests
   + Add the possibility to create administrator accounts
   + Add booth preview
   + Add automatic open / close dates
   + Unhide support for threshold decryption
Stephane Glondu's avatar
Stephane Glondu committed
206 207 208 209
   + Fixed a bug that caused some elections to not appear in the
     administrator's listing when the election pool is big
   + Force the server to be a trustee in basic mode
   + Record in trustee public keys whether the server has the private key
Stephane Glondu's avatar
Stephane Glondu committed
210

Stephane Glondu's avatar
Stephane Glondu committed
211 212 213 214 215 216 217 218 219 220 221
1.7.1 (2018-12-05)
==================

 * Do not output spurious empty lines in records file (bugfix: voting
   records and missing voters were not working)
 * More explicit checklist in election validation page
 * Avoid sending password/credential emails when name has not been
   edited
 * Avoid hidden parameters in some services that are meant to be usable
   from non-web clients

Stephane Glondu's avatar
Stephane Glondu committed
222
1.7 (2018-11-26)
Stephane Glondu's avatar
Stephane Glondu committed
223 224 225 226 227 228 229 230
================

 * Add automatic data archival/deletion policy
 * Do not allow election validation if some items have not been edited
 * Trustees can load their private key from a file
 * Do no longer rely on Ocsipersist
 * Port to OCaml 4.06.1 and Eliom 6.3.0
 * Re-seed LwtRandom prng every 30 minutes
Stephane Glondu's avatar
Stephane Glondu committed
231
 * Add a placeholder for warnings/announcements
Stephane Glondu's avatar
Stephane Glondu committed
232

Stephane Glondu's avatar
Stephane Glondu committed
233
1.6 (2018-06-13)
Stephane Glondu's avatar
Stephane Glondu committed
234 235 236 237 238 239 240
================

 * Add (optional) contact info in emails sent by the server
 * Use base 58 tokens as UUIDs for shorter URLs (optional)
 * Add (optional) return path to mails sent by server
 * Show personal data processing notice to election administrators
 * Fix password regeneration when explicit usernames are used
Stephane Glondu's avatar
Stephane Glondu committed
241 242
 * Make the booth independent of the server and usable offline
 * Internationalize error messages
Stephane Glondu's avatar
Stephane Glondu committed
243

Stephane Glondu's avatar
Stephane Glondu committed
244 245 246 247 248 249 250 251 252 253 254 255
1.5 (2017-12-13)
================

 * Add support for threshold decryption (experimental)
 * Fix bias in random sampling
 * Web server:
   + Add possibility to define the server e-mail address in config
   + Add possibility to explicitly add the server itself as a trustee
   + Add possibility to destroy elections in setup mode
   + Avoid new tabs and use download links
   + Add config option for "contact us" link on admin login page

Stephane Glondu's avatar
Stephane Glondu committed
256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271
1.4 (2017-04-05)
================

 * Add a debug mode, which has the possibility to use /dev/urandom as
   source of entropy
 * Check encrypted tally in "belenios-tool verify"
 * Add a sample script to send credentials
 * Web server:
   + Introduce a limit on the number of mails sent at once. This
     effectively limits the number of voters in the general case.
   + Give a link to the future election to the credential authority and
     trustees
   + For each mailto template, add a direct link. This makes life easier
     for situations where complex mailto links are not supported.

1.3 (2017-02-01)
272
================
Stephane Glondu's avatar
Stephane Glondu committed
273 274

 * Add support for blank votes
275
 * More diagnostics in verify-diff
Stephane Glondu's avatar
Stephane Glondu committed
276 277 278
 * Web server:
   + Do not log out of CAS
   + Automatically log out after a vote
279
   + Add Italian translation
Stephane Glondu's avatar
Stephane Glondu committed
280

Stephane Glondu's avatar
Stephane Glondu committed
281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296
1.2 (2016-10-05)
================

 * Change the default group parameters to avoid possible
   trapdoors. The new ones are generated using FIPS 186-4.
 * Web server:
   + The administrator can choose the language(s) of mails sent by the
     server
   + The administrator can import trustees from a previous election
   + Question editor: it is now possible to insert and remove
     questions and answers anywhere
   + Add Romanian translation
 * Command-line tool:
   + Add --url option to election subcommands (in particular verify)
   + Add a "verify-diff" command to belenios-tool

Stephane Glondu's avatar
Stephane Glondu committed
297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312
1.1 (2016-07-25)
================

 * Web server:
   + Internationalization of voter-facing interfaces
     - add French and German translations
   + Add a confirmation page for election finalization
   + Add cookie disclaimer
   + Add templates for mails to trustees
   + Add the Belenios logo and use www.belenios.org in links
   + Add OpenID Connect authentication for administrators
 * Command-line tool:
   + Issue a proper warning when a result is missing
   + Support result files where decryption factors are not in the same
     order as trustee public keys

Stephane Glondu's avatar
Stephane Glondu committed
313 314 315 316
1.0 (2016-04-22)
================

 * Many changes in the web server:
Stephane Glondu's avatar
Stephane Glondu committed
317
   + Add election_missing_voters: it is now possible to see the list of
Stephane Glondu's avatar
Stephane Glondu committed
318 319 320 321 322 323
     people who did not vote (new link in election administration
     page).
   + Hide the login box when it is not relevant: We do no longer show
     login links in the top right hand corner of the page. The voter
     is automatically invited to log in when he is about to cast a
     vote.
Stephane Glondu's avatar
Stephane Glondu committed
324
   + Do no longer show warning when window.crypto is unavailable (this
Stephane Glondu's avatar
Stephane Glondu committed
325 326 327 328 329 330 331
     warning appeared on IE8).
   + In admin page, show tallied elections in a new section.
   + In admin page, sort (finalized) elections by finalization time.
   + Add a form to regenerate and mail a password.
   + Generating trustee keys is more resilient to momentary lack of
     entropy.
   + Change default question to make the blank choice explicit.
Stephane Glondu's avatar
Stephane Glondu committed
332
   + Print number of accepted ballots on the result page.
Stephane Glondu's avatar
Stephane Glondu committed
333 334 335 336 337 338 339 340 341 342 343 344 345
   + Add the possibility to specify a login attached to an email
     address. E-mail address and logins must be specified in the
     following way: foo@example.com,login. When login is not
     specified, the address is used as login. This feature is useful
     mainly for CAS authentication.
   + Voters (and passwords) can be imported from another (finalized)
     election.
   + Send a confirmation email after a successful vote.
   + Add a new notion of "archived" elections.
   + Pretty page for records.
   + An e-mail address can be attached to trustees.
   + Do not propose dummy authentication for new elections.

Stephane Glondu's avatar
Stephane Glondu committed
346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366
0.2 (2014-04-09)
================

 * Major overhaul of the web server:
   + changes in configuration items
   + cleaner isolation between elections
   + add per-site and per-election administration pages
   + elections imported from the configuration file must be explicitly
     listed (no more directory scanning)
   + authentication is more modular
   + changes in CAS authentication method:
     - invoke credential requestor with `renew=true`
     - do not assume CAS paths start with `/cas/`
   + change in the password authentication method:
     - the password file must be uploaded via the web server (no more
       reading on-disk file) before the method is used for the first
       time
   + automatic logout after successful ballot casting
   + online creation of election
 * Remove hardcoded default group

Stephane Glondu's avatar
Stephane Glondu committed
367 368 369 370 371 372 373 374 375 376 377 378
0.1.1 (2014-02-13)
==================

 * New subcommands in belenios-tool: "mkelection" and "election vote"
 * Add a demo (bash) script to simulate a whole election
 * Prettier URLs for election pseudo-files
 * Fix compatibility with reverse-proxies

0.1 (2014-01-13)
================

 * First public release